New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FS#3490 - Please include Full Cone NAT package #8358
Comments
fullcone: Full Cone NAT package |
As no one wants to maintain an OOT module in the main OpenWrt tree, there are two possible solution to this:
|
a bit more info here... #9248 (comment) |
Some new codes: |
RFC 3489 was obsoleted by 5389 and later 8489. While the "cone" shapes terminology may be obsolete, the issue is still valid. Please see RFC 4787 "Network Address Translation (NAT) Behavioral Requirements for Unicast UDP" with updates (RFC 6888, RFC 7857), it is Best Current Practice (BCP 127) - it would be a good idea to review the Linux NAT implementation (which predates the RFCs by many years) for compliance. It's not a small task though. |
Let me emphasise this again:
Also, we are less adequate at properly reviewing these modules comparing to the netfilter maintainers at linux upstream. OpenWrt firewall relies on infrastructures provided by the Linux Netfilter project. If it's implemented in mainline Linux, OpenWrt will automatically get this function supported. I hope I've explained clearly that here is not the right place for this discussion, and OpenWrt maintainers are not the proper people to review these kernel modules. (See also: #9248 (comment)) Please redirect your discussion and/or code to the upstrem Linux Netfilter project instead. I'm closing this issue as won't fix. |
Understood. Could you point me in the right direction, as the upstream Linux Netfilter project seems to be mature, not very actively maintained, but perhaps I'm looking in the wrong places? |
For patch submission you could follow the Linux kernel contribution guide here: https://www.kernel.org/doc/html/latest/process/submitting-patches.html |
fullcone:
The default OpenWrt netfilter implements “Port Restricted Cone” NAT. Sometimes it’s useful to have less restricted NAT.
Someone recently created a netfilter extension that implements “Full Cone” NAT. Please include it in the package feeds.
Full Cone NAT description:
https://tools.ietf.org/html/rfc3489#section-5
Netfilter extension:
https://github.com/Chion82/netfilter-full-cone-nat
OpenWrt package:
https://github.com/LGA1150/openwrt-fullconenat
https://github.com/LGA1150/fullconenat-fw3-patch
The text was updated successfully, but these errors were encountered: