Oh man, I am having a hard time to find which is the script.
Is there anyway to add manually that NAT line into IPTables?
This line should be there since you have selected masquerading for wan zone.
I'd suggest to comment out all the custom firewall scripts, verify it works, then start adding them one by one till you find the culprit.
Otherwise you can always run it manually from ssh every time it's not working.
Its seem that the branch I am using is using Fullcone-NAT, thats causing the issue.
Do you have any idea of fixing this?
{
r = fw3_ipt_rule_new(handle);
fw3_ipt_rule_src_dest(r, msrc, mdest);
- fw3_ipt_rule_target(r, "MASQUERADE");
- fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+ /*FIXME: Workaround for FULLCONE-NAT*/
+ if (defs->fullcone) ##############HERE############
+ {
+ warn("%s will enable FULLCONE-NAT", zone->name);
+ fw3_ipt_rule_target(r, "FULLCONENAT");
+ fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+ r = fw3_ipt_rule_new(handle);
+ fw3_ipt_rule_src_dest(r, msrc, mdest);
+ fw3_ipt_rule_target(r, "FULLCONENAT");
+ fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name);
+ }
+ else
+ {
+ fw3_ipt_rule_target(r, "MASQUERADE");
+ fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+ }
}
}
}
I found the above piece of patch code is related
I have not seen this before. Full Cone NAT is Static NAT or 1-1 NAT. This way you assign one internal IP to one external IP. I'll assume from your problem that you have more than one internal IPs and one external IP, so I hope you also see the problem here.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.