Jump to content
Not connected, Your IP: 18.116.19.29
jävlar

[Freetz] Why doesn't iptables allow postrouting?

Recommended Posts

So I've been following this guide: https://airvpn.org/topic/10077-using-airvpn-with-fritzbox-routers/ to get an openvpn client running on my router, since I want my chromecast to use airvpn and there is no other option.

 

The problem is this part: 

 

2. Go to Editor in the sidebar. Check Add and pick from the drop-down menus:
Chain: POSTROUTING
Input-Interface: tun0
NAT: Normal

 

I don't have postrouting in "chain". All I got is input, forward and output. How can I fix this?

 

Share this post


Link to post
Guest

I've got the exact same problem. The iptable_nat module doesn't make it to the final image.

Share this post


Link to post

Could you check the option to Replace kernel image and try again? For this you might need to change to expert mode.

I know I have changed many of these options, even deleted many modules one would expect in the official firmware, and somehow it worked. Unfortunately, when I made the guide I didn't track my progress so this kind of information is lost. :/
It's my last week of work now, after this I'd have more than three months of spare time to rewrite this guide to an extremely good condition, and do some more things for the AirVPN community - full time.

 

One of the most interesting hints, though unconfirmed right now, is that the official kernel does not include some mandatory NAT modules, I remember...


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

One of the most interesting hints, though unconfirmed right now, is that the official kernel does not include some mandatory NAT modules, I remember...

 

I spent last night on research and experiments. Really enlightened me. I can finally confirm it's kernel related.

An iptables module called conntrack has been removed from menuconfig and partially hidden from kernel-menuconfig for all Freetz'd firmwares based on Fritz!OS 5.x and up. conntrack is for connection tracking - a module which keeps record of all packets coming through your machine. "Unfortunately", AVM implemented similar functionality with v5 - and their implementation is closed source, so one cannot just modify the module to create a workaround. Using conntrack on a router with OS v5 and newer will likely cause your router to reboot itself often - you wouldn't want that.

 

"This isn't your average darkness, this is... advanced darkness." ~SpongeBob SquarePants

 

It's partially hidden, what does that mean? You can't select it normally. To include them into the firmware update image you will have to add it manually into some config files. After that they will show up in kernel-menuconfig and finally in menuconfig.

 

The guide you linked to has been tested with a 7141, firmware 40.04.76 (= Fritz!OS v4.x). That's why it worked, it suddenly makes sense. Didn't even pay attention to that. I really have to start reading docs and manuals...


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...