I have a port forwarding rule which I'd like to have trigger if the request arrives at either my DMZ or WAN interface. I would like to simply create two port forwards, one setting src_dip to the router's DMZ IP address, and the other setting src_dip to the router's WAN IP address. But since the router's WAN IP address is (re)assigned periodically by my ISP, I can't simply hardcode it in my firewall config. Is there a well-known workaround for this?
An alternative would be to create just a single port forward rule, and leave src_dip empty. But the port in question is 443. Creating such a "wildcard" rule causes all outbound requests for 443 anywhere on the web to be redirected through my rule.
My rule looks like this. Outbbound https breaks if the last line (src_dip) is removed.
config redirect
option target 'DNAT'
option src 'dmz'
option dest 'lan'
option proto 'tcp'
option src_dport '443'
option dest_ip '192.168.111.11' # internal lan address
option dest_port '20543'
option src_dip '192.168.110.1' # router's DMZ address.