OpenWrt Forum Archive

Topic: How to set multiple allowed source IPs in the src_ip field?

The content of this topic has been archived on 8 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
thdyck
16 Oct 2012, 15:58

Hello,

I would like to restrict a port forward to a set of six specific IP source external IP addresses (using Attitude Adjustment 12.09beta1).

The syntax for a redirect at http://wiki.openwrt.org/doc/uci/firewall does not indicated if this is possible. LuCi does not accept a syntax of multiple space-separated IP addresses.

Does anyone know if it is possible to specify multiple allowed source IPs in the same forward definition?

e.g. somthing like

config redirect
        option src              lan
        option dest             wan
        option src_ip           10.55.34.85 11.55.34.85 12.55.34.85
        option src_dip          63.240.161.99
        option dest_port        123
        option target           SNAT

Or is the correct approach to have multiple redirect sections, identical except specifying different src_ip IPs?

Thanks,
Tim Miller Dyck

Post #2
jow
16 Oct 2012, 17:15

Multiple source IPs are currently not supported.

Post #3
thdyck
17 Oct 2012, 04:09

Thanks for your information, jow.

For others who find this later, as another way to do this, it does work to set up several redirections, each a duplicate of the others except for a different (single) source IP address. If the source IP does not match any of the specified allowed IPs, the forward will not occur.

The discussion might have continued from here.