1 --- a/server/fwknopd.conf
2 +++ b/server/fwknopd.conf
4 # Define the ethernet interface on which we will sniff packets.
5 # Default if not set is eth0.
9 +# The following line is changed specifically for Openwrt.
10 +# Openwrt defaults to using eth1 as its wan port. If using PPPoE,
11 +# Then this needs to be set to pppoe-wan.
15 # By default fwknopd does not put the pcap interface into promiscuous mode.
16 # Set this to 'Y' to enable promiscuous sniffing.
18 # The IPT_FORWARD_ACCESS variable is only used if ENABLE_IPT_FORWARDING is
21 -#IPT_FORWARD_ACCESS ACCEPT, filter, FORWARD, 1, FWKNOP_FORWARD, 1;
22 -#IPT_DNAT_ACCESS DNAT, nat, PREROUTING, 1, FWKNOP_PREROUTING, 1;
24 +# These two lines are changed specifically for Openwrt, due to
25 +# different naming conventions. IPT_FORWARD is still disabled
26 +# by default, and must be enabled earlier in this file to be used.
28 +IPT_FORWARD_ACCESS ACCEPT, filter, zone_wan_forward, 1, FWKNOP_FORWARD, 1;
29 +IPT_DNAT_ACCESS DNAT, nat, zone_wan_prerouting, 1, FWKNOP_PREROUTING, 1;
31 # The IPT_SNAT_ACCESS variable is not used unless both ENABLE_IPT_SNAT and
32 # ENABLE_IPT_FORWARDING are enabled. Also, the external static IP must be