firewall: restore local port relocation ability from r26617

author Jo-Philipp Wich <jow@openwrt.org>

Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)

committer Jo-Philipp Wich <jow@openwrt.org>

Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)
author Jo-Philipp Wich <jow@openwrt.org>
Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)
committer Jo-Philipp Wich <jow@openwrt.org>
Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)
diff --git a/package/firewall/files/lib/core_redirect.sh b/package/firewall/files/lib/core_redirect.sh

index f511d2915e18d878f2dfd43d17083984eb142cf6..0b8030d96a8f126db5fe859309e57873f298b677 100644 (file)
--- a/package/firewall/files/lib/core_redirect.sh
+++ b/package/firewall/files/lib/core_redirect.sh
@@ -34,7 +34,7 @@ fw_load_redirect() {
                         return 0
                 }
  
-               fwdchain="zone_${redirect_src}_forward"
+               fwdchain="zone_${redirect_src}${redirect_dest_ip:+_forward}"
  
                 natopt="--to-destination"
                 natchain="zone_${redirect_src}_prerouting"
@@ -104,10 +104,10 @@ fw_load_redirect() {
                                 $redirect_options \
                         }
  
-                       [ -n "$destaddr" ] && \
                         fw add $mode f ${fwdchain:-forward} ACCEPT + \
                                 { $redirect_src_ip $redirect_dest_ip } { \
-                               $srcaddr $destaddr $redirect_proto \
+                               $srcaddr ${destaddr:--m conntrack --ctstate DNAT} \
+                               $redirect_proto \
                                 $srcports $destports \
                                 $redirect_src_mac \
                                 $redirect_extra \
author	Jo-Philipp Wich <jow@openwrt.org>
	Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)
committer	Jo-Philipp Wich <jow@openwrt.org>
	Thu, 30 Jun 2011 01:36:09 +0000 (01:36 +0000)