Since then I found myself in a trouble. Some forum security features worked incorrectly, customers could not even see youtube videos in a posts but the most annoying was - all posts were coming from one IP - local IP of my router. I resolved some urgent problems but still it was not a final solution.
I tried to google solution but unfortunately I could find only similar questions. May be solution is obvious for network administrators but not for me. Finally I found solution that works for me. In fact it is quite simple.
After ports forwarding setup using OpenWrt web form you may find these settings in your /etc/config/firewall file:
Code: Select all
config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option masq '1' <---- remove option network 'lan' config zone option name 'wan' option input 'REJECT' option output 'ACCEPT' option masq '1' option mtu_fix '1' option forward 'ACCEPT' <--- change to REJECT option network 'wan' ... config redirect option name 'http' option src 'wan' option proto 'tcpudp' option src_dport '80' option dest_ip '192.168.1.2' option dest_port '80' option target 'DNAT' option dest 'lan' config redirect option name 'https' option src 'wan' option proto 'tcpudp' option src_dport '443' option dest_ip '192.168.1.2' option dest_port '443' option target 'DNAT' option dest 'lan' ...
Now the web server receives original IPs and all forum's features work exactly as they worked when web server was connected directly to Internet with static IP.
Just interesting... is there any downside of this solutions?