API tools faq
paste
Advertisement
montyny

Openwrt 21.02.0-rc2 diags

montyny
Aug 14th, 2021 (edited)
37
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.16 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "kernel": "5.4.119",
  3. "hostname": "OpenWrt",
  4. "system": "MediaTek MT7621 ver:1 eco:3",
  5. "model": "Netgear R6220",
  6. "board_name": "netgear,r6220",
  7. "release": {
  8. "distribution": "OpenWrt",
  9. "version": "21.02.0-rc2",
  10. "revision": "r16122-c2139eef27",
  11. "target": "ramips/mt7621",
  12. "description": "OpenWrt 21.02.0-rc2 r16122-c2139eef27"
  13. }
  14. }
  15. network.loopback=interface
  16. network.loopback.device='lo'
  17. network.loopback.proto='static'
  18. network.loopback.ipaddr='127.0.0.1'
  19. network.loopback.netmask='255.0.0.0'
  20. network.globals=globals
  21. network.globals.packet_steering='1'
  22. network.globals.ula_prefix='fdad:74db:da17::/48'
  23. network.@device[0]=device
  24. network.@device[0].name='br-lan'
  25. network.@device[0].type='bridge'
  26. network.@device[0].ports='lan1' 'lan2' 'lan3' 'lan4'
  27. network.lan=interface
  28. network.lan.device='br-lan'
  29. network.lan.proto='static'
  30. network.lan.netmask='255.255.255.0'
  31. network.lan.ip6assign='60'
  32. network.lan.ipaddr='10.192.168.1'
  33. network.wan=interface
  34. network.wan.device='wan'
  35. network.wan.proto='dhcp'
  36. network.wan.peerdns='0'
  37. network.wan6=interface
  38. network.wan6.device='wan'
  39. network.wan6.proto='dhcpv6'
  40. network.@route[0]=route
  41. network.@route[0].interface='lan'
  42. network.@route[0].target='10.192.169.0'
  43. network.@route[0].netmask='255.255.255.0'
  44. network.@route[0].gateway='10.192.168.197'
  45. network.wg0=interface
  46. network.wg0.proto='wireguard'
  47. network.wg0.private_key=''
  48. network.wg0.listen_port='56913'
  49. network.wg0.addresses='192.168.5.8'
  50. network.@wireguard_wg0[0]=wireguard_wg0
  51. network.@wireguard_wg0[0].description='Water'
  52. network.@wireguard_wg0[0].public_key='mmNRuGe4vfIOre/8u/2xuaUAAJAXIwsJXdzoBpPG5U8='
  53. network.@wireguard_wg0[0].endpoint_host='water.com'
  54. network.@wireguard_wg0[0].endpoint_port='56914'
  55. network.@wireguard_wg0[0].persistent_keepalive='25'
  56. network.@wireguard_wg0[0].allowed_ips='0.0.0.0/0' '::/0'
  57. network.@wireguard_wg0[0].route_allowed_ips='1'
  58. dhcp.@dnsmasq[0]=dnsmasq
  59. dhcp.@dnsmasq[0].domainneeded='1'
  60. dhcp.@dnsmasq[0].localise_queries='1'
  61. dhcp.@dnsmasq[0].rebind_protection='1'
  62. dhcp.@dnsmasq[0].rebind_localhost='1'
  63. dhcp.@dnsmasq[0].expandhosts='1'
  64. dhcp.@dnsmasq[0].authoritative='1'
  65. dhcp.@dnsmasq[0].readethers='1'
  66. dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
  67. dhcp.@dnsmasq[0].domain='feeney'
  68. dhcp.@dnsmasq[0].ednspacket_max='1232'
  69. dhcp.@dnsmasq[0].local='/feeney/'
  70. dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
  71. dhcp.@dnsmasq[0].nohosts='1'
  72. dhcp.@dnsmasq[0].logqueries='1'
  73. dhcp.@dnsmasq[0].localservice='1'
  74. dhcp.lan=dhcp
  75. dhcp.lan.interface='lan'
  76. dhcp.lan.start='200'
  77. dhcp.lan.limit='54'
  78. dhcp.lan.leasetime='5h'
  79. dhcp.wan=dhcp
  80. dhcp.wan.interface='wan'
  81. dhcp.wan.ignore='1'
  82. dhcp.odhcpd=odhcpd
  83. dhcp.odhcpd.maindhcp='0'
  84. dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
  85. dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
  86. dhcp.odhcpd.loglevel='4'
  87. dhcp.@host[0]=host
  88. dhcp.@host[0].mac='A0:CC:2B:6B:67:48'
  89. dhcp.@host[0].name='aquanta'
  90. dhcp.@host[0].dns='1'
  91. dhcp.@host[0].ip='10.192.168.10'
  92. firewall.@defaults[0]=defaults
  93. firewall.@defaults[0].input='ACCEPT'
  94. firewall.@defaults[0].output='ACCEPT'
  95. firewall.@defaults[0].forward='REJECT'
  96. firewall.@defaults[0].synflood_protect='1'
  97. firewall.@zone[0]=zone
  98. firewall.@zone[0].name='lan'
  99. firewall.@zone[0].network='lan'
  100. firewall.@zone[0].input='ACCEPT'
  101. firewall.@zone[0].output='ACCEPT'
  102. firewall.@zone[0].forward='ACCEPT'
  103. firewall.@zone[1]=zone
  104. firewall.@zone[1].name='wan'
  105. firewall.@zone[1].network='wan' 'wan6'
  106. firewall.@zone[1].input='REJECT'
  107. firewall.@zone[1].output='ACCEPT'
  108. firewall.@zone[1].forward='REJECT'
  109. firewall.@zone[1].masq='1'
  110. firewall.@zone[1].mtu_fix='1'
  111. firewall.@forwarding[0]=forwarding
  112. firewall.@forwarding[0].src='lan'
  113. firewall.@forwarding[0].dest='wan'
  114. firewall.@rule[0]=rule
  115. firewall.@rule[0].name='Allow-DHCP-Renew'
  116. firewall.@rule[0].src='wan'
  117. firewall.@rule[0].proto='udp'
  118. firewall.@rule[0].dest_port='68'
  119. firewall.@rule[0].target='ACCEPT'
  120. firewall.@rule[0].family='ipv4'
  121. firewall.@rule[1]=rule
  122. firewall.@rule[1].name='Allow-Ping'
  123. firewall.@rule[1].src='wan'
  124. firewall.@rule[1].proto='icmp'
  125. firewall.@rule[1].icmp_type='echo-request'
  126. firewall.@rule[1].family='ipv4'
  127. firewall.@rule[1].target='ACCEPT'
  128. firewall.@rule[2]=rule
  129. firewall.@rule[2].name='Allow-IGMP'
  130. firewall.@rule[2].src='wan'
  131. firewall.@rule[2].proto='igmp'
  132. firewall.@rule[2].family='ipv4'
  133. firewall.@rule[2].target='ACCEPT'
  134. firewall.@rule[3]=rule
  135. firewall.@rule[3].name='Allow-DHCPv6'
  136. firewall.@rule[3].src='wan'
  137. firewall.@rule[3].proto='udp'
  138. firewall.@rule[3].src_ip='fc00::/6'
  139. firewall.@rule[3].dest_ip='fc00::/6'
  140. firewall.@rule[3].dest_port='546'
  141. firewall.@rule[3].family='ipv6'
  142. firewall.@rule[3].target='ACCEPT'
  143. firewall.@rule[4]=rule
  144. firewall.@rule[4].name='Allow-MLD'
  145. firewall.@rule[4].src='wan'
  146. firewall.@rule[4].proto='icmp'
  147. firewall.@rule[4].src_ip='fe80::/10'
  148. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  149. firewall.@rule[4].family='ipv6'
  150. firewall.@rule[4].target='ACCEPT'
  151. firewall.@rule[5]=rule
  152. firewall.@rule[5].name='Allow-ICMPv6-Input'
  153. firewall.@rule[5].src='wan'
  154. firewall.@rule[5].proto='icmp'
  155. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  156. firewall.@rule[5].limit='1000/sec'
  157. firewall.@rule[5].family='ipv6'
  158. firewall.@rule[5].target='ACCEPT'
  159. firewall.@rule[6]=rule
  160. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  161. firewall.@rule[6].src='wan'
  162. firewall.@rule[6].dest='*'
  163. firewall.@rule[6].proto='icmp'
  164. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  165. firewall.@rule[6].limit='1000/sec'
  166. firewall.@rule[6].family='ipv6'
  167. firewall.@rule[6].target='ACCEPT'
  168. firewall.@rule[7]=rule
  169. firewall.@rule[7].name='Allow-IPSec-ESP'
  170. firewall.@rule[7].src='wan'
  171. firewall.@rule[7].dest='lan'
  172. firewall.@rule[7].proto='esp'
  173. firewall.@rule[7].target='ACCEPT'
  174. firewall.@rule[8]=rule
  175. firewall.@rule[8].name='Allow-ISAKMP'
  176. firewall.@rule[8].src='wan'
  177. firewall.@rule[8].dest='lan'
  178. firewall.@rule[8].dest_port='500'
  179. firewall.@rule[8].proto='udp'
  180. firewall.@rule[8].target='ACCEPT'
  181. firewall.@rule[9]=rule
  182. firewall.@rule[9].name='Support-UDP-Traceroute'
  183. firewall.@rule[9].src='wan'
  184. firewall.@rule[9].dest_port='33434:33689'
  185. firewall.@rule[9].proto='udp'
  186. firewall.@rule[9].family='ipv4'
  187. firewall.@rule[9].target='REJECT'
  188. firewall.@rule[9].enabled='false'
  189. firewall.@include[0]=include
  190. firewall.@include[0].path='/etc/firewall.user'
  191. firewall.@redirect[0]=redirect
  192. firewall.@redirect[0].target='DNAT'
  193. firewall.@redirect[0].src='wan'
  194. firewall.@redirect[0].dest='lan'
  195. firewall.@redirect[0].proto='tcp'
  196. firewall.@redirect[0].src_dport='80'
  197. firewall.@redirect[0].dest_ip='10.192.168.197'
  198. firewall.@redirect[0].dest_port='80'
  199. firewall.@redirect[0].name='http'
  200. firewall.@redirect[1]=redirect
  201. firewall.@redirect[1].target='DNAT'
  202. firewall.@redirect[1].src='wan'
  203. firewall.@redirect[1].dest='lan'
  204. firewall.@redirect[1].proto='tcp'
  205. firewall.@redirect[1].src_dport='443'
  206. firewall.@redirect[1].dest_ip='10.192.168.197'
  207. firewall.@redirect[1].dest_port='443'
  208. firewall.@redirect[1].name='https'
  209. firewall.@redirect[2]=redirect
  210. firewall.@redirect[2].target='DNAT'
  211. firewall.@redirect[2].src='wan'
  212. firewall.@redirect[2].dest='lan'
  213. firewall.@redirect[2].proto='tcp'
  214. firewall.@redirect[2].src_dport='22'
  215. firewall.@redirect[2].dest_ip='10.192.168.197'
  216. firewall.@redirect[2].dest_port='22'
  217. firewall.@redirect[2].name='ssh'
  218. firewall.@redirect[3]=redirect
  219. firewall.@redirect[3].target='DNAT'
  220. firewall.@redirect[3].src='wan'
  221. firewall.@redirect[3].dest='lan'
  222. firewall.@redirect[3].proto='udp'
  223. firewall.@redirect[3].src_dport='1194'
  224. firewall.@redirect[3].dest_ip='10.192.168.197'
  225. firewall.@redirect[3].dest_port='1194'
  226. firewall.@redirect[3].name='ovpbn-udp'
  227. firewall.@redirect[4]=redirect
  228. firewall.@redirect[4].target='DNAT'
  229. firewall.@redirect[4].src='wan'
  230. firewall.@redirect[4].dest='lan'
  231. firewall.@redirect[4].proto='tcp'
  232. firewall.@redirect[4].src_dport='993'
  233. firewall.@redirect[4].dest_ip='10.192.168.197'
  234. firewall.@redirect[4].dest_port='993'
  235. firewall.@redirect[4].name='ovpn-tcp'
  236. firewall.@redirect[5]=redirect
  237. firewall.@redirect[5].target='DNAT'
  238. firewall.@redirect[5].src='wan'
  239. firewall.@redirect[5].dest='lan'
  240. firewall.@redirect[5].proto='tcp udp'
  241. firewall.@redirect[5].src_dport='4080'
  242. firewall.@redirect[5].dest_ip='10.192.168.20'
  243. firewall.@redirect[5].dest_port='4080'
  244. firewall.@redirect[5].name='tivo-1'
  245. firewall.@redirect[6]=redirect
  246. firewall.@redirect[6].target='DNAT'
  247. firewall.@redirect[6].src='wan'
  248. firewall.@redirect[6].dest='lan'
  249. firewall.@redirect[6].proto='tcp'
  250. firewall.@redirect[6].src_dport='4413'
  251. firewall.@redirect[6].dest_ip='10.192.168.20'
  252. firewall.@redirect[6].dest_port='413'
  253. firewall.@redirect[6].name='tivo-2'
  254. firewall.@redirect[7]=redirect
  255. firewall.@redirect[7].target='DNAT'
  256. firewall.@redirect[7].src='wan'
  257. firewall.@redirect[7].dest='lan'
  258. firewall.@redirect[7].proto='tcp'
  259. firewall.@redirect[7].src_dport='4443'
  260. firewall.@redirect[7].dest_ip='10.192.168.20'
  261. firewall.@redirect[7].dest_port='443'
  262. firewall.@redirect[7].name='tivo-3'
  263. firewall.@redirect[8]=redirect
  264. firewall.@redirect[8].target='DNAT'
  265. firewall.@redirect[8].src='wan'
  266. firewall.@redirect[8].dest='lan'
  267. firewall.@redirect[8].proto='tcp udp'
  268. firewall.@redirect[8].src_dport='53'
  269. firewall.@redirect[8].dest_ip='10.192.168.197'
  270. firewall.@redirect[8].dest_port='53'
  271. firewall.@redirect[8].name='ovpn-tcp1'
  272. firewall.@redirect[9]=redirect
  273. firewall.@redirect[9].target='DNAT'
  274. firewall.@redirect[9].src='wan'
  275. firewall.@redirect[9].dest='lan'
  276. firewall.@redirect[9].proto='tcp'
  277. firewall.@redirect[9].src_dport='110'
  278. firewall.@redirect[9].dest_ip='10.192.168.197'
  279. firewall.@redirect[9].dest_port='53'
  280. firewall.@redirect[9].name='ovpn-tcp2'
  281. firewall.@redirect[10]=redirect
  282. firewall.@redirect[10].target='DNAT'
  283. firewall.@redirect[10].src='wan'
  284. firewall.@redirect[10].dest='lan'
  285. firewall.@redirect[10].proto='tcp'
  286. firewall.@redirect[10].src_dport='5004'
  287. firewall.@redirect[10].dest_ip='10.192.168.198'
  288. firewall.@redirect[10].name='trac1'
  289. firewall.@redirect[10].dest_port='5023'
  290. firewall.@redirect[11]=redirect
  291. firewall.@redirect[11].target='DNAT'
  292. firewall.@redirect[11].src='wan'
  293. firewall.@redirect[11].dest='lan'
  294. firewall.@redirect[11].proto='tcp udp'
  295. firewall.@redirect[11].src_dport='5023'
  296. firewall.@redirect[11].dest_ip='10.192.168.198'
  297. firewall.@redirect[11].dest_port='5023'
  298. firewall.@redirect[11].name='trac2'
  299. firewall.@redirect[12]=redirect
  300. firewall.@redirect[12].target='DNAT'
  301. firewall.@redirect[12].src='wan'
  302. firewall.@redirect[12].dest='lan'
  303. firewall.@redirect[12].proto='tcp udp'
  304. firewall.@redirect[12].src_dport='5031'
  305. firewall.@redirect[12].dest_ip='10.192.168.198'
  306. firewall.@redirect[12].dest_port='5031'
  307. firewall.@redirect[12].name='trac3'
  308. firewall.@redirect[13]=redirect
  309. firewall.@redirect[13].target='DNAT'
  310. firewall.@redirect[13].src='wan'
  311. firewall.@redirect[13].dest='lan'
  312. firewall.@redirect[13].proto='tcp udp'
  313. firewall.@redirect[13].src_dport='5036'
  314. firewall.@redirect[13].dest_ip='10.192.168.198'
  315. firewall.@redirect[13].dest_port='5036'
  316. firewall.@redirect[13].name='trac4'
  317. firewall.@redirect[14]=redirect
  318. firewall.@redirect[14].target='DNAT'
  319. firewall.@redirect[14].src='wan'
  320. firewall.@redirect[14].dest='lan'
  321. firewall.@redirect[14].proto='tcp udp'
  322. firewall.@redirect[14].src_dport='5055'
  323. firewall.@redirect[14].dest_ip='10.192.168.198'
  324. firewall.@redirect[14].dest_port='5055'
  325. firewall.@redirect[14].name='trac5'
  326. firewall.@redirect[15]=redirect
  327. firewall.@redirect[15].target='DNAT'
  328. firewall.@redirect[15].src='wan'
  329. firewall.@redirect[15].dest='lan'
  330. firewall.@redirect[15].proto='tcp'
  331. firewall.@redirect[15].src_dport='25'
  332. firewall.@redirect[15].dest_ip='10.192.168.197'
  333. firewall.@redirect[15].dest_port='25'
  334. firewall.@redirect[15].name='smtp'
  335. firewall.@redirect[16]=redirect
  336. firewall.@redirect[16].dest_port='4949'
  337. firewall.@redirect[16].src='wan'
  338. firewall.@redirect[16].name='munin'
  339. firewall.@redirect[16].src_dport='4949'
  340. firewall.@redirect[16].target='DNAT'
  341. firewall.@redirect[16].dest_ip='10.192.168.230'
  342. firewall.@redirect[16].dest='lan'
  343. firewall.@redirect[16].proto='tcp udp'
  344. firewall.@redirect[17]=redirect
  345. firewall.@redirect[17].src='wan'
  346. firewall.@redirect[17].name='wireguard'
  347. firewall.@redirect[17].target='DNAT'
  348. firewall.@redirect[17].dest='lan'
  349. firewall.@redirect[17].dest_ip='10.192.168.197'
  350. firewall.@redirect[17].proto='tcp udp'
  351. firewall.@redirect[17].dest_port='56914'
  352. firewall.@redirect[17].src_dport='56914'
  353. firewall.@rule[10]=rule
  354. firewall.@rule[10].dest_port='55955'
  355. firewall.@rule[10].src='wan'
  356. firewall.@rule[10].name='wireguard 55955'
  357. firewall.@rule[10].target='ACCEPT'
  358. firewall.@rule[10].proto='udp'
  359. firewall.@rule[11]=rule
  360. firewall.@rule[11].dest_port='56914'
  361. firewall.@rule[11].src='wan'
  362. firewall.@rule[11].target='ACCEPT'
  363. firewall.@rule[11].proto='udp'
  364. firewall.@rule[11].name='wireguard water 56914'
  365. firewall.wg=rule
  366. firewall.wg.name='Allow-WireGuard'
  367. firewall.wg.src='wan'
  368. firewall.wg.dest_port='56913'
  369. firewall.wg.proto='udp'
  370. firewall.wg.target='ACCEPT'
  371. firewall.@forwarding[1]=forwarding
  372. firewall.@forwarding[1].dest='wan'
  373. firewall.@forwarding[1].src='lan'
  374. firewall.@redirect[18]=redirect
  375. firewall.@redirect[18].dest_port='8883'
  376. firewall.@redirect[18].src='wan'
  377. firewall.@redirect[18].name='mosquitto'
  378. firewall.@redirect[18].src_dport='8883'
  379. firewall.@redirect[18].target='DNAT'
  380. firewall.@redirect[18].dest_ip='10.192.168.198'
  381. firewall.@redirect[18].dest='lan'
  382. firewall.@zone[2]=zone
  383. firewall.@zone[2].name='wgclient'
  384. firewall.@zone[2].input='REJECT'
  385. firewall.@zone[2].output='REJECT'
  386. firewall.@zone[2].forward='ACCEPT'
  387. firewall.@zone[2].masq='1'
  388. firewall.@zone[2].network='wg0'
  389. firewall.@forwarding[2]=forwarding
  390. firewall.@forwarding[2].src='lan'
  391. firewall.@forwarding[2].dest='wgclient'
  392. firewall.@redirect[19]=redirect
  393. firewall.@redirect[19].target='DNAT'
  394. firewall.@redirect[19].name='amcrest'
  395. firewall.@redirect[19].src='wan'
  396. firewall.@redirect[19].src_dport='37890'
  397. firewall.@redirect[19].dest='lan'
  398. firewall.@redirect[19].dest_ip='10.192.168.21'
  399. firewall.@redirect[19].dest_port='37777'
  400. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  401. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  402. inet 127.0.0.1/8 scope host lo
  403. valid_lft forever preferred_lft forever
  404. inet6 ::1/128 scope host
  405. valid_lft forever preferred_lft forever
  406. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc fq_codel state UP group default qlen 1000
  407. link/ether 14:59:c0:c8:c2:50 brd ff:ff:ff:ff:ff:ff
  408. inet6 fe80::1659:c0ff:fec8:c250/64 scope link
  409. valid_lft forever preferred_lft forever
  410. 3: lan4@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
  411. link/ether 14:59:c0:c8:c2:50 brd ff:ff:ff:ff:ff:ff
  412. 4: lan3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  413. link/ether 14:59:c0:c8:c2:50 brd ff:ff:ff:ff:ff:ff
  414. 5: lan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  415. link/ether 14:59:c0:c8:c2:50 brd ff:ff:ff:ff:ff:ff
  416. 6: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  417. link/ether 14:59:c0:c8:c2:50 brd ff:ff:ff:ff:ff:ff
  418. 7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  419. link/ether 14:59:c0:c8:c2:51 brd ff:ff:ff:ff:ff:ff
  420. inet 71.190.236.237/24 brd 71.190.237.255 scope global wan
  421. valid_lft forever preferred_lft forever
  422. inet6 fe80::1659:c0ff:fec8:c251/64 scope link
  423. valid_lft forever preferred_lft forever
  424. 9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
  425. link/ether 14:59:c0:c8:c2:50 brd ff:ff:ff:ff:ff:ff
  426. inet 192.168.168.1/24 brd 192.168.168.255 scope global br-lan
  427. valid_lft forever preferred_lft forever
  428. inet6 fdad:74db:da17::1/60 scope global noprefixroute
  429. valid_lft forever preferred_lft forever
  430. inet6 fe80::1659:c0ff:fec8:c250/64 scope link
  431. valid_lft forever preferred_lft forever
  432. 10: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
  433. link/none
  434. inet 192.168.5.8/32 brd 255.255.255.255 scope global wg0
  435. valid_lft forever preferred_lft forever
  436. 11: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
  437. link/ether 14:59:c0:c8:c2:54 brd ff:ff:ff:ff:ff:ff
  438. inet6 fe80::1659:c0ff:fec8:c254/64 scope link
  439. valid_lft forever preferred_lft forever
  440. default dev wg0 proto static scope link
  441. 10.192.168.0/24 dev br-lan proto kernel scope link src 192.168.168.1
  442. 10.192.169.0/24 via 192.168.168.197 dev br-lan proto static
  443. 71.190.237.0/24 dev wan proto kernel scope link src 71.190.236.237
  444. 82.13.137.3 via 71.190.237.1 dev wan proto static
  445. broadcast 192.168.168.0 dev br-lan table local proto kernel scope link src 192.168.168.1
  446. local 192.168.168.1 dev br-lan table local proto kernel scope host src 192.168.168.1
  447. broadcast 192.168.168.255 dev br-lan table local proto kernel scope link src 192.168.168.1
  448. broadcast 71.190.237.0 dev wan table local proto kernel scope link src 71.190.236.237
  449. local 71.190.236.237 dev wan table local proto kernel scope host src 71.190.236.237
  450. broadcast 71.190.237.255 dev wan table local proto kernel scope link src 71.190.236.237
  451. broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
  452. local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
  453. local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
  454. broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
  455. local 192.168.5.8 dev wg0 table local proto kernel scope host src 192.168.5.8
  456. fdad:74db:da17::/64 dev br-lan proto static metric 1024 pref medium
  457. unreachable fdad:74db:da17::/48 dev lo proto static metric 2147483647 pref medium
  458. fe80::/64 dev eth0 proto kernel metric 256 pref medium
  459. fe80::/64 dev br-lan proto kernel metric 256 pref medium
  460. fe80::/64 dev wan proto kernel metric 256 pref medium
  461. fe80::/64 dev wlan0 proto kernel metric 256 pref medium
  462. default dev wg0 proto static metric 1024 pref medium
  463. local ::1 dev lo table local proto kernel metric 0 pref medium
  464. anycast fdad:74db:da17:: dev br-lan table local proto kernel metric 0 pref medium
  465. local fdad:74db:da17::1 dev br-lan table local proto kernel metric 0 pref medium
  466. anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
  467. anycast fe80:: dev wan table local proto kernel metric 0 pref medium
  468. anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
  469. anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
  470. local fe80::1659:c0ff:fec8:c250 dev eth0 table local proto kernel metric 0 pref medium
  471. local fe80::1659:c0ff:fec8:c250 dev br-lan table local proto kernel metric 0 pref medium
  472. local fe80::1659:c0ff:fec8:c251 dev wan table local proto kernel metric 0 pref medium
  473. local fe80::1659:c0ff:fec8:c254 dev wlan0 table local proto kernel metric 0 pref medium
  474. multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
  475. multicast ff00::/8 dev br-lan table local proto kernel metric 256 pref medium
  476. multicast ff00::/8 dev wan table local proto kernel metric 256 pref medium
  477. multicast ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
  478. multicast ff00::/8 dev wg0 table local proto kernel metric 256 pref medium
  479. 0: from all lookup local
  480. 32766: from all lookup main
  481. 32767: from all lookup default
  482. # Generated by iptables-save v1.8.7 on Sat Aug 14 22:20:25 2021
  483. *nat
  484. :PREROUTING ACCEPT [29728044:2028453028]
  485. :INPUT ACCEPT [29568907:1995273207]
  486. :OUTPUT ACCEPT [38208977:2580247983]
  487. :POSTROUTING ACCEPT [11400:986549]
  488. :postrouting_lan_rule - [0:0]
  489. :postrouting_rule - [0:0]
  490. :postrouting_wan_rule - [0:0]
  491. :postrouting_wgclient_rule - [0:0]
  492. :prerouting_lan_rule - [0:0]
  493. :prerouting_rule - [0:0]
  494. :prerouting_wan_rule - [0:0]
  495. :prerouting_wgclient_rule - [0:0]
  496. :zone_lan_postrouting - [0:0]
  497. :zone_lan_prerouting - [0:0]
  498. :zone_wan_postrouting - [0:0]
  499. :zone_wan_prerouting - [0:0]
  500. :zone_wgclient_postrouting - [0:0]
  501. :zone_wgclient_prerouting - [0:0]
  502. -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  503. -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  504. -A PREROUTING -i wan -m comment --comment "!fw3" -j zone_wan_prerouting
  505. -A PREROUTING -i wg0 -m comment --comment "!fw3" -j zone_wgclient_prerouting
  506. -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  507. -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  508. -A POSTROUTING -o wan -m comment --comment "!fw3" -j zone_wan_postrouting
  509. -A POSTROUTING -o wg0 -m comment --comment "!fw3" -j zone_wgclient_postrouting
  510. -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  511. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: http (reflection)" -j SNAT --to-source 192.168.168.1
  512. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: https (reflection)" -j SNAT --to-source 192.168.168.1
  513. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: ssh (reflection)" -j SNAT --to-source 192.168.168.1
  514. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p udp -m udp --dport 1194 -m comment --comment "!fw3: ovpbn-udp (reflection)" -j SNAT --to-source 192.168.168.1
  515. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p tcp -m tcp --dport 993 -m comment --comment "!fw3: ovpn-tcp (reflection)" -j SNAT --to-source 192.168.168.1
  516. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.20/32 -p tcp -m tcp --dport 4080 -m comment --comment "!fw3: tivo-1 (reflection)" -j SNAT --to-source 192.168.168.1
  517. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.20/32 -p udp -m udp --dport 4080 -m comment --comment "!fw3: tivo-1 (reflection)" -j SNAT --to-source 192.168.168.1
  518. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.20/32 -p tcp -m tcp --dport 413 -m comment --comment "!fw3: tivo-2 (reflection)" -j SNAT --to-source 192.168.168.1
  519. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.20/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: tivo-3 (reflection)" -j SNAT --to-source 192.168.168.1
  520. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p tcp -m tcp --dport 53 -m comment --comment "!fw3: ovpn-tcp1 (reflection)" -j SNAT --to-source 192.168.168.1
  521. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p udp -m udp --dport 53 -m comment --comment "!fw3: ovpn-tcp1 (reflection)" -j SNAT --to-source 192.168.168.1
  522. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p tcp -m tcp --dport 53 -m comment --comment "!fw3: ovpn-tcp2 (reflection)" -j SNAT --to-source 192.168.168.1
  523. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p tcp -m tcp --dport 5023 -m comment --comment "!fw3: trac1 (reflection)" -j SNAT --to-source 192.168.168.1
  524. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p tcp -m tcp --dport 5023 -m comment --comment "!fw3: trac2 (reflection)" -j SNAT --to-source 192.168.168.1
  525. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p udp -m udp --dport 5023 -m comment --comment "!fw3: trac2 (reflection)" -j SNAT --to-source 192.168.168.1
  526. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p tcp -m tcp --dport 5031 -m comment --comment "!fw3: trac3 (reflection)" -j SNAT --to-source 192.168.168.1
  527. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p udp -m udp --dport 5031 -m comment --comment "!fw3: trac3 (reflection)" -j SNAT --to-source 192.168.168.1
  528. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p tcp -m tcp --dport 5036 -m comment --comment "!fw3: trac4 (reflection)" -j SNAT --to-source 192.168.168.1
  529. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p udp -m udp --dport 5036 -m comment --comment "!fw3: trac4 (reflection)" -j SNAT --to-source 192.168.168.1
  530. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p tcp -m tcp --dport 5055 -m comment --comment "!fw3: trac5 (reflection)" -j SNAT --to-source 192.168.168.1
  531. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p udp -m udp --dport 5055 -m comment --comment "!fw3: trac5 (reflection)" -j SNAT --to-source 192.168.168.1
  532. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p tcp -m tcp --dport 25 -m comment --comment "!fw3: smtp (reflection)" -j SNAT --to-source 192.168.168.1
  533. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.230/32 -p tcp -m tcp --dport 4949 -m comment --comment "!fw3: munin (reflection)" -j SNAT --to-source 192.168.168.1
  534. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.230/32 -p udp -m udp --dport 4949 -m comment --comment "!fw3: munin (reflection)" -j SNAT --to-source 192.168.168.1
  535. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p tcp -m tcp --dport 56914 -m comment --comment "!fw3: wireguard (reflection)" -j SNAT --to-source 192.168.168.1
  536. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.197/32 -p udp -m udp --dport 56914 -m comment --comment "!fw3: wireguard (reflection)" -j SNAT --to-source 192.168.168.1
  537. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p tcp -m tcp --dport 8883 -m comment --comment "!fw3: mosquitto (reflection)" -j SNAT --to-source 192.168.168.1
  538. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.198/32 -p udp -m udp --dport 8883 -m comment --comment "!fw3: mosquitto (reflection)" -j SNAT --to-source 192.168.168.1
  539. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.21/32 -p tcp -m tcp --dport 37777 -m comment --comment "!fw3: amcrest (reflection)" -j SNAT --to-source 192.168.168.1
  540. -A zone_lan_postrouting -s 192.168.168.0/24 -d 192.168.168.21/32 -p udp -m udp --dport 37777 -m comment --comment "!fw3: amcrest (reflection)" -j SNAT --to-source 192.168.168.1
  541. -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  542. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: http (reflection)" -j DNAT --to-destination 192.168.168.197:80
  543. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: https (reflection)" -j DNAT --to-destination 192.168.168.197:443
  544. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: ssh (reflection)" -j DNAT --to-destination 192.168.168.197:22
  545. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 1194 -m comment --comment "!fw3: ovpbn-udp (reflection)" -j DNAT --to-destination 192.168.168.197:1194
  546. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 993 -m comment --comment "!fw3: ovpn-tcp (reflection)" -j DNAT --to-destination 192.168.168.197:993
  547. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 4080 -m comment --comment "!fw3: tivo-1 (reflection)" -j DNAT --to-destination 192.168.168.20:4080
  548. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 4080 -m comment --comment "!fw3: tivo-1 (reflection)" -j DNAT --to-destination 192.168.168.20:4080
  549. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 4413 -m comment --comment "!fw3: tivo-2 (reflection)" -j DNAT --to-destination 192.168.168.20:413
  550. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 4443 -m comment --comment "!fw3: tivo-3 (reflection)" -j DNAT --to-destination 192.168.168.20:443
  551. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 53 -m comment --comment "!fw3: ovpn-tcp1 (reflection)" -j DNAT --to-destination 192.168.168.197:53
  552. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 53 -m comment --comment "!fw3: ovpn-tcp1 (reflection)" -j DNAT --to-destination 192.168.168.197:53
  553. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 110 -m comment --comment "!fw3: ovpn-tcp2 (reflection)" -j DNAT --to-destination 192.168.168.197:53
  554. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 5004 -m comment --comment "!fw3: trac1 (reflection)" -j DNAT --to-destination 192.168.168.198:5023
  555. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 5023 -m comment --comment "!fw3: trac2 (reflection)" -j DNAT --to-destination 192.168.168.198:5023
  556. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 5023 -m comment --comment "!fw3: trac2 (reflection)" -j DNAT --to-destination 192.168.168.198:5023
  557. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 5031 -m comment --comment "!fw3: trac3 (reflection)" -j DNAT --to-destination 192.168.168.198:5031
  558. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 5031 -m comment --comment "!fw3: trac3 (reflection)" -j DNAT --to-destination 192.168.168.198:5031
  559. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 5036 -m comment --comment "!fw3: trac4 (reflection)" -j DNAT --to-destination 192.168.168.198:5036
  560. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 5036 -m comment --comment "!fw3: trac4 (reflection)" -j DNAT --to-destination 192.168.168.198:5036
  561. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 5055 -m comment --comment "!fw3: trac5 (reflection)" -j DNAT --to-destination 192.168.168.198:5055
  562. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 5055 -m comment --comment "!fw3: trac5 (reflection)" -j DNAT --to-destination 192.168.168.198:5055
  563. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 25 -m comment --comment "!fw3: smtp (reflection)" -j DNAT --to-destination 192.168.168.197:25
  564. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 4949 -m comment --comment "!fw3: munin (reflection)" -j DNAT --to-destination 192.168.168.230:4949
  565. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 4949 -m comment --comment "!fw3: munin (reflection)" -j DNAT --to-destination 192.168.168.230:4949
  566. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 56914 -m comment --comment "!fw3: wireguard (reflection)" -j DNAT --to-destination 192.168.168.197:56914
  567. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 56914 -m comment --comment "!fw3: wireguard (reflection)" -j DNAT --to-destination 192.168.168.197:56914
  568. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 8883 -m comment --comment "!fw3: mosquitto (reflection)" -j DNAT --to-destination 192.168.168.198:8883
  569. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 8883 -m comment --comment "!fw3: mosquitto (reflection)" -j DNAT --to-destination 192.168.168.198:8883
  570. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p tcp -m tcp --dport 37890 -m comment --comment "!fw3: amcrest (reflection)" -j DNAT --to-destination 192.168.168.21:37777
  571. -A zone_lan_prerouting -s 192.168.168.0/24 -d 71.190.236.237/32 -p udp -m udp --dport 37890 -m comment --comment "!fw3: amcrest (reflection)" -j DNAT --to-destination 192.168.168.21:37777
  572. -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  573. -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  574. -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  575. -A zone_wan_prerouting -p tcp -m tcp --dport 80 -m comment --comment "!fw3: http" -j DNAT --to-destination 192.168.168.197:80
  576. -A zone_wan_prerouting -p tcp -m tcp --dport 443 -m comment --comment "!fw3: https" -j DNAT --to-destination 192.168.168.197:443
  577. -A zone_wan_prerouting -p tcp -m tcp --dport 22 -m comment --comment "!fw3: ssh" -j DNAT --to-destination 192.168.168.197:22
  578. -A zone_wan_prerouting -p udp -m udp --dport 1194 -m comment --comment "!fw3: ovpbn-udp" -j DNAT --to-destination 192.168.168.197:1194
  579. -A zone_wan_prerouting -p tcp -m tcp --dport 993 -m comment --comment "!fw3: ovpn-tcp" -j DNAT --to-destination 192.168.168.197:993
  580. -A zone_wan_prerouting -p tcp -m tcp --dport 4080 -m comment --comment "!fw3: tivo-1" -j DNAT --to-destination 192.168.168.20:4080
  581. -A zone_wan_prerouting -p udp -m udp --dport 4080 -m comment --comment "!fw3: tivo-1" -j DNAT --to-destination 192.168.168.20:4080
  582. -A zone_wan_prerouting -p tcp -m tcp --dport 4413 -m comment --comment "!fw3: tivo-2" -j DNAT --to-destination 192.168.168.20:413
  583. -A zone_wan_prerouting -p tcp -m tcp --dport 4443 -m comment --comment "!fw3: tivo-3" -j DNAT --to-destination 192.168.168.20:443
  584. -A zone_wan_prerouting -p tcp -m tcp --dport 53 -m comment --comment "!fw3: ovpn-tcp1" -j DNAT --to-destination 192.168.168.197:53
  585. -A zone_wan_prerouting -p udp -m udp --dport 53 -m comment --comment "!fw3: ovpn-tcp1" -j DNAT --to-destination 192.168.168.197:53
  586. -A zone_wan_prerouting -p tcp -m tcp --dport 110 -m comment --comment "!fw3: ovpn-tcp2" -j DNAT --to-destination 192.168.168.197:53
  587. -A zone_wan_prerouting -p tcp -m tcp --dport 5004 -m comment --comment "!fw3: trac1" -j DNAT --to-destination 192.168.168.198:5023
  588. -A zone_wan_prerouting -p tcp -m tcp --dport 5023 -m comment --comment "!fw3: trac2" -j DNAT --to-destination 192.168.168.198:5023
  589. -A zone_wan_prerouting -p udp -m udp --dport 5023 -m comment --comment "!fw3: trac2" -j DNAT --to-destination 192.168.168.198:5023
  590. -A zone_wan_prerouting -p tcp -m tcp --dport 5031 -m comment --comment "!fw3: trac3" -j DNAT --to-destination 192.168.168.198:5031
  591. -A zone_wan_prerouting -p udp -m udp --dport 5031 -m comment --comment "!fw3: trac3" -j DNAT --to-destination 192.168.168.198:5031
  592. -A zone_wan_prerouting -p tcp -m tcp --dport 5036 -m comment --comment "!fw3: trac4" -j DNAT --to-destination 192.168.168.198:5036
  593. -A zone_wan_prerouting -p udp -m udp --dport 5036 -m comment --comment "!fw3: trac4" -j DNAT --to-destination 192.168.168.198:5036
  594. -A zone_wan_prerouting -p tcp -m tcp --dport 5055 -m comment --comment "!fw3: trac5" -j DNAT --to-destination 192.168.168.198:5055
  595. -A zone_wan_prerouting -p udp -m udp --dport 5055 -m comment --comment "!fw3: trac5" -j DNAT --to-destination 192.168.168.198:5055
  596. -A zone_wan_prerouting -p tcp -m tcp --dport 25 -m comment --comment "!fw3: smtp" -j DNAT --to-destination 192.168.168.197:25
  597. -A zone_wan_prerouting -p tcp -m tcp --dport 4949 -m comment --comment "!fw3: munin" -j DNAT --to-destination 192.168.168.230:4949
  598. -A zone_wan_prerouting -p udp -m udp --dport 4949 -m comment --comment "!fw3: munin" -j DNAT --to-destination 192.168.168.230:4949
  599. -A zone_wan_prerouting -p tcp -m tcp --dport 56914 -m comment --comment "!fw3: wireguard" -j DNAT --to-destination 192.168.168.197:56914
  600. -A zone_wan_prerouting -p udp -m udp --dport 56914 -m comment --comment "!fw3: wireguard" -j DNAT --to-destination 192.168.168.197:56914
  601. -A zone_wan_prerouting -p tcp -m tcp --dport 8883 -m comment --comment "!fw3: mosquitto" -j DNAT --to-destination 192.168.168.198:8883
  602. -A zone_wan_prerouting -p udp -m udp --dport 8883 -m comment --comment "!fw3: mosquitto" -j DNAT --to-destination 192.168.168.198:8883
  603. -A zone_wan_prerouting -p tcp -m tcp --dport 37890 -m comment --comment "!fw3: amcrest" -j DNAT --to-destination 192.168.168.21:37777
  604. -A zone_wan_prerouting -p udp -m udp --dport 37890 -m comment --comment "!fw3: amcrest" -j DNAT --to-destination 192.168.168.21:37777
  605. -A zone_wgclient_postrouting -m comment --comment "!fw3: Custom wgclient postrouting rule chain" -j postrouting_wgclient_rule
  606. -A zone_wgclient_postrouting -m comment --comment "!fw3" -j MASQUERADE
  607. -A zone_wgclient_prerouting -m comment --comment "!fw3: Custom wgclient prerouting rule chain" -j prerouting_wgclient_rule
  608. COMMIT
  609. # Completed on Sat Aug 14 22:20:25 2021
  610. # Generated by iptables-save v1.8.7 on Sat Aug 14 22:20:25 2021
  611. *mangle
  612. :PREROUTING ACCEPT [2482090:193939785]
  613. :INPUT ACCEPT [2449238:184366253]
  614. :FORWARD ACCEPT [28594:8412532]
  615. :OUTPUT ACCEPT [3000774:226559035]
  616. :POSTROUTING ACCEPT [2475199:197406884]
  617. -A FORWARD -o wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  618. -A FORWARD -i wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  619. COMMIT
  620. # Completed on Sat Aug 14 22:20:25 2021
  621. # Generated by iptables-save v1.8.7 on Sat Aug 14 22:20:25 2021
  622. *filter
  623. :INPUT ACCEPT [0:0]
  624. :FORWARD DROP [0:0]
  625. :OUTPUT ACCEPT [0:0]
  626. :forwarding_lan_rule - [0:0]
  627. :forwarding_rule - [0:0]
  628. :forwarding_wan_rule - [0:0]
  629. :forwarding_wgclient_rule - [0:0]
  630. :input_lan_rule - [0:0]
  631. :input_rule - [0:0]
  632. :input_wan_rule - [0:0]
  633. :input_wgclient_rule - [0:0]
  634. :output_lan_rule - [0:0]
  635. :output_rule - [0:0]
  636. :output_wan_rule - [0:0]
  637. :output_wgclient_rule - [0:0]
  638. :reject - [0:0]
  639. :syn_flood - [0:0]
  640. :zone_lan_dest_ACCEPT - [0:0]
  641. :zone_lan_forward - [0:0]
  642. :zone_lan_input - [0:0]
  643. :zone_lan_output - [0:0]
  644. :zone_lan_src_ACCEPT - [0:0]
  645. :zone_wan_dest_ACCEPT - [0:0]
  646. :zone_wan_dest_REJECT - [0:0]
  647. :zone_wan_forward - [0:0]
  648. :zone_wan_input - [0:0]
  649. :zone_wan_output - [0:0]
  650. :zone_wan_src_REJECT - [0:0]
  651. :zone_wgclient_dest_ACCEPT - [0:0]
  652. :zone_wgclient_dest_REJECT - [0:0]
  653. :zone_wgclient_forward - [0:0]
  654. :zone_wgclient_input - [0:0]
  655. :zone_wgclient_output - [0:0]
  656. :zone_wgclient_src_REJECT - [0:0]
  657. -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  658. -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  659. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  660. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  661. -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  662. -A INPUT -i wan -m comment --comment "!fw3" -j zone_wan_input
  663. -A INPUT -i wg0 -m comment --comment "!fw3" -j zone_wgclient_input
  664. -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  665. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  666. -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  667. -A FORWARD -i wan -m comment --comment "!fw3" -j zone_wan_forward
  668. -A FORWARD -i wg0 -m comment --comment "!fw3" -j zone_wgclient_forward
  669. -A FORWARD -m comment --comment "!fw3" -j reject
  670. -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  671. -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  672. -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  673. -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  674. -A OUTPUT -o wan -m comment --comment "!fw3" -j zone_wan_output
  675. -A OUTPUT -o wg0 -m comment --comment "!fw3" -j zone_wgclient_output
  676. -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  677. -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  678. -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  679. -A syn_flood -m comment --comment "!fw3" -j DROP
  680. -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  681. -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  682. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  683. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  684. -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wgclient forwarding policy" -j zone_wgclient_dest_ACCEPT
  685. -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  686. -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  687. -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  688. -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  689. -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  690. -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  691. -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  692. -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  693. -A zone_wan_dest_ACCEPT -o wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  694. -A zone_wan_dest_ACCEPT -o wan -m comment --comment "!fw3" -j ACCEPT
  695. -A zone_wan_dest_REJECT -o wan -m comment --comment "!fw3" -j reject
  696. -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  697. -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  698. -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  699. -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  700. -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  701. -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  702. -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  703. -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  704. -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  705. -A zone_wan_input -p udp -m udp --dport 55955 -m comment --comment "!fw3: wireguard 55955" -j ACCEPT
  706. -A zone_wan_input -p udp -m udp --dport 56914 -m comment --comment "!fw3: wireguard water 56914" -j ACCEPT
  707. -A zone_wan_input -p udp -m udp --dport 56913 -m comment --comment "!fw3: Allow-WireGuard" -j ACCEPT
  708. -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  709. -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  710. -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  711. -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  712. -A zone_wan_src_REJECT -i wan -m comment --comment "!fw3" -j reject
  713. -A zone_wgclient_dest_ACCEPT -o wg0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  714. -A zone_wgclient_dest_ACCEPT -o wg0 -m comment --comment "!fw3" -j ACCEPT
  715. -A zone_wgclient_dest_REJECT -o wg0 -m comment --comment "!fw3" -j reject
  716. -A zone_wgclient_forward -m comment --comment "!fw3: Custom wgclient forwarding rule chain" -j forwarding_wgclient_rule
  717. -A zone_wgclient_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  718. -A zone_wgclient_forward -m comment --comment "!fw3" -j zone_wgclient_dest_ACCEPT
  719. -A zone_wgclient_input -m comment --comment "!fw3: Custom wgclient input rule chain" -j input_wgclient_rule
  720. -A zone_wgclient_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  721. -A zone_wgclient_input -m comment --comment "!fw3" -j zone_wgclient_src_REJECT
  722. -A zone_wgclient_output -m comment --comment "!fw3: Custom wgclient output rule chain" -j output_wgclient_rule
  723. -A zone_wgclient_output -m comment --comment "!fw3" -j zone_wgclient_dest_REJECT
  724. -A zone_wgclient_src_REJECT -i wg0 -m comment --comment "!fw3" -j reject
  725. COMMIT
  726. # Completed on Sat Aug 14 22:20:25 2021
  727. ==> /etc/resolv.conf <==
  728. search feeney
  729. nameserver 127.0.0.1
  730. nameserver ::1
  731.  
  732. ==> /tmp/resolv.conf <==
  733. search feeney
  734. nameserver 127.0.0.1
  735. nameserver ::1
  736.  
  737. ==> /tmp/resolv.conf.d <==
  738. head: /tmp/resolv.conf.d: I/O error
  739.  
  740. ==> /tmp/resolv.conf.d/resolv.conf.auto <==
  741. # Interface wan
  742. nameserver 151.202.0.84
  743. ;; connection timed out; no servers could be reached
  744.  
  745. ;; connection timed out; no servers could be reached
  746.  
  747.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!