Tested on flint is not working. After toggle on the vpn client then no internet access on my phone. Once toggle off the vpn client then my phone can access the vpn server.
I will have a check. Thanks for reporting.
1 Like
Hi, is your VPN dashboard global option like the following?
VPN Client:
VPN Server:
Tested Slate AX is working. Only flint not working so far.
WireGuard VPN Cascading did not work when I was testing Brume 2 because of a conflict on Port 51820. I changed the WireGuard server on the router to use Port 51821 and then it worked. Maybe that is the same issue on Flint.
I do not work for and I do not have formal association with GL.iNet
2 Likes
Tested changed port instead 51820, same cannot access vpn server. Once off the vpn client then able to access the vpn server on my phone.
The vpn cascading function is not working on flint.
Did you make changes in the VPN dashboard to global rules and proxy rules.
and you are using the cascading document for set up.
Yes, i did but unfortunately
Sometimes, i have thought why it is so difficult to use the features on the product
1 Like
na the product is good , its changed the way I interact with VPN’s I don’t have to think about it anymore, just a shame i’m currently throttled from 750 MB’s down to 340MB’s down (over 5G WIFI)
:)
they will fix it, and ill be happy wen they do!
I cant go to firmware 3.xx as I was kickd off the wifi all day everyday and i can’t risk that again, stil not found all my marbles from last time 
Hi, could you print the following command output;
iptables-save
ip route show table 51
cat /etc/version.date
Can confirm cascading VPN not working on my flint as well, flint is client to my own openwrt wg server
So when I use my phone and wg client to my flint, I can’t connect to the my openwrt
Hi I tested the senario and it works. is it able to ping openwrt wg server on flint?
could you show command output for analysis
Still DMZ Enabled = 
Port Forwarding rules ignored
slate ax (WG> flint (WG> openwrt router
console in slate ax:
root@GL-AXT1800:~# iptables-save
Generated by iptables-save v1.8.7 on Fri Dec 23 18:32:14 2022
*nat
:PREROUTING ACCEPT [607:121219]
:INPUT ACCEPT [171:12163]
:OUTPUT ACCEPT [377:28634]
:POSTROUTING ACCEPT [143:10071]
:postrouting_guest_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:postrouting_wgclient_rule - [0:0]
:prerouting_guest_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:prerouting_wgclient_rule - [0:0]
:zone_guest_postrouting - [0:0]
:zone_guest_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
:zone_wgclient_postrouting - [0:0]
:zone_wgclient_prerouting - [0:0]
-A PREROUTING -m comment --comment “!fw3: Custom prerouting rule chain” -j prero uting_rule
-A PREROUTING -i br-lan -m comment --comment “!fw3” -j zone_lan_prerouting
-A PREROUTING -i eth0 -m comment --comment “!fw3” -j zone_wan_prerouting
-A PREROUTING -i wwan0 -m comment --comment “!fw3” -j zone_wan_prerouting
-A PREROUTING -i br-guest -m comment --comment “!fw3” -j zone_guest_prerouting
-A PREROUTING -i wgclient -m comment --comment “!fw3” -j zone_wgclient_preroutin g
-A POSTROUTING -m comment --comment “!fw3: Custom postrouting rule chain” -j pos trouting_rule
-A POSTROUTING -o br-lan -m comment --comment “!fw3” -j zone_lan_postrouting
-A POSTROUTING -o eth0 -m comment --comment “!fw3” -j zone_wan_postrouting
-A POSTROUTING -o wwan0 -m comment --comment “!fw3” -j zone_wan_postrouting
-A POSTROUTING -o br-guest -m comment --comment “!fw3” -j zone_guest_postrouting
-A POSTROUTING -o wgclient -m comment --comment “!fw3” -j zone_wgclient_postrout ing
-A zone_guest_postrouting -m comment --comment “!fw3: Custom guest postrouting r ule chain” -j postrouting_guest_rule
-A zone_guest_prerouting -m comment --comment “!fw3: Custom guest prerouting rul e chain” -j prerouting_guest_rule
-A zone_lan_postrouting -m comment --comment “!fw3: Custom lan postrouting rule chain” -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment “!fw3: Custom lan prerouting rule ch ain” -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment “!fw3: Custom wan postrouting rule chain” -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment “!fw3” -j MASQUERADE
-A zone_wan_prerouting -m comment --comment “!fw3: Custom wan prerouting rule ch ain” -j prerouting_wan_rule
-A zone_wgclient_postrouting -m comment --comment “!fw3: Custom wgclient postrou ting rule chain” -j postrouting_wgclient_rule
-A zone_wgclient_postrouting -m comment --comment “!fw3” -j MASQUERADE
-A zone_wgclient_prerouting -m comment --comment “!fw3: Custom wgclient prerouti ng rule chain” -j prerouting_wgclient_rule
COMMITCompleted on Fri Dec 23 18:32:14 2022
Generated by iptables-save v1.8.7 on Fri Dec 23 18:32:14 2022
*raw
:PREROUTING ACCEPT [29220:24210969]
:OUTPUT ACCEPT [9256:2077641]
:zone_guest_helper - [0:0]
:zone_lan_helper - [0:0]
-A PREROUTING -i br-lan -m comment --comment “!fw3: lan CT helper assignment” -j zone_lan_helper
-A PREROUTING -i br-guest -m comment --comment "!fw3: guest CT helper assignment " -j zone_guest_helper
COMMITCompleted on Fri Dec 23 18:32:14 2022
Generated by iptables-save v1.8.7 on Fri Dec 23 18:32:14 2022
*mangle
:PREROUTING ACCEPT [29219:24210929]
:INPUT ACCEPT [12124:12001834]
:FORWARD ACCEPT [17072:12206834]
:OUTPUT ACCEPT [9257:2080601]
:POSTROUTING ACCEPT [26211:14281299]
:VPN_SER_POLICY - [0:0]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_modem_1_1 - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_policy_default_poli - [0:0]
:mwan3_policy_default_poli_v6 - [0:0]
:mwan3_rules - [0:0]
-A PREROUTING -j mwan3_hook
-A PREROUTING -j VPN_SER_POLICY
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment “! fw3: Zone wan MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment “! fw3: Zone wan MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment " !fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment " !fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o wgclient -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --commen t “!fw3: Zone wgclient MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i wgclient -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --commen t “!fw3: Zone wgclient MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j mwan3_hook
-A OUTPUT -m owner --gid-owner 65533 -m comment --comment “!fw3: process_mark” - j MARK --set-xmark 0x80000/0x80000
-A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x 3f00/0x3f00
-A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
-A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
-A mwan3_iface_in_modem_1_1 -i wwan0 -m set --match-set mwan3_connected src -m m ark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x 3f00
-A mwan3_iface_in_modem_1_1 -i wwan0 -m mark --mark 0x0/0x3f00 -m comment --comm ent modem_1_1 -j MARK --set-xmark 0x700/0x3f00
-A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_modem_1_1
-A mwan3_policy_default_poli -m mark --mark 0x0/0x3f00 -m comment --comment “mod em_1_1 3 3” -j MARK --set-xmark 0x700/0x3f00
-A mwan3_policy_default_poli_v6 -m mark --mark 0x0/0x3f00 -m comment --comment d efault -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_default_poli
COMMITCompleted on Fri Dec 23 18:32:14 2022
Generated by iptables-save v1.8.7 on Fri Dec 23 18:32:14 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_guest_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:forwarding_wgclient_rule - [0:0]
:input_guest_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:input_wgclient_rule - [0:0]
:output_guest_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:output_wgclient_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_guest_dest_ACCEPT - [0:0]
:zone_guest_dest_REJECT - [0:0]
:zone_guest_forward - [0:0]
:zone_guest_input - [0:0]
:zone_guest_output - [0:0]
:zone_guest_src_REJECT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_DROP - [0:0]
:zone_wgclient_dest_ACCEPT - [0:0]
:zone_wgclient_dest_DROP - [0:0]
:zone_wgclient_forward - [0:0]
:zone_wgclient_input - [0:0]
:zone_wgclient_output - [0:0]
:zone_wgclient_src_ACCEPT - [0:0]
-A INPUT -i lo -m comment --comment “!fw3” -j ACCEPT
-A INPUT -m comment --comment “!fw3: Custom input rule chain” -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment “!fw3” -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment “!fw 3” -j syn_flood
-A INPUT -i br-lan -m comment --comment “!fw3” -j zone_lan_input
-A INPUT -i eth0 -m comment --comment “!fw3” -j zone_wan_input
-A INPUT -i wwan0 -m comment --comment “!fw3” -j zone_wan_input
-A INPUT -i br-guest -m comment --comment “!fw3” -j zone_guest_input
-A INPUT -i wgclient -m comment --comment “!fw3” -j zone_wgclient_input
-A FORWARD -m set --match-set GL_MAC_BLOCK src -j DROP
-A FORWARD -m comment --comment “!fw3: Custom forwarding rule chain” -j forwardi ng_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3 " -j ACCEPT
-A FORWARD -i br-lan -m comment --comment “!fw3” -j zone_lan_forward
-A FORWARD -i eth0 -m comment --comment “!fw3” -j zone_wan_forward
-A FORWARD -i wwan0 -m comment --comment “!fw3” -j zone_wan_forward
-A FORWARD -i br-guest -m comment --comment “!fw3” -j zone_guest_forward
-A FORWARD -i wgclient -m comment --comment “!fw3” -j zone_wgclient_forward
-A FORWARD -m comment --comment “!fw3” -j reject
-A OUTPUT -o lo -m comment --comment “!fw3” -j ACCEPT
-A OUTPUT -m comment --comment “!fw3: Custom output rule chain” -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment “!fw3” -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment “!fw3” -j zone_lan_output
-A OUTPUT -o eth0 -m comment --comment “!fw3” -j zone_wan_output
-A OUTPUT -o wwan0 -m comment --comment “!fw3” -j zone_wan_output
-A OUTPUT -o br-guest -m comment --comment “!fw3” -j zone_guest_output
-A OUTPUT -o wgclient -m comment --comment “!fw3” -j zone_wgclient_output
-A reject -p tcp -m comment --comment “!fw3” -j REJECT --reject-with tcp-reset
-A reject -m comment --comment “!fw3” -j REJECT --reject-with icmp-port-unreacha ble
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/s ec --limit-burst 50 -m comment --comment “!fw3” -j RETURN
-A syn_flood -m comment --comment “!fw3” -j DROP
-A zone_guest_dest_ACCEPT -o br-guest -m comment --comment “!fw3” -j ACCEPT
-A zone_guest_dest_REJECT -o br-guest -m comment --comment “!fw3” -j reject
-A zone_guest_forward -m comment --comment “!fw3: Custom guest forwarding rule c hain” -j forwarding_guest_rule
-A zone_guest_forward -m comment --comment “!fw3: Zone guest to wan forwarding p olicy” -j zone_wan_dest_ACCEPT
-A zone_guest_forward -m comment --comment “!fw3: Zone guest to wgclient forward ing policy” -j zone_wgclient_dest_ACCEPT
-A zone_guest_forward -m conntrack --ctstate DNAT -m comment --comment “!fw3: Ac cept port forwards” -j ACCEPT
-A zone_guest_forward -m comment --comment “!fw3” -j zone_guest_dest_REJECT
-A zone_guest_input -m comment --comment “!fw3: Custom guest input rule chain” - j input_guest_rule
-A zone_guest_input -p udp -m udp --dport 67:68 -m comment --comment “!fw3: Allo w-DHCP” -j ACCEPT
-A zone_guest_input -p tcp -m tcp --dport 53 -m comment --comment “!fw3: Allow-D NS” -j ACCEPT
-A zone_guest_input -p udp -m udp --dport 53 -m comment --comment “!fw3: Allow-D NS” -j ACCEPT
-A zone_guest_input -m conntrack --ctstate DNAT -m comment --comment “!fw3: Acce pt port redirections” -j ACCEPT
-A zone_guest_input -m comment --comment “!fw3” -j zone_guest_src_REJECT
-A zone_guest_output -m comment --comment “!fw3: Custom guest output rule chain” -j output_guest_rule
-A zone_guest_output -m comment --comment “!fw3” -j zone_guest_dest_ACCEPT
-A zone_guest_src_REJECT -i br-guest -m comment --comment “!fw3” -j reject
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment “!fw3” -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain " -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment “!fw3: Zone lan to wan forwarding polic y” -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment “!fw3: Zone lan to wgclient forwarding policy” -j zone_wgclient_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment “!fw3: Acce pt port forwards” -j ACCEPT
-A zone_lan_forward -m comment --comment “!fw3” -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment “!fw3: Custom lan input rule chain” -j in put_lan_rule
-A zone_lan_input -p tcp -m tcp --dport 137 -m comment --comment “!fw3: @rule[12 ]” -j ACCEPT
-A zone_lan_input -p tcp -m tcp --dport 138 -m comment --comment “!fw3: @rule[12 ]” -j ACCEPT
-A zone_lan_input -p tcp -m tcp --dport 139 -m comment --comment “!fw3: @rule[12 ]” -j ACCEPT
-A zone_lan_input -p tcp -m tcp --dport 445 -m comment --comment “!fw3: @rule[12 ]” -j ACCEPT
-A zone_lan_input -p udp -m udp --dport 137 -m comment --comment “!fw3: @rule[12 ]” -j ACCEPT
-A zone_lan_input -p udp -m udp --dport 138 -m comment --comment “!fw3: @rule[12 ]” -j ACCEPT
-A zone_lan_input -p udp -m udp --dport 139 -m comment --comment “!fw3: @rule[12 ]” -j ACCEPT
-A zone_lan_input -p udp -m udp --dport 445 -m comment --comment “!fw3: @rule[12 ]” -j ACCEPT
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port redirections” -j ACCEPT
-A zone_lan_input -m comment --comment “!fw3” -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment “!fw3: Custom lan output rule chain” -j output_lan_rule
-A zone_lan_output -m comment --comment “!fw3” -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment “!fw3” -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0 -m conntrack --ctstate INVALID -m comment --comm ent “!fw3: Prevent NAT leakage” -j DROP
-A zone_wan_dest_ACCEPT -o eth0 -m comment --comment “!fw3” -j ACCEPT
-A zone_wan_dest_ACCEPT -o wwan0 -m conntrack --ctstate INVALID -m comment --com ment “!fw3: Prevent NAT leakage” -j DROP
-A zone_wan_dest_ACCEPT -o wwan0 -m comment --comment “!fw3” -j ACCEPT
-A zone_wan_dest_REJECT -o eth0 -m comment --comment “!fw3” -j reject
-A zone_wan_dest_REJECT -o wwan0 -m comment --comment “!fw3” -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain " -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment “!fw3: Allow-IPSec-ESP” -j zone_ lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment “!fw3: Allow- ISAKMP” -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment “!fw3: Acce pt port forwards” -j ACCEPT
-A zone_wan_forward -m comment --comment “!fw3” -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment “!fw3: Custom wan input rule chain” -j in put_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment “!fw3: Allow-DHC P-Renew” -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment “!fw3: Allo w-Ping” -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment “!fw3: Allow-IGMP” -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 137 -m comment --comment “!fw3: @rule[11 ]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 138 -m comment --comment “!fw3: @rule[11 ]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 139 -m comment --comment “!fw3: @rule[11 ]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 445 -m comment --comment “!fw3: @rule[11 ]” -j DROP
-A zone_wan_input -p udp -m udp --dport 137 -m comment --comment “!fw3: @rule[11 ]” -j DROP
-A zone_wan_input -p udp -m udp --dport 138 -m comment --comment “!fw3: @rule[11 ]” -j DROP
-A zone_wan_input -p udp -m udp --dport 139 -m comment --comment “!fw3: @rule[11 ]” -j DROP
-A zone_wan_input -p udp -m udp --dport 445 -m comment --comment “!fw3: @rule[11 ]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 6000:6005 -m comment --comment “!fw3: @r ule[13]” -j DROP
-A zone_wan_input -p udp -m udp --dport 6000:6005 -m comment --comment “!fw3: @r ule[13]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 80 -m comment --comment "!fw3: glservice " -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 80 -m comment --comment "!fw3: glservice " -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 443 -m comment --comment “!fw3: glservic e_https” -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 443 -m comment --comment “!fw3: glservic e_https” -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 22 -m comment --comment “!fw3: glssh” -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 22 -m comment --comment “!fw3: glssh” -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 6008 -m comment --comment “!fw3: @rule[1 8]” -j DROP
-A zone_wan_input -p udp -m udp --dport 6008 -m comment --comment “!fw3: @rule[1 8]” -j DROP
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port redirections” -j ACCEPT
-A zone_wan_input -m comment --comment “!fw3” -j zone_wan_src_DROP
-A zone_wan_output -m comment --comment “!fw3: Custom wan output rule chain” -j output_wan_rule
-A zone_wan_output -m comment --comment “!fw3” -j zone_wan_dest_ACCEPT
-A zone_wan_src_DROP -i eth0 -m comment --comment “!fw3” -j DROP
-A zone_wan_src_DROP -i wwan0 -m comment --comment “!fw3” -j DROP
-A zone_wgclient_dest_ACCEPT -o wgclient -m conntrack --ctstate INVALID -m comme nt --comment “!fw3: Prevent NAT leakage” -j DROP
-A zone_wgclient_dest_ACCEPT -o wgclient -m comment --comment “!fw3” -j ACCEPT
-A zone_wgclient_dest_DROP -o wgclient -m comment --comment “!fw3” -j DROP
-A zone_wgclient_forward -m comment --comment “!fw3: Custom wgclient forwarding rule chain” -j forwarding_wgclient_rule
-A zone_wgclient_forward -m comment --comment “!fw3: Zone wgclient to wan forwar ding policy” -j zone_wan_dest_ACCEPT
-A zone_wgclient_forward -m comment --comment “!fw3: Zone wgclient to lan forwar ding policy” -j zone_lan_dest_ACCEPT
-A zone_wgclient_forward -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port forwards” -j ACCEPT
-A zone_wgclient_forward -m comment --comment “!fw3” -j zone_wgclient_dest_DROP
-A zone_wgclient_input -m comment --comment “!fw3: Custom wgclient input rule ch ain” -j input_wgclient_rule
-A zone_wgclient_input -m conntrack --ctstate DNAT -m comment --comment “!fw3: A ccept port redirections” -j ACCEPT
-A zone_wgclient_input -m comment --comment “!fw3” -j zone_wgclient_src_ACCEPT
-A zone_wgclient_output -m comment --comment “!fw3: Custom wgclient output rule chain” -j output_wgclient_rule
-A zone_wgclient_output -m comment --comment “!fw3” -j zone_wgclient_dest_ACCEPT
-A zone_wgclient_src_ACCEPT -i wgclient -m conntrack --ctstate NEW,UNTRACKED -m comment --comment “!fw3” -j ACCEPT
COMMITCompleted on Fri Dec 23 18:32:14 2022
root@GL-AXT1800:~# ip route show table 51
default via 10.147.79.220 dev wwan0 proto static src 10.147.79.219 metric 40
10.147.79.216/29 dev wwan0 proto static scope link metric 40
58.71.192.142 via 10.147.79.220 dev wwan0 proto static metric 40
60.50.142.77 via 10.147.79.220 dev wwan0 proto static metric 40
local 127.0.0.1 dev lo scope host src 127.0.0.1
192.168.8.1 dev wgclient scope link
192.168.28.0/24 dev br-lan proto kernel scope link src 192.168.28.1
root@GL-AXT1800:~# cat /etc/version.date
slate ax (WG> beryl ax (WG> openwrt router
in slate ax console :
root@GL-AXT1800:~# iptables-save
Generated by iptables-save v1.8.7 on Fri Dec 23 18:39:07 2022
*nat
:PREROUTING ACCEPT [573:56343]
:INPUT ACCEPT [221:14980]
:OUTPUT ACCEPT [247:19246]
:POSTROUTING ACCEPT [144:10095]
:postrouting_guest_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:postrouting_wgclient_rule - [0:0]
:prerouting_guest_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:prerouting_wgclient_rule - [0:0]
:zone_guest_postrouting - [0:0]
:zone_guest_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
:zone_wgclient_postrouting - [0:0]
:zone_wgclient_prerouting - [0:0]
-A PREROUTING -m comment --comment “!fw3: Custom prerouting rule chain” -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment “!fw3” -j zone_lan_prerouting
-A PREROUTING -i eth0 -m comment --comment “!fw3” -j zone_wan_prerouting
-A PREROUTING -i wwan0 -m comment --comment “!fw3” -j zone_wan_prerouting
-A PREROUTING -i br-guest -m comment --comment “!fw3” -j zone_guest_prerouting
-A PREROUTING -i wgclient -m comment --comment “!fw3” -j zone_wgclient_prerouting
-A POSTROUTING -m comment --comment “!fw3: Custom postrouting rule chain” -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment “!fw3” -j zone_lan_postrouting
-A POSTROUTING -o eth0 -m comment --comment “!fw3” -j zone_wan_postrouting
-A POSTROUTING -o wwan0 -m comment --comment “!fw3” -j zone_wan_postrouting
-A POSTROUTING -o br-guest -m comment --comment “!fw3” -j zone_guest_postrouting
-A POSTROUTING -o wgclient -m comment --comment “!fw3” -j zone_wgclient_postrouting
-A zone_guest_postrouting -m comment --comment “!fw3: Custom guest postrouting rule chain” -j postrouting_guest_rule
-A zone_guest_prerouting -m comment --comment “!fw3: Custom guest prerouting rule chain” -j prerouting_guest_rule
-A zone_lan_postrouting -m comment --comment “!fw3: Custom lan postrouting rule chain” -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment “!fw3: Custom lan prerouting rule chain” -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment “!fw3: Custom wan postrouting rule chain” -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment “!fw3” -j MASQUERADE
-A zone_wan_prerouting -m comment --comment “!fw3: Custom wan prerouting rule chain” -j prerouting_wan_rule
-A zone_wgclient_postrouting -m comment --comment “!fw3: Custom wgclient postrouting rule chain” -j postrouting_wgclient_rule
-A zone_wgclient_postrouting -m comment --comment “!fw3” -j MASQUERADE
-A zone_wgclient_prerouting -m comment --comment “!fw3: Custom wgclient prerouting rule chain” -j prerouting_wgclient_rule
COMMITCompleted on Fri Dec 23 18:39:07 2022
Generated by iptables-save v1.8.7 on Fri Dec 23 18:39:07 2022
*raw
:PREROUTING ACCEPT [12434:6449452]
:OUTPUT ACCEPT [4741:1078971]
:zone_guest_helper - [0:0]
:zone_lan_helper - [0:0]
-A PREROUTING -i br-lan -m comment --comment “!fw3: lan CT helper assignment” -j zone_lan_helper
-A PREROUTING -i br-guest -m comment --comment “!fw3: guest CT helper assignment” -j zone_guest_helper
COMMITCompleted on Fri Dec 23 18:39:07 2022
Generated by iptables-save v1.8.7 on Fri Dec 23 18:39:07 2022
*mangle
:PREROUTING ACCEPT [12433:6449368]
:INPUT ACCEPT [5354:3158437]
:FORWARD ACCEPT [7019:3287879]
:OUTPUT ACCEPT [4741:1078971]
:POSTROUTING ACCEPT [11720:4365008]
:VPN_SER_POLICY - [0:0]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_modem_1_1 - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_policy_default_poli - [0:0]
:mwan3_policy_default_poli_v6 - [0:0]
:mwan3_rules - [0:0]
-A PREROUTING -j mwan3_hook
-A PREROUTING -j VPN_SER_POLICY
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment “!fw3: Zone wan MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment “!fw3: Zone wan MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment “!fw3: Zone wan MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment “!fw3: Zone wan MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o wgclient -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment “!fw3: Zone wgclient MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i wgclient -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment “!fw3: Zone wgclient MTU fixing” -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j mwan3_hook
-A OUTPUT -m owner --gid-owner 65533 -m comment --comment “!fw3: process_mark” -j MARK --set-xmark 0x80000/0x80000
-A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
-A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
-A mwan3_iface_in_modem_1_1 -i wwan0 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_modem_1_1 -i wwan0 -m mark --mark 0x0/0x3f00 -m comment --comment modem_1_1 -j MARK --set-xmark 0x700/0x3f00
-A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_modem_1_1
-A mwan3_policy_default_poli -m mark --mark 0x0/0x3f00 -m comment --comment “modem_1_1 3 3” -j MARK --set-xmark 0x700/0x3f00
-A mwan3_policy_default_poli_v6 -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_default_poli
COMMITCompleted on Fri Dec 23 18:39:07 2022
Generated by iptables-save v1.8.7 on Fri Dec 23 18:39:07 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_guest_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:forwarding_wgclient_rule - [0:0]
:input_guest_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:input_wgclient_rule - [0:0]
:output_guest_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:output_wgclient_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_guest_dest_ACCEPT - [0:0]
:zone_guest_dest_REJECT - [0:0]
:zone_guest_forward - [0:0]
:zone_guest_input - [0:0]
:zone_guest_output - [0:0]
:zone_guest_src_REJECT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_DROP - [0:0]
:zone_wgclient_dest_ACCEPT - [0:0]
:zone_wgclient_dest_DROP - [0:0]
:zone_wgclient_forward - [0:0]
:zone_wgclient_input - [0:0]
:zone_wgclient_output - [0:0]
:zone_wgclient_src_ACCEPT - [0:0]
-A INPUT -i lo -m comment --comment “!fw3” -j ACCEPT
-A INPUT -m comment --comment “!fw3: Custom input rule chain” -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment “!fw3” -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment “!fw3” -j syn_flood
-A INPUT -i br-lan -m comment --comment “!fw3” -j zone_lan_input
-A INPUT -i eth0 -m comment --comment “!fw3” -j zone_wan_input
-A INPUT -i wwan0 -m comment --comment “!fw3” -j zone_wan_input
-A INPUT -i br-guest -m comment --comment “!fw3” -j zone_guest_input
-A INPUT -i wgclient -m comment --comment “!fw3” -j zone_wgclient_input
-A FORWARD -m set --match-set GL_MAC_BLOCK src -j DROP
-A FORWARD -m comment --comment “!fw3: Custom forwarding rule chain” -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment “!fw3” -j ACCEPT
-A FORWARD -i br-lan -m comment --comment “!fw3” -j zone_lan_forward
-A FORWARD -i eth0 -m comment --comment “!fw3” -j zone_wan_forward
-A FORWARD -i wwan0 -m comment --comment “!fw3” -j zone_wan_forward
-A FORWARD -i br-guest -m comment --comment “!fw3” -j zone_guest_forward
-A FORWARD -i wgclient -m comment --comment “!fw3” -j zone_wgclient_forward
-A FORWARD -m comment --comment “!fw3” -j reject
-A OUTPUT -o lo -m comment --comment “!fw3” -j ACCEPT
-A OUTPUT -m comment --comment “!fw3: Custom output rule chain” -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment “!fw3” -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment “!fw3” -j zone_lan_output
-A OUTPUT -o eth0 -m comment --comment “!fw3” -j zone_wan_output
-A OUTPUT -o wwan0 -m comment --comment “!fw3” -j zone_wan_output
-A OUTPUT -o br-guest -m comment --comment “!fw3” -j zone_guest_output
-A OUTPUT -o wgclient -m comment --comment “!fw3” -j zone_wgclient_output
-A reject -p tcp -m comment --comment “!fw3” -j REJECT --reject-with tcp-reset
-A reject -m comment --comment “!fw3” -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment “!fw3” -j RETURN
-A syn_flood -m comment --comment “!fw3” -j DROP
-A zone_guest_dest_ACCEPT -o br-guest -m comment --comment “!fw3” -j ACCEPT
-A zone_guest_dest_REJECT -o br-guest -m comment --comment “!fw3” -j reject
-A zone_guest_forward -m comment --comment “!fw3: Custom guest forwarding rule chain” -j forwarding_guest_rule
-A zone_guest_forward -m comment --comment “!fw3: Zone guest to wan forwarding policy” -j zone_wan_dest_ACCEPT
-A zone_guest_forward -m comment --comment “!fw3: Zone guest to wgclient forwarding policy” -j zone_wgclient_dest_ACCEPT
-A zone_guest_forward -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port forwards” -j ACCEPT
-A zone_guest_forward -m comment --comment “!fw3” -j zone_guest_dest_REJECT
-A zone_guest_input -m comment --comment “!fw3: Custom guest input rule chain” -j input_guest_rule
-A zone_guest_input -p udp -m udp --dport 67:68 -m comment --comment “!fw3: Allow-DHCP” -j ACCEPT
-A zone_guest_input -p tcp -m tcp --dport 53 -m comment --comment “!fw3: Allow-DNS” -j ACCEPT
-A zone_guest_input -p udp -m udp --dport 53 -m comment --comment “!fw3: Allow-DNS” -j ACCEPT
-A zone_guest_input -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port redirections” -j ACCEPT
-A zone_guest_input -m comment --comment “!fw3” -j zone_guest_src_REJECT
-A zone_guest_output -m comment --comment “!fw3: Custom guest output rule chain” -j output_guest_rule
-A zone_guest_output -m comment --comment “!fw3” -j zone_guest_dest_ACCEPT
-A zone_guest_src_REJECT -i br-guest -m comment --comment “!fw3” -j reject
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment “!fw3” -j ACCEPT
-A zone_lan_forward -m comment --comment “!fw3: Custom lan forwarding rule chain” -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment “!fw3: Zone lan to wan forwarding policy” -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment “!fw3: Zone lan to wgclient forwarding policy” -j zone_wgclient_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port forwards” -j ACCEPT
-A zone_lan_forward -m comment --comment “!fw3” -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment “!fw3: Custom lan input rule chain” -j input_lan_rule
-A zone_lan_input -p tcp -m tcp --dport 137 -m comment --comment “!fw3: @rule[12]” -j ACCEPT
-A zone_lan_input -p tcp -m tcp --dport 138 -m comment --comment “!fw3: @rule[12]” -j ACCEPT
-A zone_lan_input -p tcp -m tcp --dport 139 -m comment --comment “!fw3: @rule[12]” -j ACCEPT
-A zone_lan_input -p tcp -m tcp --dport 445 -m comment --comment “!fw3: @rule[12]” -j ACCEPT
-A zone_lan_input -p udp -m udp --dport 137 -m comment --comment “!fw3: @rule[12]” -j ACCEPT
-A zone_lan_input -p udp -m udp --dport 138 -m comment --comment “!fw3: @rule[12]” -j ACCEPT
-A zone_lan_input -p udp -m udp --dport 139 -m comment --comment “!fw3: @rule[12]” -j ACCEPT
-A zone_lan_input -p udp -m udp --dport 445 -m comment --comment “!fw3: @rule[12]” -j ACCEPT
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port redirections” -j ACCEPT
-A zone_lan_input -m comment --comment “!fw3” -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment “!fw3: Custom lan output rule chain” -j output_lan_rule
-A zone_lan_output -m comment --comment “!fw3” -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment “!fw3” -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0 -m conntrack --ctstate INVALID -m comment --comment “!fw3: Prevent NAT leakage” -j DROP
-A zone_wan_dest_ACCEPT -o eth0 -m comment --comment “!fw3” -j ACCEPT
-A zone_wan_dest_ACCEPT -o wwan0 -m conntrack --ctstate INVALID -m comment --comment “!fw3: Prevent NAT leakage” -j DROP
-A zone_wan_dest_ACCEPT -o wwan0 -m comment --comment “!fw3” -j ACCEPT
-A zone_wan_dest_REJECT -o eth0 -m comment --comment “!fw3” -j reject
-A zone_wan_dest_REJECT -o wwan0 -m comment --comment “!fw3” -j reject
-A zone_wan_forward -m comment --comment “!fw3: Custom wan forwarding rule chain” -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment “!fw3: Allow-IPSec-ESP” -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment “!fw3: Allow-ISAKMP” -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port forwards” -j ACCEPT
-A zone_wan_forward -m comment --comment “!fw3” -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment “!fw3: Custom wan input rule chain” -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment “!fw3: Allow-DHCP-Renew” -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment “!fw3: Allow-Ping” -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment “!fw3: Allow-IGMP” -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 137 -m comment --comment “!fw3: @rule[11]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 138 -m comment --comment “!fw3: @rule[11]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 139 -m comment --comment “!fw3: @rule[11]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 445 -m comment --comment “!fw3: @rule[11]” -j DROP
-A zone_wan_input -p udp -m udp --dport 137 -m comment --comment “!fw3: @rule[11]” -j DROP
-A zone_wan_input -p udp -m udp --dport 138 -m comment --comment “!fw3: @rule[11]” -j DROP
-A zone_wan_input -p udp -m udp --dport 139 -m comment --comment “!fw3: @rule[11]” -j DROP
-A zone_wan_input -p udp -m udp --dport 445 -m comment --comment “!fw3: @rule[11]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 6000:6005 -m comment --comment “!fw3: @rule[13]” -j DROP
-A zone_wan_input -p udp -m udp --dport 6000:6005 -m comment --comment “!fw3: @rule[13]” -j DROP
-A zone_wan_input -p tcp -m tcp --dport 80 -m comment --comment “!fw3: glservice” -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 80 -m comment --comment “!fw3: glservice” -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 443 -m comment --comment “!fw3: glservice_https” -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 443 -m comment --comment “!fw3: glservice_https” -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 22 -m comment --comment “!fw3: glssh” -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 22 -m comment --comment “!fw3: glssh” -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 6008 -m comment --comment “!fw3: @rule[18]” -j DROP
-A zone_wan_input -p udp -m udp --dport 6008 -m comment --comment “!fw3: @rule[18]” -j DROP
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port redirections” -j ACCEPT
-A zone_wan_input -m comment --comment “!fw3” -j zone_wan_src_DROP
-A zone_wan_output -m comment --comment “!fw3: Custom wan output rule chain” -j output_wan_rule
-A zone_wan_output -m comment --comment “!fw3” -j zone_wan_dest_ACCEPT
-A zone_wan_src_DROP -i eth0 -m comment --comment “!fw3” -j DROP
-A zone_wan_src_DROP -i wwan0 -m comment --comment “!fw3” -j DROP
-A zone_wgclient_dest_ACCEPT -o wgclient -m conntrack --ctstate INVALID -m comment --comment “!fw3: Prevent NAT leakage” -j DROP
-A zone_wgclient_dest_ACCEPT -o wgclient -m comment --comment “!fw3” -j ACCEPT
-A zone_wgclient_dest_DROP -o wgclient -m comment --comment “!fw3” -j DROP
-A zone_wgclient_forward -m comment --comment “!fw3: Custom wgclient forwarding rule chain” -j forwarding_wgclient_rule
-A zone_wgclient_forward -m comment --comment “!fw3: Zone wgclient to wan forwarding policy” -j zone_wan_dest_ACCEPT
-A zone_wgclient_forward -m comment --comment “!fw3: Zone wgclient to lan forwarding policy” -j zone_lan_dest_ACCEPT
-A zone_wgclient_forward -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port forwards” -j ACCEPT
-A zone_wgclient_forward -m comment --comment “!fw3” -j zone_wgclient_dest_DROP
-A zone_wgclient_input -m comment --comment “!fw3: Custom wgclient input rule chain” -j input_wgclient_rule
-A zone_wgclient_input -m conntrack --ctstate DNAT -m comment --comment “!fw3: Accept port redirections” -j ACCEPT
-A zone_wgclient_input -m comment --comment “!fw3” -j zone_wgclient_src_ACCEPT
-A zone_wgclient_output -m comment --comment “!fw3: Custom wgclient output rule chain” -j output_wgclient_rule
-A zone_wgclient_output -m comment --comment “!fw3” -j zone_wgclient_dest_ACCEPT
-A zone_wgclient_src_ACCEPT -i wgclient -m conntrack --ctstate NEW,UNTRACKED -m comment --comment “!fw3” -j ACCEPT
COMMITCompleted on Fri Dec 23 18:39:07 2022
root@GL-AXT1800:~# ip route show table 51
default via 10.147.79.220 dev wwan0 proto static src 10.147.79.219 metric 40
10.147.79.216/29 dev wwan0 proto static scope link metric 40
58.71.192.142 via 10.147.79.220 dev wwan0 proto static metric 40
60.50.142.77 via 10.147.79.220 dev wwan0 proto static metric 40
local 127.0.0.1 dev lo scope host src 127.0.0.1
192.168.28.0/24 dev br-lan proto kernel scope link src 192.168.28.1
192.168.48.1 dev wgclient scope link
root@GL-AXT1800:~# cat /etc/version.date
I couldn’t find my own post. That’s a nasty log you postedUPGRADE you can’t migrate settings again and can’t reuse a previous config file. Need to setup everything from default.
1 Like