You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently I've tried to use fwknop at OpenWrt. Of course, there is no nftables support and it is not working out-of-the-box, but it wouldn't be a problem if CMD_CYCLE_OPEN is implemented (and documented) properly.
As per documentation, there is a number of substitution variables: $IP/$SRC $PKT_SRC $DST I expected to see local address here when using --nat-access name.local:port but always got with router wan address instead of resolved name.local. This happens even when name.local is not resolvable. $PORT (the allow port) $PROTO (the allow protocol) $TIMEOUT (set the client timeout if specified). Seems this is a timestamp rather than a timeout? A bit of explanation would be helpful
$CLIENT_TIMEOUT (undocumented) – "real" timeout?
I failed to find something like $DST_PORT variable so I realized that forwarding external port to internal host port via CMD_CYCLE_OPEN is impossible.
There is a good reason to believe that proper CMD_CYCLE_OPEN implementation will make easier integrating fwknop into different firewalls including manually scripted ones and nftables itself.
The text was updated successfully, but these errors were encountered:
Recently I've tried to use fwknop at OpenWrt. Of course, there is no nftables support and it is not working out-of-the-box, but it wouldn't be a problem if
CMD_CYCLE_OPENis implemented (and documented) properly.As per documentation, there is a number of substitution variables:
$IP/$SRC$PKT_SRC$DSTI expected to see local address here when using--nat-access name.local:portbut always got with router wan address instead of resolvedname.local. This happens even whenname.localis not resolvable.$PORT(the allow port)$PROTO(the allow protocol)$TIMEOUT(set the client timeout if specified). Seems this is a timestamp rather than a timeout? A bit of explanation would be helpful$CLIENT_TIMEOUT (undocumented) – "real" timeout?
I failed to find something like
$DST_PORTvariable so I realized that forwarding external port to internal host port viaCMD_CYCLE_OPENis impossible.There is a good reason to believe that proper
CMD_CYCLE_OPENimplementation will make easier integrating fwknop into different firewalls including manually scripted ones and nftables itself.The text was updated successfully, but these errors were encountered: