I have a Nginx reverse proxy running on the LAN network. I have created a Guest interface and redirected DNS and DHCP traffic via traffic rule, and it works great.
I host a few public services with a Nginx Proxy Manager (NPM) instance that is hosted in a VM on LAN subnet. I want devices on the Guest network to be able to access those services also. I can reach the proxied services through their DNS FQDN from WAN and LAN, but not from devices connected to the Guest interface.
I created a traffic rule that allow port 80 443 from the guest interface to the reverse proxy VM's IP address but the proxied services can not be accessed. If I temporarily allow the NPM web interface port (81) in the firewall rule, I can access it from Guest using http://IPaddress:81.
Thanks for the reply. I can see the feature you describe is miccing from my luci version. I'm on 22.03.2 and I see there is an update for luci-app-firewall. Until I schedule a full system upgrade of OpenWrt, is it safe to update luci-app-firewall?
i can't figure out a setting. i have two zones, one is lan (10.10.10.1-255) and the other is guest (10.10.12.1-255). the server is on 10.10.10.200 running a reverse proxy for services. port 80 and 443 of the router is forwarded to that server. what setting should i set to enable access to my websites? because right now the whole world can access it but not my guest network.
What version do you have? I was on 22.03 and the Luci setting was not introduced until 23.05. If you have < 23.05 then you have to edit /etc/config/firewall as suggested above and it will work wonders.
my version is 22.03 , there is no option for reflection zones, but there is one on my dumb access point that is running 22.05 but due to a bug I can't upgrade to 22.05 for my main router.