I need to have the device (192.168.1.2) on the openwrt router lan port to connect to the server (10.10.10.40), but the server would only accepts the connection if it's coming from the router WAN port IP (10.10.10.20) and has VLAN 10
Here is the network diagram:
Server (10.10.10.40)
|
Internet -- Firewall (VLAN 10 / LAN 10.10.10.1 / no DHCP)
|
L Openwrt router (WAN 10.10.10.20 - LAN 192.168.1.1 - VLAN 10 - DHCP)
|
L device (192.168.1.2 - tagged VLAN 10)
This is the configuration I've done but I'm missing something I guess:
If I understand the above, it sounds like this is what you want to achieve:
Connect from 192.168.1.2 to 10.10.10.40
It sounds like these are the obstacles to achieving that:
There's a firewall in the way
The connection to the target is only permitted if it comes from 10.10.10.20, not from 192.168.1.2
The "easy" answer is to enable masquerade in the OpenWRT router. That has the effect of making all traffic appear to originate from it, not from a client behind it. That should satisfy the firewall.
However, is that firewall transparent, or routed? If it's routed, then what are the subnet masks?
If you're using /24 (255.255.255.0) you're going to have problems with a routed firewall because both sides of the firewall are in the same subnet (10.10.10.40/24, 10.10.10.1/24, and 10.10.10.20/24 are all in 10.10.10.0/24); the firewall won't know where to send traffic.
With those addresses, if your firewall is routed, you'd need smaller subnets, e.g. /27 or higher, to avoid routing issues.
I do have to tag the LAN interface as there are other VLANs on the LAN side. Not sure if I should use another tag number on the LAN side though (i.e VLAN20), but in this case I'm not sure what to do to have my VLAN20 to be passed as VLAN10 on the WAN
Don't have the same port and VLAN in more than one network.
What you need is routing from the 192.168.1.0 network to the 10.10.10.0 network. This is usually done with NAT where the OpenWrt router would masquerade your request to the server as its IP 10.10.10.20. The server answers back to the OpenWrt router then the router's connection table knows to send the reply back to 192.168.1.2.
This is the default configuration of OpenWrt to NAT and masquerade from LAN to WAN. VLANs don't enter into this other than as a physical concern to have more than one network exist on a cable.
Unless I misunderstood...make a redirect to Port Forward to that IP from LAN to LAN. This will edit the header in the packet and forward it as needed to the server.
Great info to know it's the default OpenWRT configuration so there was no need to try to change any configuration to get the request sent from the WAN IP address