5月に「NanoPi R2S+openWRT 21.02.0RCでBIGLOBEのMAP-E接続」にてOpenWRT 21.02.0-RC版での手順を作成した。
しかし、OpenWRT 21.02.0リリース版になってみると、いろいろ設定画面が変更となり、この手順のままでは動作させることができなかった。
ぐぐってみたところ「OpenWrt(21.02)でIPv6インターネットを使う」に手順があったので、参考にしつつ手順を更新した。
前書き
OpenWRTルータを作成するにあたり、いろいろある選択肢からRockchip RK3328のNanoPi R2S と Rockchip RK3399のNanoPi R4S を候補にあげた。
Amazon日本の倉庫に在庫があるというのと、openWRTのページに「FriendlyARM NanoPi R2S」とデバイスに関する個別ページが作成されており、リリース版の提供がされていたので、NanoPi R2Sを買って設定を行った。
ちなみに置き換え対象となったGL-MV1000とのサイズ比較はこんな感じ
OpenWRT 21.02.0-RC版の時代はアップグレードしたら以前の設定を残しておくと起動しなくなるとか問題もありましたが、OpenWRT 21.02.0リリース版を書き込んだあと設定復旧で動作させることができました。
設定手順0: MicroSD作成
friendlyarm_nanopi-r2s-squashfs-sysupgrade.img.gz を展開したものをmicroSDに書き込んでNanoPi R2Sを起動。
設定手順1:パッケージの追加
mapパッケージと日本語UIパッケージ(luci-i18n-base-ja)をインストール
また、後述のニチバン対策を行う場合は iptables-mod-ipopt もインストールする。
GUIの場合、[システム]-[Software]にて、「Update lists」を実行してパッケージ一覧を取得した後に、「Filter」にパッケージ名を入れて、出てきたモジュールを「Install」する。
CLIでインストールする場合は以下を実行
2 | # opkg install luci-i18n-base-ja |
4 | # okpg install iptables-mod-ipopt |
インストール後は再起動を行うこと。
再起動しないとluciのネットワーク設定で「プロトコル:MAP / LW4over6」が選択肢に現れません。
設定手順2:WAN6インタフェースの作成
WAN6インタフェースがなければ「プロトコル: DHCPv6クライアント」で作成する
最初はそのまま設定して、有効化し、WAN6インタフェースに割り当てられるIPv6アドレスを確認すること。
↑の画像は使い回しなので、この段階では無いはずの「MAP」インタフェースなどが入ってます
上記のようにWAN6インタフェースに「IPv6」アドレスが確認できたら、そのアドレスをコピーして、notepadにでも貼り付けておきます。
設定手順3:WAN6インタフェースにDHCPv6関連設定
openWRT 21.02.0のリリース版になったらWAN6インタフェースではDHCPv6関連設定がGUIできるようになりました。
[DHCPサーバー]を選択して、下記のようになっている場合は「DHCPサーバーをセットアップ」をクリックします。
クリックしたあと[一般設定]タブは下記のような感じで変更せず
[IPv6設定]タブで下記の設定を行います。
Designated master: チェックを入れる
RA-Service:リレーモード
DHCPv6-サービス: リレーモード
NDP-Proxy: リレーモード
(Learn routesは設定を変更していない)
設定手順4:LANインタフェースにDHCPv6関連設定
LANインタフェースの[DHCPサーバー]-[IPv6設定]で以下の設定を行います。
RA-Service:リレーモード
DHCPv6-サービス: サーバーモード
NDP-Proxy: リレーモード
(マスターにチェックは入れません)
設定手順5: IPv6 PD設定
OpenWRT 21.02.0-RC版だとIPv6 PD設定がWAN6にあったのですが、リリース版だと消えています。
これは別のインタフェースとして作成することで対応するようです。
[インタフェースを新規作成]から下記でインタフェースを作成します。
名前:WAN6PD
プロトコル:静的アドレス
デバイス: WAN6インタフェース(@wan6表記)
詳細設定では手順2で確認したIPv6アドレスを使います。
IPv6アドレスが「IPv6: wwww:xxxx:yyyy:zzzz:aaaa:bbbb:cccc:dddd/64」というようになっているとき、先頭の4カラム「wwww:xxxx:yyyy:zzzz」を使います。
まず、WAN6PDに割り当てる 「wwww:xxxx:yyyy:zzzz::1001」を「IPv6アドレス」に設定します。
「IPv6 ゲートウェイ」には「wwww:xxxx:yyyy:zzzz::1 」を指定します。このアドレスは設定完了後、WAN6PDインタフェースではなく、LANインタフェースに対して割り当てられます。
「IPv6ルートプレフィックス」には「wwww:xxxx:yyyy:zzzz::/56」と指定します。
設定すると上記のような感じです。
設定手順6: MAP-E接続設定
インタフェースの新規作成で「プロトコル:MAP / LW4over6」を作成して、必要な値を入れていきます。今回は「WAN_MAP」で作成しました。
[一般設定]では下記の様にしました。
プロトコル:MAP/LW4over6
タイプ:MAP-E
以後は環境に合わせた値
[詳細設定]では「従来のMAPを使用」にチェックを入れる
設定手順7: 各インタフェースのファイアウォールゾーン設定
wan系のゾーンに「wan_map」と「WAN6PD」を追加します。
設定完了
ひとまずこれで設定完了です。
うまく接続が始まらない場合は、再起動してみてください。
設定:ニチバン対策
通称「ニチバンベンチ」と呼ばれているものがある。
一部のIPv4通信のみが可能なサイトにアクセスした際に、一定数以上の通信が行えなくなりコンテンツが欠けるなどの現象が発生することがある。
これはNATテーブルの利用手法と、一回確保したNATテーブルエントリの有効期限設定の兼ね合いで、MAP-Eで確保できるIPv4通信用のNAT用ポートを使い果たしてしまった場合に発生している。
大量の小さなファイルがWebサーバ側の同時セッション数が非常に多い設定で流れてこなければならないので、この現象が発生しているかどうかを意図的に確認するのがなかなか難しいものがある。
しかし、長らくニチバンサイトではその条件に合致するサイト構造であったため、ニチバンサイトを10窓ぐらいでリロードすれば発生していたため、確認手法としてニチバンにアクセスすることを「ニチバンベンチ」と呼称していた。(なお、2021年9月時点のニチバンサイトはサイト内容が一新され発生しなくなっている)
このNATテーブルとIPv4 ポート割り当ての問題を解消するためにiptablesを利用して割り当て手法の調整を行う https://paste.teknik.io/VeN9r を使用した。
IP4,PSID, TUNDEVは自分の環境に合わせて変更すること
IP4, PSIDがわからない場合は http://ipv4.web.fc2.com/map-e.html で確認すること
TUNDEVは、GUIから設定した名前ではなく、アイコンの下に小さく書かれている方の名前を使う。↑の場合は「map-wan_map」になる。
また、units1とunits2は、BIGLOBEはV6plus相当であるため、数値を変更する。
1 | units1=15 #V6plus:15 OCN:63 |
2 | units2=4096 #V6plus 4096 OCN:1024 |
8 | iptables -t nat -F PREROUTING |
9 | iptables -t nat -F OUTPUT |
10 | iptables -t nat -F POSTROUTING |
13 | while [ $rule -le $units1 ] ; do |
14 | mark=`expr $rule + 16` |
16 | portl=`expr $rule \* $units2 + $PSID \* 16` |
17 | portr=`expr $portl + 15` |
19 | iptables -t nat -A PREROUTING -m statistic --mode nth --every $units1 --packet $pn -j MARK --set-mark $mark |
20 | iptables -t nat -A OUTPUT -m statistic --mode nth --every $units1 --packet $pn -j MARK --set-mark $mark |
22 | iptables -t nat -A POSTROUTING -p icmp -o $TUNDEV -m mark --mark $mark -j SNAT --to $IP4:$portl-$portr |
23 | iptables -t nat -A POSTROUTING -p tcp -o $TUNDEV -m mark --mark $mark -j SNAT --to $IP4:$portl-$portr |
24 | iptables -t nat -A POSTROUTING -p udp -o $TUNDEV -m mark --mark $mark -j SNAT --to $IP4:$portl-$portr |
上記をopenwrtの[ネットワーク]-[ファイヤーウォール]-[Custom Rules] (/etc/firewall.user) に記載する。
また、[システム]-[スタートアップ]-[ローカルスタートアップ] (/etc/rc.local)の exit 0よりも前に下記2行を追加する
なお、iptablesのstatisticモジュールはiptables-mod-ipoptに入っているが、標準では導入されていないため、冒頭でインストールしているが、まだの場合は下記のような感じでインストールする。
1 | root@nanopi:~# opkg install iptables-mod-ipopt |
2 | Installing iptables-mod-ipopt (1.8.7-1) to root... |
4 | Installing kmod-ipt-ipopt (5.4.111-1) to root... |
6 | Configuring kmod-ipt-ipopt. |
7 | Configuring iptables-mod-ipopt. |
これで、とりあえずニチバンもスムースに開けるようになった。
参考資料
/etc/config/network
1 | config interface 'loopback' |
4 | option ipaddr '127.0.0.1' |
5 | option netmask '255.0.0.0' |
7 | config globals 'globals' |
8 | option ula_prefix 'fdaf:6014:6f21::/48' |
17 | option macaddr '1a:e4:a4:73:0d:0c' |
20 | option device 'br-lan' |
22 | option netmask '255.255.255.0' |
24 | option ipaddr '192.168.1.1' |
28 | option macaddr '1a:e4:a4:73:0d:0b' |
35 | config interface 'wan6' |
38 | option reqaddress 'try' |
39 | option reqprefix 'auto' |
41 | config interface 'wan_map' |
43 | option maptype 'map-e' |
44 | option peeraddr '2404:9200:225:100::64' |
45 | option ipaddr 'xxx.xxx.xxx.xxx' |
46 | option ip4prefixlen '15' |
47 | option ip6prefix 'wwww:xxxx::' |
48 | option ip6prefixlen '31' |
54 | config interface 'WAN6PD' |
56 | list ip6addr 'wwww:xxxx:yyyy:zzzz::1001' |
57 | option ip6gw 'wwww:xxxx:yyyy:zzzz::1' |
58 | option ip6prefix 'wwww:xxxx:yyyy:zzzz::/56' |
/etc/config/dhcp
2 | option domainneeded '1' |
5 | option localise_queries '1' |
6 | option rebind_protection '1' |
7 | option rebind_localhost '1' |
10 | option expandhosts '1' |
12 | option authoritative '1' |
14 | option leasefile '/tmp/dhcp.leases' |
15 | option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' |
16 | option nonwildcard '1' |
17 | option localservice '1' |
18 | option ednspacket_max '1232' |
21 | option interface 'lan' |
24 | option leasetime '12h' |
25 | option dhcpv4 'server' |
29 | option dhcpv6 'server' |
36 | option interface 'wan6' |
iptablesの結果
意図した分散が行われているかを「iptables -t nat -L -v」のPOSTROUTING tcp/udpのpkts/bytesカウントが分散して増加していっているかを確認する。
ちなみに、 /etc/rc.local にsleep 30とsh /etc/firewall.user を入れないと、システムが生成した分散ルールも残って表示される。
1 | root@nanopi:~# iptables -t nat -L -v |
2 | Chain PREROUTING (policy ACCEPT 2756 packets, 474K bytes) |
3 | pkts bytes target prot opt in out source destination |
4 | 185 32012 MARK all -- any any anywhere anywhere statistic mode nth every 15 MARK set 0x11 |
5 | 184 28575 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 1 MARK set 0x12 |
6 | 184 31952 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 2 MARK set 0x13 |
7 | 184 31323 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 3 MARK set 0x14 |
8 | 184 33123 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 4 MARK set 0x15 |
9 | 184 36047 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 5 MARK set 0x16 |
10 | 184 32939 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 6 MARK set 0x17 |
11 | 184 33412 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 7 MARK set 0x18 |
12 | 184 29916 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 8 MARK set 0x19 |
13 | 184 28526 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 9 MARK set 0x1a |
14 | 184 29308 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 10 MARK set 0x1b |
15 | 183 32364 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 11 MARK set 0x1c |
16 | 183 30150 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 12 MARK set 0x1d |
17 | 183 29944 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 13 MARK set 0x1e |
18 | 183 34100 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 14 MARK set 0x1f |
20 | Chain INPUT (policy ACCEPT 598 packets, 40818 bytes) |
21 | pkts bytes target prot opt in out source destination |
23 | Chain OUTPUT (policy ACCEPT 67 packets, 5056 bytes) |
24 | pkts bytes target prot opt in out source destination |
25 | 5 372 MARK all -- any any anywhere anywhere statistic mode nth every 15 MARK set 0x11 |
26 | 5 372 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 1 MARK set 0x12 |
27 | 5 372 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 2 MARK set 0x13 |
28 | 5 372 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 3 MARK set 0x14 |
29 | 5 380 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 4 MARK set 0x15 |
30 | 5 380 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 5 MARK set 0x16 |
31 | 5 380 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 6 MARK set 0x17 |
32 | 4 300 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 7 MARK set 0x18 |
33 | 4 304 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 8 MARK set 0x19 |
34 | 4 304 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 9 MARK set 0x1a |
35 | 4 304 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 10 MARK set 0x1b |
36 | 4 304 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 11 MARK set 0x1c |
37 | 4 304 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 12 MARK set 0x1d |
38 | 4 304 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 13 MARK set 0x1e |
39 | 4 304 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 14 MARK set 0x1f |
41 | Chain POSTROUTING (policy ACCEPT 23 packets, 1064 bytes) |
42 | pkts bytes target prot opt in out source destination |
43 | 2 168 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x11 to:xxx.xxx.xxx.xxx:5856-5871 |
44 | 41 2607 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x11 to:xxx.xxx.xxx.xxx:5856-5871 |
45 | 8 557 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x11 to:xxx.xxx.xxx.xxx:5856-5871 |
46 | 4 336 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x12 to:xxx.xxx.xxx.xxx:9952-9967 |
47 | 50 3503 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x12 to:xxx.xxx.xxx.xxx:9952-9967 |
48 | 13 868 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x12 to:xxx.xxx.xxx.xxx:9952-9967 |
49 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x13 to:xxx.xxx.xxx.xxx:14048-14063 |
50 | 46 2981 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x13 to:xxx.xxx.xxx.xxx:14048-14063 |
51 | 11 771 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x13 to:xxx.xxx.xxx.xxx:14048-14063 |
52 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x14 to:xxx.xxx.xxx.xxx:18144-18159 |
53 | 33 1991 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x14 to:xxx.xxx.xxx.xxx:18144-18159 |
54 | 10 709 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x14 to:xxx.xxx.xxx.xxx:18144-18159 |
55 | 2 168 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x15 to:xxx.xxx.xxx.xxx:22240-22255 |
56 | 38 2280 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x15 to:xxx.xxx.xxx.xxx:22240-22255 |
57 | 13 950 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x15 to:xxx.xxx.xxx.xxx:22240-22255 |
58 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x16 to:xxx.xxx.xxx.xxx:26336-26351 |
59 | 42 3095 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x16 to:xxx.xxx.xxx.xxx:26336-26351 |
60 | 11 831 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x16 to:xxx.xxx.xxx.xxx:26336-26351 |
61 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x17 to:xxx.xxx.xxx.xxx:30432-30447 |
62 | 51 3838 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x17 to:xxx.xxx.xxx.xxx:30432-30447 |
63 | 11 823 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x17 to:xxx.xxx.xxx.xxx:30432-30447 |
64 | 1 84 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x18 to:xxx.xxx.xxx.xxx:34528-34543 |
65 | 41 2564 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x18 to:xxx.xxx.xxx.xxx:34528-34543 |
66 | 9 656 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x18 to:xxx.xxx.xxx.xxx:34528-34543 |
67 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x19 to:xxx.xxx.xxx.xxx:38624-38639 |
68 | 44 2665 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x19 to:xxx.xxx.xxx.xxx:38624-38639 |
69 | 9 629 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x19 to:xxx.xxx.xxx.xxx:38624-38639 |
70 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1a to:xxx.xxx.xxx.xxx:42720-42735 |
71 | 55 3841 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1a to:xxx.xxx.xxx.xxx:42720-42735 |
72 | 11 762 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1a to:xxx.xxx.xxx.xxx:42720-42735 |
73 | 1 84 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1b to:xxx.xxx.xxx.xxx:46816-46831 |
74 | 53 3161 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1b to:xxx.xxx.xxx.xxx:46816-46831 |
75 | 10 699 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1b to:xxx.xxx.xxx.xxx:46816-46831 |
76 | 2 168 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1c to:xxx.xxx.xxx.xxx:50912-50927 |
77 | 46 2965 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1c to:xxx.xxx.xxx.xxx:50912-50927 |
78 | 9 632 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1c to:xxx.xxx.xxx.xxx:50912-50927 |
79 | 1 84 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1d to:xxx.xxx.xxx.xxx:55008-55023 |
80 | 45 2700 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1d to:xxx.xxx.xxx.xxx:55008-55023 |
81 | 10 671 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1d to:xxx.xxx.xxx.xxx:55008-55023 |
82 | 1 84 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1e to:xxx.xxx.xxx.xxx:59104-59119 |
83 | 48 2992 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1e to:xxx.xxx.xxx.xxx:59104-59119 |
84 | 15 1003 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1e to:xxx.xxx.xxx.xxx:59104-59119 |
85 | 1 84 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1f to:xxx.xxx.xxx.xxx:63200-63215 |
86 | 38 2280 SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1f to:xxx.xxx.xxx.xxx:63200-63215 |
87 | 9 615 SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1f to:xxx.xxx.xxx.xxx:63200-63215 |
89 | Chain postrouting_lan_rule (1 references) |
90 | pkts bytes target prot opt in out source destination |
92 | Chain postrouting_rule (0 references) |
93 | pkts bytes target prot opt in out source destination |
95 | Chain postrouting_wan_rule (1 references) |
96 | pkts bytes target prot opt in out source destination |
98 | Chain prerouting_lan_rule (1 references) |
99 | pkts bytes target prot opt in out source destination |
101 | Chain prerouting_rule (0 references) |
102 | pkts bytes target prot opt in out source destination |
104 | Chain prerouting_wan_rule (1 references) |
105 | pkts bytes target prot opt in out source destination |
107 | Chain zone_lan_postrouting (0 references) |
108 | pkts bytes target prot opt in out source destination |
109 | 0 0 postrouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan postrouting rule chain */ |
111 | Chain zone_lan_prerouting (0 references) |
112 | pkts bytes target prot opt in out source destination |
113 | 389 44358 prerouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan prerouting rule chain */ |
115 | Chain zone_wan_postrouting (0 references) |
116 | pkts bytes target prot opt in out source destination |
117 | 0 0 postrouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan postrouting rule chain */ |
118 | 0 0 MASQUERADE all -- any any anywhere anywhere /* !fw3 */ |
120 | Chain zone_wan_prerouting (0 references) |
121 | pkts bytes target prot opt in out source destination |
122 | 6 786 prerouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan prerouting rule chain */ |
2021/09/22追記: 8日間稼働した後の状態
1 | root@nanopi:~# iptables -t nat -L -v |
2 | Chain PREROUTING (policy ACCEPT 1434K packets, 285M bytes) |
3 | pkts bytes target prot opt in out source destination |
4 | 95575 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 MARK set 0x11 |
5 | 95574 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 1 MARK set 0x12 |
6 | 95574 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 2 MARK set 0x13 |
7 | 95574 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 3 MARK set 0x14 |
8 | 95574 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 4 MARK set 0x15 |
9 | 95574 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 5 MARK set 0x16 |
10 | 95574 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 6 MARK set 0x17 |
11 | 95573 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 7 MARK set 0x18 |
12 | 95573 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 8 MARK set 0x19 |
13 | 95573 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 9 MARK set 0x1a |
14 | 95573 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 10 MARK set 0x1b |
15 | 95573 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 11 MARK set 0x1c |
16 | 95573 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 12 MARK set 0x1d |
17 | 95573 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 13 MARK set 0x1e |
18 | 95573 19M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 14 MARK set 0x1f |
20 | Chain INPUT (policy ACCEPT 231K packets, 17M bytes) |
21 | pkts bytes target prot opt in out source destination |
23 | Chain OUTPUT (policy ACCEPT 1399 packets, 222K bytes) |
24 | pkts bytes target prot opt in out source destination |
25 | 94 15373 MARK all -- any any anywhere anywhere statistic mode nth every 15 MARK set 0x11 |
26 | 94 16668 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 1 MARK set 0x12 |
27 | 94 13812 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 2 MARK set 0x13 |
28 | 94 14151 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 3 MARK set 0x14 |
29 | 93 14819 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 4 MARK set 0x15 |
30 | 93 13431 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 5 MARK set 0x16 |
31 | 93 15387 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 6 MARK set 0x17 |
32 | 93 14528 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 7 MARK set 0x18 |
33 | 93 15124 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 8 MARK set 0x19 |
34 | 93 16367 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 9 MARK set 0x1a |
35 | 93 14850 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 10 MARK set 0x1b |
36 | 93 14763 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 11 MARK set 0x1c |
37 | 93 14121 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 12 MARK set 0x1d |
38 | 93 13029 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 13 MARK set 0x1e |
39 | 93 15394 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 14 MARK set 0x1f |
41 | Chain POSTROUTING (policy ACCEPT 1289 packets, 186K bytes) |
42 | pkts bytes target prot opt in out source destination |
43 | 772 64680 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x11 to:xxx.xxx.xxx.xxx:5856-5871 |
44 | 14703 948K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x11 to:xxx.xxx.xxx.xxx:5856-5871 |
45 | 3753 257K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x11 to:xxx.xxx.xxx.xxx:5856-5871 |
46 | 837 70140 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x12 to:xxx.xxx.xxx.xxx:9952-9967 |
47 | 14623 945K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x12 to:xxx.xxx.xxx.xxx:9952-9967 |
48 | 3628 254K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x12 to:xxx.xxx.xxx.xxx:9952-9967 |
49 | 806 67536 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x13 to:xxx.xxx.xxx.xxx:14048-14063 |
50 | 14690 930K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x13 to:xxx.xxx.xxx.xxx:14048-14063 |
51 | 3705 257K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x13 to:xxx.xxx.xxx.xxx:14048-14063 |
52 | 853 71540 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x14 to:xxx.xxx.xxx.xxx:18144-18159 |
53 | 14620 936K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x14 to:xxx.xxx.xxx.xxx:18144-18159 |
54 | 3696 255K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x14 to:xxx.xxx.xxx.xxx:18144-18159 |
55 | 802 67088 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x15 to:xxx.xxx.xxx.xxx:22240-22255 |
56 | 14833 942K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x15 to:xxx.xxx.xxx.xxx:22240-22255 |
57 | 3723 256K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x15 to:xxx.xxx.xxx.xxx:22240-22255 |
58 | 834 69944 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x16 to:xxx.xxx.xxx.xxx:26336-26351 |
59 | 14759 930K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x16 to:xxx.xxx.xxx.xxx:26336-26351 |
60 | 3689 258K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x16 to:xxx.xxx.xxx.xxx:26336-26351 |
61 | 804 67480 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x17 to:xxx.xxx.xxx.xxx:30432-30447 |
62 | 14874 946K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x17 to:xxx.xxx.xxx.xxx:30432-30447 |
63 | 3746 261K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x17 to:xxx.xxx.xxx.xxx:30432-30447 |
64 | 868 72800 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x18 to:xxx.xxx.xxx.xxx:34528-34543 |
65 | 14703 937K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x18 to:xxx.xxx.xxx.xxx:34528-34543 |
66 | 3698 254K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x18 to:xxx.xxx.xxx.xxx:34528-34543 |
67 | 843 70644 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x19 to:xxx.xxx.xxx.xxx:38624-38639 |
68 | 14651 931K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x19 to:xxx.xxx.xxx.xxx:38624-38639 |
69 | 3720 256K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x19 to:xxx.xxx.xxx.xxx:38624-38639 |
70 | 768 64288 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1a to:xxx.xxx.xxx.xxx:42720-42735 |
71 | 14731 942K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1a to:xxx.xxx.xxx.xxx:42720-42735 |
72 | 3689 251K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1a to:xxx.xxx.xxx.xxx:42720-42735 |
73 | 839 70084 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1b to:xxx.xxx.xxx.xxx:46816-46831 |
74 | 14826 944K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1b to:xxx.xxx.xxx.xxx:46816-46831 |
75 | 3729 257K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1b to:xxx.xxx.xxx.xxx:46816-46831 |
76 | 841 70420 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1c to:xxx.xxx.xxx.xxx:50912-50927 |
77 | 14751 939K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1c to:xxx.xxx.xxx.xxx:50912-50927 |
78 | 3697 252K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1c to:xxx.xxx.xxx.xxx:50912-50927 |
79 | 783 65492 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1d to:xxx.xxx.xxx.xxx:55008-55023 |
80 | 14802 937K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1d to:xxx.xxx.xxx.xxx:55008-55023 |
81 | 3679 255K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1d to:xxx.xxx.xxx.xxx:55008-55023 |
82 | 850 71288 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1e to:xxx.xxx.xxx.xxx:59104-59119 |
83 | 14824 942K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1e to:xxx.xxx.xxx.xxx:59104-59119 |
84 | 3622 246K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1e to:xxx.xxx.xxx.xxx:59104-59119 |
85 | 870 72968 SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1f to:xxx.xxx.xxx.xxx:63200-63215 |
86 | 14802 941K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1f to:xxx.xxx.xxx.xxx:63200-63215 |
87 | 3684 258K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1f to:xxx.xxx.xxx.xxx:63200-63215 |
89 | Chain postrouting_lan_rule (1 references) |
90 | pkts bytes target prot opt in out source destination |
92 | Chain postrouting_rule (0 references) |
93 | pkts bytes target prot opt in out source destination |
95 | Chain postrouting_wan_rule (1 references) |
96 | pkts bytes target prot opt in out source destination |
98 | Chain prerouting_lan_rule (1 references) |
99 | pkts bytes target prot opt in out source destination |
101 | Chain prerouting_rule (0 references) |
102 | pkts bytes target prot opt in out source destination |
104 | Chain prerouting_wan_rule (1 references) |
105 | pkts bytes target prot opt in out source destination |
107 | Chain zone_lan_postrouting (0 references) |
108 | pkts bytes target prot opt in out source destination |
109 | 0 0 postrouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan postrouting rule chain */ |
111 | Chain zone_lan_prerouting (0 references) |
112 | pkts bytes target prot opt in out source destination |
113 | 389 44358 prerouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan prerouting rule chain */ |
115 | Chain zone_wan_postrouting (0 references) |
116 | pkts bytes target prot opt in out source destination |
117 | 0 0 postrouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan postrouting rule chain */ |
118 | 0 0 MASQUERADE all -- any any anywhere anywhere /* !fw3 */ |
120 | Chain zone_wan_prerouting (0 references) |
121 | pkts bytes target prot opt in out source destination |
122 | 6 786 prerouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan prerouting rule chain */ |
2022/04/14追記
32日起動していた場合の出力なんだけど、以前と違って「conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat」の数が増えてないのはなんなのだ???
2 | 09:48:41 up 32 days, 12:38, load average: 0.00, 0.01, 0.00 |
3 | root@nanopi:~# iptables -t nat -L -v |
4 | Chain PREROUTING (policy ACCEPT 6326K packets, 1296M bytes) |
5 | pkts bytes target prot opt in out source destination |
6 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 MARK set 0x11 |
7 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 1 MARK set 0x12 |
8 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 2 MARK set 0x13 |
9 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 3 MARK set 0x14 |
10 | 422K 87M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 4 MARK set 0x15 |
11 | 422K 87M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 5 MARK set 0x16 |
12 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 6 MARK set 0x17 |
13 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 7 MARK set 0x18 |
14 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 8 MARK set 0x19 |
15 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 9 MARK set 0x1a |
16 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 10 MARK set 0x1b |
17 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 11 MARK set 0x1c |
18 | 422K 87M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 12 MARK set 0x1d |
19 | 422K 87M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 13 MARK set 0x1e |
20 | 422K 86M MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 14 MARK set 0x1f |
21 | 6326K 1296M prerouting_rule all -- any any anywhere anywhere /* !fw3: Custom prerouting rule chain */ |
22 | 6321K 1295M zone_lan_prerouting all -- br-lan any anywhere anywhere /* !fw3 */ |
23 | 0 0 zone_wan_prerouting all -- eth0 any anywhere anywhere /* !fw3 */ |
24 | 4905 558K zone_wan_prerouting all -- map-wan_map any anywhere anywhere /* !fw3 */ |
26 | Chain INPUT (policy ACCEPT 1037K packets, 79M bytes) |
27 | pkts bytes target prot opt in out source destination |
29 | Chain OUTPUT (policy ACCEPT 9463 packets, 1532K bytes) |
30 | pkts bytes target prot opt in out source destination |
31 | 632 101K MARK all -- any any anywhere anywhere statistic mode nth every 15 MARK set 0x11 |
32 | 631 103K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 1 MARK set 0x12 |
33 | 631 100K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 2 MARK set 0x13 |
34 | 631 99184 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 3 MARK set 0x14 |
35 | 631 101K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 4 MARK set 0x15 |
36 | 631 103K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 5 MARK set 0x16 |
37 | 631 105K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 6 MARK set 0x17 |
38 | 631 102K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 7 MARK set 0x18 |
39 | 631 102K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 8 MARK set 0x19 |
40 | 631 97260 MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 9 MARK set 0x1a |
41 | 631 104K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 10 MARK set 0x1b |
42 | 631 102K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 11 MARK set 0x1c |
43 | 631 105K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 12 MARK set 0x1d |
44 | 630 100K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 13 MARK set 0x1e |
45 | 630 104K MARK all -- any any anywhere anywhere statistic mode nth every 15 packet 14 MARK set 0x1f |
47 | Chain POSTROUTING (policy ACCEPT 7238 packets, 1363K bytes) |
48 | pkts bytes target prot opt in out source destination |
49 | 2962 257K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x11 to:xxx.xx.xxx.xx:5856-5871 |
50 | 62597 4208K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x11 to:xxx.xx.xxx.xx:5856-5871 |
51 | 14955 4828K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x11 to:xxx.xx.xxx.xx:5856-5871 |
52 | 2998 256K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x12 to:xxx.xx.xxx.xx:9952-9967 |
53 | 62399 4173K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x12 to:xxx.xx.xxx.xx:9952-9967 |
54 | 14973 4852K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x12 to:xxx.xx.xxx.xx:9952-9967 |
55 | 2972 263K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x13 to:xxx.xx.xxx.xx:14048-14063 |
56 | 62056 4109K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x13 to:xxx.xx.xxx.xx:14048-14063 |
57 | 14958 4830K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x13 to:xxx.xx.xxx.xx:14048-14063 |
58 | 3020 270K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x14 to:xxx.xx.xxx.xx:18144-18159 |
59 | 62491 4170K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x14 to:xxx.xx.xxx.xx:18144-18159 |
60 | 15125 4922K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x14 to:xxx.xx.xxx.xx:18144-18159 |
61 | 2948 255K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x15 to:xxx.xx.xxx.xx:22240-22255 |
62 | 62215 4170K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x15 to:xxx.xx.xxx.xx:22240-22255 |
63 | 15160 4931K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x15 to:xxx.xx.xxx.xx:22240-22255 |
64 | 2985 259K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x16 to:xxx.xx.xxx.xx:26336-26351 |
65 | 62214 4147K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x16 to:xxx.xx.xxx.xx:26336-26351 |
66 | 15056 4989K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x16 to:xxx.xx.xxx.xx:26336-26351 |
67 | 3116 271K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x17 to:xxx.xx.xxx.xx:30432-30447 |
68 | 62050 4150K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x17 to:xxx.xx.xxx.xx:30432-30447 |
69 | 15061 4789K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x17 to:xxx.xx.xxx.xx:30432-30447 |
70 | 2973 256K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x18 to:xxx.xx.xxx.xx:34528-34543 |
71 | 62684 4173K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x18 to:xxx.xx.xxx.xx:34528-34543 |
72 | 15055 4832K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x18 to:xxx.xx.xxx.xx:34528-34543 |
73 | 3046 272K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x19 to:xxx.xx.xxx.xx:38624-38639 |
74 | 62090 4162K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x19 to:xxx.xx.xxx.xx:38624-38639 |
75 | 14894 4747K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x19 to:xxx.xx.xxx.xx:38624-38639 |
76 | 3045 263K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1a to:xxx.xx.xxx.xx:42720-42735 |
77 | 62550 4157K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1a to:xxx.xx.xxx.xx:42720-42735 |
78 | 15085 4847K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1a to:xxx.xx.xxx.xx:42720-42735 |
79 | 2970 255K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1b to:xxx.xx.xxx.xx:46816-46831 |
80 | 62369 4167K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1b to:xxx.xx.xxx.xx:46816-46831 |
81 | 14965 4803K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1b to:xxx.xx.xxx.xx:46816-46831 |
82 | 2912 257K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1c to:xxx.xx.xxx.xx:50912-50927 |
83 | 62665 4189K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1c to:xxx.xx.xxx.xx:50912-50927 |
84 | 15057 4704K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1c to:xxx.xx.xxx.xx:50912-50927 |
85 | 3024 263K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1d to:xxx.xx.xxx.xx:55008-55023 |
86 | 62282 4191K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1d to:xxx.xx.xxx.xx:55008-55023 |
87 | 15039 4877K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1d to:xxx.xx.xxx.xx:55008-55023 |
88 | 3022 262K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1e to:xxx.xx.xxx.xx:59104-59119 |
89 | 62369 4163K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1e to:xxx.xx.xxx.xx:59104-59119 |
90 | 15014 4877K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1e to:xxx.xx.xxx.xx:59104-59119 |
91 | 3001 261K SNAT icmp -- any map-wan_map anywhere anywhere mark match 0x1f to:xxx.xx.xxx.xx:63200-63215 |
92 | 62511 4145K SNAT tcp -- any map-wan_map anywhere anywhere mark match 0x1f to:xxx.xx.xxx.xx:63200-63215 |
93 | 15094 4836K SNAT udp -- any map-wan_map anywhere anywhere mark match 0x1f to:xxx.xx.xxx.xx:63200-63215 |
94 | 10025 1475K postrouting_rule all -- any any anywhere anywhere /* !fw3: Custom postrouting rule chain */ |
95 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 0 */ to:xxx.xx.xxx.xx:5856-5871 |
96 | 2787 111K SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 1 */ to:xxx.xx.xxx.xx:5856-5871 |
97 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 2 */ to:xxx.xx.xxx.xx:5856-5871 |
98 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 3 */ to:xxx.xx.xxx.xx:9952-9967 |
99 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 4 */ to:xxx.xx.xxx.xx:9952-9967 |
100 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 5 */ to:xxx.xx.xxx.xx:9952-9967 |
101 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 6 */ to:xxx.xx.xxx.xx:14048-14063 |
102 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 7 */ to:xxx.xx.xxx.xx:14048-14063 |
103 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 8 */ to:xxx.xx.xxx.xx:14048-14063 |
104 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 9 */ to:xxx.xx.xxx.xx:18144-18159 |
105 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 10 */ to:xxx.xx.xxx.xx:18144-18159 |
106 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 11 */ to:xxx.xx.xxx.xx:18144-18159 |
107 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 12 */ to:xxx.xx.xxx.xx:22240-22255 |
108 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 13 */ to:xxx.xx.xxx.xx:22240-22255 |
109 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 14 */ to:xxx.xx.xxx.xx:22240-22255 |
110 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 15 */ to:xxx.xx.xxx.xx:26336-26351 |
111 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 16 */ to:xxx.xx.xxx.xx:26336-26351 |
112 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 17 */ to:xxx.xx.xxx.xx:26336-26351 |
113 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 18 */ to:xxx.xx.xxx.xx:30432-30447 |
114 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 19 */ to:xxx.xx.xxx.xx:30432-30447 |
115 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 20 */ to:xxx.xx.xxx.xx:30432-30447 |
116 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 21 */ to:xxx.xx.xxx.xx:34528-34543 |
117 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 22 */ to:xxx.xx.xxx.xx:34528-34543 |
118 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 23 */ to:xxx.xx.xxx.xx:34528-34543 |
119 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 24 */ to:xxx.xx.xxx.xx:38624-38639 |
120 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 25 */ to:xxx.xx.xxx.xx:38624-38639 |
121 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 26 */ to:xxx.xx.xxx.xx:38624-38639 |
122 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 27 */ to:xxx.xx.xxx.xx:42720-42735 |
123 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 28 */ to:xxx.xx.xxx.xx:42720-42735 |
124 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 29 */ to:xxx.xx.xxx.xx:42720-42735 |
125 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 30 */ to:xxx.xx.xxx.xx:46816-46831 |
126 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 31 */ to:xxx.xx.xxx.xx:46816-46831 |
127 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 32 */ to:xxx.xx.xxx.xx:46816-46831 |
128 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 33 */ to:xxx.xx.xxx.xx:50912-50927 |
129 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 34 */ to:xxx.xx.xxx.xx:50912-50927 |
130 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 35 */ to:xxx.xx.xxx.xx:50912-50927 |
131 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 36 */ to:xxx.xx.xxx.xx:55008-55023 |
132 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 37 */ to:xxx.xx.xxx.xx:55008-55023 |
133 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 38 */ to:xxx.xx.xxx.xx:55008-55023 |
134 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 39 */ to:xxx.xx.xxx.xx:59104-59119 |
135 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 40 */ to:xxx.xx.xxx.xx:59104-59119 |
136 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 41 */ to:xxx.xx.xxx.xx:59104-59119 |
137 | 0 0 SNAT icmp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 42 */ to:xxx.xx.xxx.xx:63200-63215 |
138 | 0 0 SNAT tcp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 43 */ to:xxx.xx.xxx.xx:63200-63215 |
139 | 0 0 SNAT udp -- any map-wan_map anywhere anywhere #conn dst/32 <= 16 /* !fw3: ubus:wan_map[map] nat 44 */ to:xxx.xx.xxx.xx:63200-63215 |
140 | 7137 1356K zone_lan_postrouting all -- any br-lan anywhere anywhere /* !fw3 */ |
141 | 0 0 zone_wan_postrouting all -- any eth0 anywhere anywhere /* !fw3 */ |
142 | 0 0 zone_wan_postrouting all -- any map-wan_map anywhere anywhere /* !fw3 */ |
144 | Chain postrouting_lan_rule (1 references) |
145 | pkts bytes target prot opt in out source destination |
147 | Chain postrouting_rule (1 references) |
148 | pkts bytes target prot opt in out source destination |
150 | Chain postrouting_wan_rule (1 references) |
151 | pkts bytes target prot opt in out source destination |
153 | Chain prerouting_lan_rule (1 references) |
154 | pkts bytes target prot opt in out source destination |
156 | Chain prerouting_rule (1 references) |
157 | pkts bytes target prot opt in out source destination |
159 | Chain prerouting_wan_rule (1 references) |
160 | pkts bytes target prot opt in out source destination |
162 | Chain zone_lan_postrouting (1 references) |
163 | pkts bytes target prot opt in out source destination |
164 | 7137 1356K postrouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan postrouting rule chain */ |
166 | Chain zone_lan_prerouting (1 references) |
167 | pkts bytes target prot opt in out source destination |
168 | 6321K 1295M prerouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan prerouting rule chain */ |
170 | Chain zone_wan_postrouting (2 references) |
171 | pkts bytes target prot opt in out source destination |
172 | 0 0 postrouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan postrouting rule chain */ |
173 | 0 0 MASQUERADE all -- any any anywhere anywhere /* !fw3 */ |
175 | Chain zone_wan_prerouting (2 references) |
176 | pkts bytes target prot opt in out source destination |
177 | 4905 558K prerouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan prerouting rule chain */ |
これはどうやら、openwrt起動後にSoftwareパッケージの個別更新を実施していたのだが、ネットワークのrestartが行われた際に、iptablesが再設定されたためだったようで、openwrt全体を再起動した正常になった。
現在行っている設定はネットワーク開始後に /etc/rc.local からiptablesの設定を追加しているので、rc.localで行うことが消えた、という感じである
“NanoPi R2S+OpenWRT 21.02.0でBIGLOBEのMAP-E接続” への1件の返信