From 7df4747aff637eb524a1f6c89124af7a573790c1 Mon Sep 17 00:00:00 2001 From: Conrad Lara - KG6JEI Date: Sat, 23 Jan 2016 20:40:01 -0800 Subject: [PATCH] bugfix: Traffic from Lan to DTDLINK not masqueraded when in NAT mode. Due to a firewall chain name changes in BB when a node was in NAT mode (instead of recommended direct mode) connections that went out over DTDLink as the first hop would not be masqed and as such would not work. --- files/etc/firewall.natmode | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/etc/firewall.natmode b/files/etc/firewall.natmode index a5ee6022..ee6a52f1 100644 --- a/files/etc/firewall.natmode +++ b/files/etc/firewall.natmode @@ -14,5 +14,5 @@ iptables -t mangle -I PREROUTING -d $dtdlinkip/32 -j MARK --set-xmark 0x15/0xfff # Mark and masq local traffic going out the dtdlink interface. iptables -t nat -A zone_lan_prerouting -j MARK --set-xmark 0xe/0xffffffff -iptables -t nat -A zone_dtdlink_nat -m mark --mark 0xe -j MASQUERADE +iptables -t nat -A zone_dtdlink_postrouting -m mark --mark 0xe -j MASQUERADE