34 lines
1.3 KiB
Diff
34 lines
1.3 KiB
Diff
|
@@ -0,0 +1,32 @@
|
||
|
|
--- a/server/fwknopd.conf
|
||
|
|
+++ b/server/fwknopd.conf
|
||
|
|
@@ -30,7 +30,12 @@
|
||
|
|
# Define the ethernet interface on which we will sniff packets.
|
||
|
|
# Default if not set is eth0.
|
||
|
|
#
|
||
|
|
-#PCAP_INTF eth0;
|
||
|
|
+
|
||
|
|
+# The following line is changed specifically for Openwrt.
|
||
|
|
+# Openwrt defaults to using eth1 as its wan port. If using PPPoE,
|
||
|
|
+# Then this needs to be set to pppoe-wan.
|
||
|
|
+
|
||
|
|
+PCAP_INTF eth1;
|
||
|
|
|
||
|
|
# By default fwknopd does not put the pcap interface into promiscuous mode.
|
||
|
|
# Set this to 'Y' to enable promiscuous sniffing.
|
||
|
|
@@ -239,8 +244,13 @@
|
||
|
|
# The IPT_FORWARD_ACCESS variable is only used if ENABLE_IPT_FORWARDING is
|
||
|
|
# enabled.
|
||
|
|
#
|
||
|
|
-#IPT_FORWARD_ACCESS ACCEPT, filter, FORWARD, 1, FWKNOP_FORWARD, 1;
|
||
|
|
-#IPT_DNAT_ACCESS DNAT, nat, PREROUTING, 1, FWKNOP_PREROUTING, 1;
|
||
|
|
+
|
||
|
|
+# These two lines are changed specifically for Openwrt, due to
|
||
|
|
+# different naming conventions. IPT_FORWARD is still disabled
|
||
|
|
+# by default, and must be enabled earlier in this file to be used.
|
||
|
|
+
|
||
|
|
+IPT_FORWARD_ACCESS ACCEPT, filter, zone_wan_forward, 1, FWKNOP_FORWARD, 1;
|
||
|
|
+IPT_DNAT_ACCESS DNAT, nat, zone_wan_prerouting, 1, FWKNOP_PREROUTING, 1;
|
||
|
|
|
||
|
|
# The IPT_SNAT_ACCESS variable is not used unless both ENABLE_IPT_SNAT and
|
||
|
|
# ENABLE_IPT_FORWARDING are enabled. Also, the external static IP must be
|