-
Notifications
You must be signed in to change notification settings - Fork 0
/
001-fix_config.patch
32 lines (30 loc) · 1.29 KB
/
001-fix_config.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
--- a/server/fwknopd.conf
+++ b/server/fwknopd.conf
@@ -29,7 +29,12 @@
# Define the ethernet interface on which we will sniff packets.
# Default if not set is eth0.
#
-#PCAP_INTF eth0;
+
+# The following line is changed specifically for Openwrt.
+# Openwrt defaults to using eth1 as its wan port. If using PPPoE,
+# Then this needs to be set to pppoe-wan.
+
+PCAP_INTF eth1;
# By default fwknopd does not put the pcap interface into promiscuous mode.
# Set this to 'Y' to enable promiscuous sniffing.
@@ -252,8 +257,13 @@
# The IPT_FORWARD_ACCESS variable is only used if ENABLE_IPT_FORWARDING is
# enabled.
#
-#IPT_FORWARD_ACCESS ACCEPT, filter, FORWARD, 1, FWKNOP_FORWARD, 1;
-#IPT_DNAT_ACCESS DNAT, nat, PREROUTING, 1, FWKNOP_PREROUTING, 1;
+
+# These two lines are changed specifically for Openwrt, due to
+# different naming conventions. IPT_FORWARD is still disabled
+# by default, and must be enabled earlier in this file to be used.
+
+IPT_FORWARD_ACCESS ACCEPT, filter, zone_wan_forward, 1, FWKNOP_FORWARD, 1;
+IPT_DNAT_ACCESS DNAT, nat, zone_wan_prerouting, 1, FWKNOP_PREROUTING, 1;
# The IPT_SNAT_ACCESS variable is not used unless both ENABLE_IPT_SNAT and
# ENABLE_IPT_FORWARDING are enabled. Also, the external static IP must be