Don't save Inter-Zone Forwarding

onire77 · 2018-04-09T02:37:55.518Z

Hi,
when i reboot, the option “Allow forward to destination zones” appare unchecked.
What should I do?
Thank you

alzhao · 2018-04-09T02:40:22.218Z

Can you give more details?

onire77 · 2018-04-10T09:04:17.543Z

Anyone have this problem?

glitch · 2018-04-11T08:15:17.769Z

What is the problem, exactly?
You put a screenshot up but nobody knows where it came from (what menu in Luci)?

Try a fresh flash without reserving settings and try again.

onire77 · 2018-04-11T14:46:16.333Z

The menu is Network->Firewall->“Edit VPN_client”.

I check the option “Allow forward to destination zones”, but when i reboot the router, the option return unchecked.

I need this option to reach the peripherals of my network from the outside.

alzhao · 2018-04-12T04:45:26.534Z

You need to clieck “Save & Apply” after changing

onire77 · 2018-04-12T08:56:35.204Z

I know, but don’t save

alzhao · 2018-04-13T09:07:18.827Z

Got a reply from the author that it works now.

onire77 · 2018-04-14T10:47:43.429Z

I’m sorry alzhao, but it doesn’t work.
When I push the button “Save & Apply” in /etc/config/firewall I find these lines of text

config forwarding
	option dest 'lan'
	option src 'VPN_client'

config forwarding
	option dest 'VPN_client'
	option src 'lan'

but when I reboot, I find this lines

config forwarding 'forwarding_vpn1'
option dest 'VPN_client'
option src 'lan'

Why?

alzhao · 2018-04-15T07:05:52.126Z

You enabled openvpn and choose force. You cannot change this role because the init script tries to reset it. Pls uncheck the force option in openvpn settings.

onire77 · 2018-04-16T16:37:45.905Z

Hi alzhao,
if you mean the button in the picture, it is always disable

alzhao · 2018-04-17T10:11:47.030Z

maybe you can check /usr/bin/setvpnfirewall and add your config in the script. I think the script changed the firewall rule.

onire77 · 2018-04-17T15:24:54.692Z

This is my setvpnfirewall, what should I change?

#!/bin/sh

delete_all_forwarding() {
	i=5
	while [ "$i" -ge 0 ]; do
		uci delete firewall.@forwarding[$i] 2>/dev/null
		i=$(( i-1 ))
	done
	uci commit firewall

}

set_vpn_config() {
	uci set firewall.vpn_zone=zone
	uci set firewall.vpn_zone.name='VPN_client'
	uci set firewall.vpn_zone.input='ACCEPT' 
	uci set firewall.vpn_zone.forward='REJECT'
	uci set firewall.vpn_zone.output='ACCEPT'  
	uci set firewall.vpn_zone.network='VPN_client'
	uci set firewall.vpn_zone.masq='1'             
	uci set firewall.forwarding_vpn1='forwarding' 
	uci set firewall.forwarding_vpn1.dest='VPN_client'
	uci set firewall.forwarding_vpn1.src='lan'         
#	uci set firewall.forwarding_vpn2='forwarding' 
#	uci set firewall.forwarding_vpn2.src='VPN_client'
#	uci set firewall.forwarding_vpn2.dest='lan'
}

if [ "$1" = "--force" ]; then
	delete_all_forwarding
	set_vpn_config
	
elif [ "$1" = "--noforce" ]; then
	delete_all_forwarding
	uci set firewall.forwarding_origin='forwarding'
	uci set firewall.forwarding_origin.src='lan'
	uci set firewall.forwarding_origin.dest='wan'
	uci commit firewall
	set_vpn_config	
elif [ "$1" = "--disable" ]; then
	uci delete firewall.vpn_zone
	delete_all_forwarding
	uci set firewall.forwarding_origin='forwarding'
	uci set firewall.forwarding_origin.src='lan'
	uci set firewall.forwarding_origin.dest='wan'	
else
	echo "Please add options: --force|noforce|disable"
fi

uci commit firewall
/etc/init.d/firewall reload

alzhao · 2018-04-20T10:40:50.699Z

onire77:

forwarding_vpn1

I think you want to remove lines with vpn1, right? Just comment them

kyson-lok · 2018-04-20T14:23:02.477Z

alzhao:

/usr/bin/setvpnfirewall

@onire77 You should uncomment the three line which is commented on /etc/config/setvpnfirewall.

# uci set firewall.forwarding_vpn2='forwarding'
# uci set firewall.forwarding_vpn2.src='VPN_client'
# uci set firewall.forwarding_vpn2.dest='lan'

onire77 · 2018-04-25T09:31:18.344Z

Perfect! Now works. But why were the lines commented?

alzhao · 2018-04-26T08:33:17.396Z

because it changes your firewall.