This repository is a mirror of https://git.openwrt.org/openwrt/openwrt.git It is for reference only and is not active for check-ins or for reporting issues. We will continue to accept Pull Requests here. They will be merged via staging trees then into openwrt.git. All issues should be reported at: https://bugs.openwrt.org
 
 
 
 
 
 
Go to file
Jo-Philipp Wich a9977eca91 firewall: allow local redirection of ports
Allow a redirect like:

config redirect
        option src 'wan'
        option dest 'lan'
        option src_dport '22001'
        option dest_port '22'
        option proto 'tcp'

note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.

This patch makes three changes:

(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
    connections.

In the above example,

ssh -p 22 root@myrouter

would fail from the outside, but:

ssh -p 22001 root@myrouter

would succeed.  This is handy if:

(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
    still want to allow firewall access from outside.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26617
2011-04-12 20:03:59 +00:00
docs kamikaze has been released long ago 2011-02-11 14:04:00 +00:00
include firewall: allow local redirection of ports 2011-04-12 20:03:59 +00:00
package firewall: allow local redirection of ports 2011-04-12 20:03:59 +00:00
scripts add a new package metadata variable MDEPENDS for specifying local menuconfig dependencies that do not propagate to other packages 2011-04-05 19:03:51 +00:00
target solos: various upstreamed solos patches 2011-04-12 19:50:15 +00:00
toolchain uClibc: forced unwind for pthread_cancel handling is broken and triggers spurious abort() calls from libgcc. disable it and use the other method instead 2011-04-09 15:46:58 +00:00
tools firmware-utils: fix endianness bugs in firmware generation program. 2011-04-09 15:06:01 +00:00
.gitignore gitignore: add *.rej and *.orig to .gitignore 2011-04-03 18:30:55 +00:00
BSDmakefile add missing copyright header 2007-02-26 01:05:09 +00:00
Config.in add a kernel config option for magic sysrq 2011-03-17 23:14:12 +00:00
LICENSE finally move buildroot-ng to trunk 2016-03-20 17:29:15 +01:00
Makefile add a command for printing a cleaned up make target database - will be used to analyze package dependencies at some point 2010-09-01 17:51:36 +00:00
README remove bison requirement (see [10398] & [14900]) 2010-03-05 09:48:32 +00:00
feeds.conf.default switch to LuCI trunk, should be stable enough for common use now 2010-11-16 00:05:41 +00:00
rules.mk rules.mk: properly populate $(LIBGCC_S) for external toolchains 2011-04-11 16:06:46 +00:00

README

This is the buildsystem for the OpenWrt Linux distribution

Please use "make menuconfig" to configure your appreciated
configuration for the toolchain and firmware.

You need to have installed gcc, binutils, patch, bzip2, flex,
make, gettext, pkg-config, unzip, libz-dev and libc headers.

Simply running 'make' will build your firmware.
It will download all sources, build the cross-compile toolchain, 
the kernel and all choosen applications.

You can use scripts/flashing/flash.sh for remotely updating your embedded
system via tftp.

The OpenWrt system is documented in docs/. You will need a LaTeX distribution
and the tex4ht package to build the documentation. Type make -C docs/ to build it.

Building your own firmware you need to have access to a Linux, BSD or MacOSX system.
Cygwin will not be supported because of the lack of case sensitiveness.

Sunshine!
	Your OpenWrt Project
	http://openwrt.org