17 Aug
2016
17 Aug
'16
11:12 a.m.
The latest reboot had me digging deeper to try to find
the real problem
and I have discovered that only the rule in FORWARD chain of the filter
table is firing, not the DNAT in the nat table. I suspect the firewall
is only working when some connection (outgoing ?) wakes up the
masquerade rules but haven't actually found the rule that is active.
Are you sure the OpenWRT box is actually seeing the incoming packets?
Is it directly on the internet, or is there another box before it, e.g. an ISP
provided modem/router?
Even though you might have forwarded the protocol or even set the OpenWRT
box as the "DMZ device", it may still do stateful firewalling on non-TCP/UDP
protocols. That is a known problem with NAT routers.
Try to run a trace on the OpenWRT box to verify that you can receive IPIP
traffic from sources that you have not recently contacted with outgoing
traffic.
Rob