I have a configuration on my OpenWrt Backfire 10.03 with different VLANs, k2 belonging to fwz2 is one of them. In this testing environment the WAN is DHCP with IP:192.168.1.1:
config 'interface' 'wan'
option 'ifname' 'eth0.1'
option 'proto' 'dhcp'
option 'defaultroute' '0'
option 'peerdns' '0'
config 'interface' 'k2'
option 'proto' 'static'
option 'ifname' 'eth0.3'
option 'netmask' '255.255.255.0'
option 'defaultroute' '0'
option 'peerdns' '0'
option 'ipaddr' '192.168.172.1'
config 'zone'
option 'name' 'wan'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'masq' '1'
If have the the VLAN configured in the Firewall settings like
config 'forwarding' #FWD-RULE#
option 'src' 'fwz2'
option 'dest' 'wan'
the NAT is working fine, however I want to only allow selected ports (e.g. ICMP):
config 'rule' #ICMP-RULE#
option 'target' 'ACCEPT'
option '_name' 'fwz2-ICMP'
option 'src' 'fwz2'
option 'dest' 'wan'
option 'proto' 'icmp'
I have in mind on a similar setup where I removed #FWD-RULE# and added #ICMP-RULE# and it works, but if I do this here, the NAT is not working anymore and gives me packets on the WAN interface like IP 192.168.172.100 > 213.165.64.75: ICMP echo request, if NAT would work, the src.addr 192.168.172.100 should be the translated to the WAN address.
