История изменений
Исправление Axon, (текущая версия) :
Консоль открой и сделай
Сделай что? Документация предлагает править конфиг fw3, в котором ровно теже поля, что и в LuCI. С iptables я недостаточно хорошо знаком для того, чтобы самостоятельно составить нужное правило.
или хотя бы сдампь правила, которые в итоге получились и выложи тут
iptables -t nat -vS:
-P PREROUTING ACCEPT -c 1426744 145803112
-P INPUT ACCEPT -c 8385 591305
-P OUTPUT ACCEPT -c 8010 547511
-P POSTROUTING ACCEPT -c 8713 563243
-N postrouting_WG_rule
-N postrouting_lan_rule
-N postrouting_rule
-N postrouting_wan_rule
-N prerouting_WG_rule
-N prerouting_lan_rule
-N prerouting_rule
-N prerouting_wan_rule
-N zone_WG_postrouting
-N zone_WG_prerouting
-N zone_lan_postrouting
-N zone_lan_prerouting
-N zone_wan_postrouting
-N zone_wan_prerouting
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -c 1435292 146345797 -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -c 637933 70677620 -j zone_lan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -c 795802 75555912 -j zone_wan_prerouting
-A PREROUTING -i wg0 -m comment --comment "!fw3" -c 1557 112265 -j zone_WG_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -c 786878 74146488 -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -c 8507 543038 -j zone_lan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -c 778164 73583185 -j zone_wan_postrouting
-A POSTROUTING -o wg0 -m comment --comment "!fw3" -c 194 18995 -j zone_WG_postrouting
-A zone_WG_postrouting -m comment --comment "!fw3: Custom WG postrouting rule chain" -c 194 18995 -j postrouting_WG_rule
-A zone_WG_postrouting -s 10.0.0.0/24 -d 10.0.0.128/32 -p tcp -m tcp --dport 3389 -m comment --comment "!fw3: RDP (reflection)" -c 1 60 -j SNAT --to-source 10.0.0.1
-A zone_WG_postrouting -s 10.0.0.0/24 -d 10.0.0.128/32 -p udp -m udp --dport 3389 -m comment --comment "!fw3: RDP (reflection)" -c 0 0 -j SNAT --to-source 10.0.0.1
-A zone_WG_prerouting -m comment --comment "!fw3: Custom WG prerouting rule chain" -c 1557 112265 -j prerouting_WG_rule
-A zone_WG_prerouting -d $WAN_IP/32 -p tcp -m tcp --dport 41 -m comment --comment "!fw3: SSH through WG" -c 1 60 -j DNAT --to-destination 192.168.1.10:22
-A zone_WG_prerouting -d $WAN_IP/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: HTTPS through WG" -c 0 0 -j DNAT --to-destination 192.168.1.10:443
-A zone_WG_prerouting -d $WAN_IP/32 -p tcp -m tcp --dport 53589 -m comment --comment "!fw3: Taskd through WG" -c 0 0 -j DNAT --to-destination 192.168.1.10:53589
-A zone_WG_prerouting -s 10.0.0.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 3389 -m comment --comment "!fw3: RDP (reflection)" -c 0 0 -j DNAT --to-destination 10.0.0.128:3389
-A zone_WG_prerouting -s 10.0.0.0/24 -d $WAN_IP/32 -p udp -m udp --dport 3389 -m comment --comment "!fw3: RDP (reflection)" -c 0 0 -j DNAT --to-destination 10.0.0.128:3389
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -c 8507 543038 -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: SSH (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: HTTP (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: HTTPS (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: Torrents (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 53589 -m comment --comment "!fw3: Taskd (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -c 637933 70677620 -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 41 -m comment --comment "!fw3: SSH (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:22
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: HTTP (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: HTTPS (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:443
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: Torrents (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:6881
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 53589 -m comment --comment "!fw3: Taskd (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:53589
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -c 778164 73583185 -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -c 778164 73583185 -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -c 795802 75555912 -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 41 -m comment --comment "!fw3: SSH" -c 3656 218816 -j DNAT --to-destination 192.168.1.10:22
-A zone_wan_prerouting -p tcp -m tcp --dport 80 -m comment --comment "!fw3: HTTP" -c 761 32244 -j DNAT --to-destination 192.168.1.10:80
-A zone_wan_prerouting -p tcp -m tcp --dport 443 -m comment --comment "!fw3: HTTPS" -c 76 3964 -j DNAT --to-destination 192.168.1.10:443
-A zone_wan_prerouting -p udp -m udp --dport 6881 -m comment --comment "!fw3: Torrents" -c 3996 285085 -j DNAT --to-destination 192.168.1.10:6881
-A zone_wan_prerouting -p tcp -m tcp --dport 53589 -m comment --comment "!fw3: Taskd" -c 7 420 -j DNAT --to-destination 192.168.1.10:53589
-A zone_wan_prerouting -p tcp -m tcp --dport 3389 -m comment --comment "!fw3: RDP" -c 51 2096 -j DNAT --to-destination 10.0.0.128:3389
-A zone_wan_prerouting -p udp -m udp --dport 3389 -m comment --comment "!fw3: RDP" -c 0 0 -j DNAT --to-destination 10.0.0.128:3389
Исходная версия Axon, :
Консоль открой и сделай
Сделай что? Документация предлагает править конфиг fw3, в котором ровно теже поля, что и в LuCi. С iptables я недостаточно хорошо знаком для того, чтобы самостоятельно составить нужное правило.
или хотя бы сдампь правила, которые в итоге получились и выложи тут
iptables -t nat -vS:
-P PREROUTING ACCEPT -c 1426744 145803112
-P INPUT ACCEPT -c 8385 591305
-P OUTPUT ACCEPT -c 8010 547511
-P POSTROUTING ACCEPT -c 8713 563243
-N postrouting_WG_rule
-N postrouting_lan_rule
-N postrouting_rule
-N postrouting_wan_rule
-N prerouting_WG_rule
-N prerouting_lan_rule
-N prerouting_rule
-N prerouting_wan_rule
-N zone_WG_postrouting
-N zone_WG_prerouting
-N zone_lan_postrouting
-N zone_lan_prerouting
-N zone_wan_postrouting
-N zone_wan_prerouting
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -c 1435292 146345797 -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -c 637933 70677620 -j zone_lan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -c 795802 75555912 -j zone_wan_prerouting
-A PREROUTING -i wg0 -m comment --comment "!fw3" -c 1557 112265 -j zone_WG_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -c 786878 74146488 -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -c 8507 543038 -j zone_lan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -c 778164 73583185 -j zone_wan_postrouting
-A POSTROUTING -o wg0 -m comment --comment "!fw3" -c 194 18995 -j zone_WG_postrouting
-A zone_WG_postrouting -m comment --comment "!fw3: Custom WG postrouting rule chain" -c 194 18995 -j postrouting_WG_rule
-A zone_WG_postrouting -s 10.0.0.0/24 -d 10.0.0.128/32 -p tcp -m tcp --dport 3389 -m comment --comment "!fw3: RDP (reflection)" -c 1 60 -j SNAT --to-source 10.0.0.1
-A zone_WG_postrouting -s 10.0.0.0/24 -d 10.0.0.128/32 -p udp -m udp --dport 3389 -m comment --comment "!fw3: RDP (reflection)" -c 0 0 -j SNAT --to-source 10.0.0.1
-A zone_WG_prerouting -m comment --comment "!fw3: Custom WG prerouting rule chain" -c 1557 112265 -j prerouting_WG_rule
-A zone_WG_prerouting -d $WAN_IP/32 -p tcp -m tcp --dport 41 -m comment --comment "!fw3: SSH through WG" -c 1 60 -j DNAT --to-destination 192.168.1.10:22
-A zone_WG_prerouting -d $WAN_IP/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: HTTPS through WG" -c 0 0 -j DNAT --to-destination 192.168.1.10:443
-A zone_WG_prerouting -d $WAN_IP/32 -p tcp -m tcp --dport 53589 -m comment --comment "!fw3: Taskd through WG" -c 0 0 -j DNAT --to-destination 192.168.1.10:53589
-A zone_WG_prerouting -s 10.0.0.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 3389 -m comment --comment "!fw3: RDP (reflection)" -c 0 0 -j DNAT --to-destination 10.0.0.128:3389
-A zone_WG_prerouting -s 10.0.0.0/24 -d $WAN_IP/32 -p udp -m udp --dport 3389 -m comment --comment "!fw3: RDP (reflection)" -c 0 0 -j DNAT --to-destination 10.0.0.128:3389
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -c 8507 543038 -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: SSH (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: HTTP (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: HTTPS (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: Torrents (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 53589 -m comment --comment "!fw3: Taskd (reflection)" -c 0 0 -j SNAT --to-source 192.168.1.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -c 637933 70677620 -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 41 -m comment --comment "!fw3: SSH (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:22
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: HTTP (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: HTTPS (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:443
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: Torrents (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:6881
-A zone_lan_prerouting -s 192.168.1.0/24 -d $WAN_IP/32 -p tcp -m tcp --dport 53589 -m comment --comment "!fw3: Taskd (reflection)" -c 0 0 -j DNAT --to-destination 192.168.1.10:53589
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -c 778164 73583185 -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -c 778164 73583185 -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -c 795802 75555912 -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 41 -m comment --comment "!fw3: SSH" -c 3656 218816 -j DNAT --to-destination 192.168.1.10:22
-A zone_wan_prerouting -p tcp -m tcp --dport 80 -m comment --comment "!fw3: HTTP" -c 761 32244 -j DNAT --to-destination 192.168.1.10:80
-A zone_wan_prerouting -p tcp -m tcp --dport 443 -m comment --comment "!fw3: HTTPS" -c 76 3964 -j DNAT --to-destination 192.168.1.10:443
-A zone_wan_prerouting -p udp -m udp --dport 6881 -m comment --comment "!fw3: Torrents" -c 3996 285085 -j DNAT --to-destination 192.168.1.10:6881
-A zone_wan_prerouting -p tcp -m tcp --dport 53589 -m comment --comment "!fw3: Taskd" -c 7 420 -j DNAT --to-destination 192.168.1.10:53589
-A zone_wan_prerouting -p tcp -m tcp --dport 3389 -m comment --comment "!fw3: RDP" -c 51 2096 -j DNAT --to-destination 10.0.0.128:3389
-A zone_wan_prerouting -p udp -m udp --dport 3389 -m comment --comment "!fw3: RDP" -c 0 0 -j DNAT --to-destination 10.0.0.128:3389