Connection between two subnets over openwrt-firewall

I have two networks:

  • Private (lan)
  • Public:

The "Public"-Network is new. I want to restrict the networktraffic there. Access to the internet is not possible without using the squid (forwardproxy) in my private Network.

I have setup a squid on on Port 3128.
My nextcloud-Server in is configured to use the Proxy on

In squid i made a new acl with src but the acl was not working. I thought theres a bug in squid so i setup other version but same effect. After debugging it with tcpdump i found out that squid is seeing this client ( as my router (
How i can change my network-settings that the real client ip asks squid and not my openwrt router?

I think the problem is "option masq '1'" in lan-zone or?

This is my firewall setting:

config zone 'lan'
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        list network 'lan'

config zone
        option name 'public'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'public'

config rule
        option name 'Erlaube Public Zugriff auf Forwardproxy'
        list proto 'tcp'
        option src 'public'
        option dest 'lan'
        option dest_port '3128'
        option target 'ACCEPT'
        option family 'ipv4'
        list dest_ip ''

Yes, this should be the cause.

I really dont know why there was a tick in the checkbox for NATing......
Month ago i setup my openwrt with a template. Maybe there was a tick on this box.
Spend two days of debugging this, just for a tick.

However thank you.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.