openwrt-masq6 icon indicating copy to clipboard operation
openwrt-masq6 copied to clipboard

Published 20 hours ago verified publisher icon akatrevorjay

Conflict with miniupnpd iptables rules

Open jamesmacwhite opened this issue 4 years ago • 0 comments

When using miniupnpd with NAT6 enabled, the NAT6 firewall script will error out with the following error when one or more upnp lease is defined.

ip6tables-restore v1.8.3 (legacy): host/network `192.168.x.x' not found
Error occurred at line: 49
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.

I'm assuming this is because of ip6tables-restore encountering a IPv4 rule from the iptables-save command in nat6_init(). Examining the IPv4 iptables rules, this is what miniupnpd inserts:

-A MINIUPNPD -p udp -m udp --dport 9308 -j DNAT --to-destination 192.168.x.xxx:9308
-A MINIUPNPD-POSTROUTING -s 192.168.x.xxxx/32 -p udp -m udp --sport 9308 -j MASQUERADE --to-ports 9308
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING 
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD

If you amend the nat6_init function to skip any line from iptables-save with MINIUPNPD, it will resolve the error, but I'm not sure that is the best way to handle this.

jamesmacwhite avatar Aug 11 '20 12:08 jamesmacwhite