From 24f71bea62eab65de446745c8324403901e123c5 Mon Sep 17 00:00:00 2001 From: Mike Baker Date: Mon, 6 Mar 2006 08:53:48 +0000 Subject: [PATCH] clean up firewall examples SVN-Revision: 3319 --- .../package/base-files/default/etc/firewall.user | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/openwrt/package/base-files/default/etc/firewall.user b/openwrt/package/base-files/default/etc/firewall.user index 7a13141623..c19f596887 100755 --- a/openwrt/package/base-files/default/etc/firewall.user +++ b/openwrt/package/base-files/default/etc/firewall.user @@ -11,17 +11,21 @@ iptables -t nat -F prerouting_rule iptables -t nat -F postrouting_rule ### BIG FAT DISCLAIMER -### The "-i $WAN" literally means packets that came in over the $WAN interface; -### this WILL NOT MATCH packets sent from the LAN to the WAN address. +## The "-i $WAN" is used to match packets that come in via the $WAN interface. +## it WILL NOT MATCH packets sent from the $WAN ip address -- you won't be able +## to see the effects from within the LAN. -### Allow SSH on the WAN interface +### Open port to WAN +## -- This allows port 22 to be answered by (dropbear on) the router # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT # iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT ### Port forwarding -# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2 -# iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT +## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2 +# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80 +# iptables -A forwarding_rule -i $WAN -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT -### DMZ (should be placed after port forwarding / accept rules) +### DMZ +## -- Connections to ports not handled above will be forwarded to 192.168.1.2 # iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2 # iptables -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT -- 2.30.2