Hello I have problems so that wireguard works correctly, the same configuration in another router without wds and stp works correctly. What would be wrong in the settings?
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdb3:0725:a355::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
option stp '1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.40.1'
config device
option name 'eth0.2'
option macaddr ''
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 2 3 5'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 4'
option vid '3'
config device
option name 'br-invitado'
option type 'bridge'
list ports 'eth0.3'
option stp '1'
config interface 'invitado'
option proto 'static'
option device 'br-invitado'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
config interface 'wg0'
option proto 'wireguard'
option private_key ''
option listen_port '51820'
list addresses '192.168.9.1/24'
config wireguard_wg0 'wgclient'
option public_key ''
option preshared_key ''
option route_allowed_ips '1'
list allowed_ips '192.168.9.2/32'
config wireguard_wg0
option description 'Desktop'
option public_key ''
option preshared_key ''
option route_allowed_ips '1'
list allowed_ips '192.168.9.3/32'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option masq_src '192.168.9.0/24'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config zone
option name 'invitado'
option input 'ACCEPT'
option output 'ACCEPT'
list network 'invitado'
option forward 'ACCEPT'
config forwarding
option src 'invitado'
option dest 'wan'
config rule 'wg'
option name 'Allow-WireGuard'
option src '*'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'zona_wg0'
option network 'wg0'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
#option masq '1'
#option mtu_fix '1'
config forwarding
option dest 'lan'
option src 'zona_wg0'
config forwarding
option dest 'wan'
option src 'zona_wg0'
root@Router0:~/data_test# tcpdump -i wg0 -v -n
tcpdump: listening on wg0, link-type RAW (Raw IP), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
root@Router0:~/data_test# ping -c4 192.168.9.1
PING 192.168.9.1 (192.168.9.1): 56 data bytes
64 bytes from 192.168.9.1: seq=0 ttl=64 time=0.283 ms
64 bytes from 192.168.9.1: seq=1 ttl=64 time=0.265 ms
64 bytes from 192.168.9.1: seq=2 ttl=64 time=0.261 ms
^C
--- 192.168.9.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.261/0.269/0.283 ms
root@Router0:~/data_test# tcpdump -i eth0.2 -v -n udp port 51820
tcpdump: listening on eth0.2, link-type EN10MB (Ethernet), capture size 262144 bytes
02:02:37.945015 IP (tos 0x0, ttl 60, id 41292, offset 0, flags [none], proto UDP (17), length 176)
------.51820 > ------.51820: UDP, length 148
02:02:43.189086 IP (tos 0x0, ttl 60, id 41374, offset 0, flags [none], proto UDP (17), length 176)
------.51820 > ------.51820: UDP, length 148
02:02:48.565081 IP (tos 0x0, ttl 60, id 42274, offset 0, flags [none], proto UDP (17), length 176)
------.51820 > ------.51820: UDP, length 148
^C
3 packets captured
4 packets received by filter
0 packets dropped by kernel
ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-invitado: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.3.1/24 brd 192.168.3.255 scope global br-invitado
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.40.1/24 brd 192.168.40.255 scope global br-lan
valid_lft forever preferred_lft forever
9: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet ------/24 brd -----.255 scope global eth0.2
valid_lft forever preferred_lft forever
10: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN qlen 1000
inet 192.168.9.1/24 brd 192.168.9.255 scope global wg0
valid_lft forever preferred_lft forever
ip -4 ro
default via 2.2.2.1 dev eth0.2 src 2.2.2.2
2.2.2.0/24 dev eth0.2 scope link src 2.2.2.2
192.168.3.0/24 dev br-invitado scope link src 192.168.3.1
192.168.9.0/24 dev wg0 scope link src 192.168.9.1
192.168.9.2 dev wg0 scope link
192.168.9.3 dev wg0 scope link
192.168.40.0/24 dev br-lan scope link src 192.168.40.1
ip -4 ru
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
iptables -L -vn
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
18 1499 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
1579 116K input_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom input rule chain */
1496 110K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
40 1660 syn_flood tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 /* !fw3 */
20 3520 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51820 /* !fw3: Allow-WireGuard */
0 0 zone_lan_input all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
63 2723 zone_wan_input all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_invitado_input all -- br-invitado * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_zona_wg0_input all -- wg0 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 forwarding_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom forwarding rule chain */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
0 0 zone_lan_forward all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_wan_forward all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_invitado_forward all -- br-invitado * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_zona_wg0_forward all -- wg0 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
18 1499 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
991 148K output_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom output rule chain */
963 146K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
0 0 zone_lan_output all -- * br-lan 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
28 2058 zone_wan_output all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_invitado_output all -- * br-invitado 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_zona_wg0_output all -- * wg0 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain forwarding_invitado_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_zona_wg0_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_invitado_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_zona_wg0_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_invitado_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_zona_wg0_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (5 references)
pkts bytes target prot opt in out source destination
53 2184 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */ reject-with tcp-reset
5 347 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */ reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
40 1660 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50 /* !fw3 */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_invitado_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * br-invitado 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_invitado_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_invitado_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom invitado forwarding rule chain */
0 0 zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Zone invitado to wan forwarding policy */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_invitado_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_invitado_input (1 references)
pkts bytes target prot opt in out source destination
0 0 input_invitado_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom invitado input rule chain */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
0 0 zone_invitado_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_invitado_output (1 references)
pkts bytes target prot opt in out source destination
0 0 output_invitado_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom invitado output rule chain */
0 0 zone_invitado_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_invitado_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- br-invitado * 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED /* !fw3 */
Chain zone_lan_dest_ACCEPT (5 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * br-lan 0.0.0.0/0 0.0.0.0/0 ctstate INVALID /* !fw3: Prevent NAT leakage */
0 0 ACCEPT all -- * br-lan 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan forwarding rule chain */
0 0 zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Zone lan to wan forwarding policy */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_lan_input (1 references)
pkts bytes target prot opt in out source destination
0 0 input_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan input rule chain */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
0 0 zone_lan_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_lan_output (1 references)
pkts bytes target prot opt in out source destination
0 0 output_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan output rule chain */
0 0 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_lan_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- br-lan * 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED /* !fw3 */
Chain zone_wan_dest_ACCEPT (4 references)
pkts bytes target prot opt in out source destination
1 40 DROP all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 ctstate INVALID /* !fw3: Prevent NAT leakage */
27 2018 ACCEPT all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_wan_dest_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan forwarding rule chain */
0 0 zone_lan_dest_ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Allow-IPSec-ESP */
0 0 zone_lan_dest_ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 /* !fw3: Allow-ISAKMP */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_wan_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_wan_input (1 references)
pkts bytes target prot opt in out source destination
63 2723 input_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan input rule chain */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 /* !fw3: Allow-DHCP-Renew */
2 72 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* !fw3: Allow-Ping */
0 0 ACCEPT 2 -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Allow-IGMP */
3 120 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
58 2531 zone_wan_src_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_wan_output (1 references)
pkts bytes target prot opt in out source destination
28 2058 output_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan output rule chain */
28 2058 zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_wan_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
58 2531 reject all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_zona_wg0_dest_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * wg0 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_zona_wg0_dest_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * wg0 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_zona_wg0_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_zona_wg0_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom zona_wg0 forwarding rule chain */
0 0 zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Zone zona_wg0 to lan forwarding policy */
0 0 zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Zone zona_wg0 to wan forwarding policy */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_zona_wg0_dest_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_zona_wg0_input (1 references)
pkts bytes target prot opt in out source destination
0 0 input_zona_wg0_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom zona_wg0 input rule chain */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT /* !fw3: Accept port redirections */
0 0 zone_zona_wg0_src_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_zona_wg0_output (1 references)
pkts bytes target prot opt in out source destination
0 0 output_zona_wg0_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom zona_wg0 output rule chain */
0 0 zone_zona_wg0_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_zona_wg0_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- wg0 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 46 packets, 2147 bytes)
pkts bytes target prot opt in out source destination
49 2267 prerouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom prerouting rule chain */
0 0 zone_lan_prerouting all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
49 2267 zone_wan_prerouting all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_invitado_prerouting all -- br-invitado * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_zona_wg0_prerouting all -- wg0 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain INPUT (policy ACCEPT 6 packets, 368 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 33 packets, 2447 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 4 packets, 277 bytes)
pkts bytes target prot opt in out source destination
71 3967 postrouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom postrouting rule chain */
0 0 zone_lan_postrouting all -- * br-lan 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
67 3690 zone_wan_postrouting all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_invitado_postrouting all -- * br-invitado 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_zona_wg0_postrouting all -- * wg0 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain postrouting_invitado_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_zona_wg0_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_invitado_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_zona_wg0_rule (1 references)
pkts bytes target prot opt in out source destination
Chain zone_invitado_postrouting (1 references)
pkts bytes target prot opt in out source destination
0 0 postrouting_invitado_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom invitado postrouting rule chain */
Chain zone_invitado_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 prerouting_invitado_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom invitado prerouting rule chain */
Chain zone_lan_postrouting (1 references)
pkts bytes target prot opt in out source destination
0 0 postrouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan postrouting rule chain */
0 0 MASQUERADE all -- * * 192.168.9.0/24 0.0.0.0/0 /* !fw3 */
Chain zone_lan_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 prerouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom lan prerouting rule chain */
Chain zone_wan_postrouting (1 references)
pkts bytes target prot opt in out source destination
67 3690 postrouting_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan postrouting rule chain */
67 3690 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
Chain zone_wan_prerouting (1 references)
pkts bytes target prot opt in out source destination
49 2267 prerouting_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom wan prerouting rule chain */
Chain zone_zona_wg0_postrouting (1 references)
pkts bytes target prot opt in out source destination
0 0 postrouting_zona_wg0_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom zona_wg0 postrouting rule chain */
Chain zone_zona_wg0_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 prerouting_zona_wg0_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom zona_wg0 prerouting rule chain */
iptables -t mangle -L -vn
Chain PREROUTING (policy ACCEPT 1726 packets, 128K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1726 packets, 128K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * eth0.2 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU
0 0 TCPMSS tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 /* !fw3: Zone wan MTU fixing */ TCPMSS clamp to PMTU
Chain OUTPUT (policy ACCEPT 1106 packets, 160K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1105 packets, 160K bytes)
pkts bytes target prot opt in out source destination