How to limit port forward to only one WAN interface?

mincrmatt12 · May 19, 2019, 11:28pm

Hello,

I'm considering switching to OpenWrt, and have been testing possible configurations in a VM. I have two public dynamic IPs, and I want to port forward from them to devices on my network. More specifically, I have two WAN interfaces, and I want to have mappings sort of like the following:

wan1 port 80 -> lan 192.168.1.90 port 8080
wan2 port 80 -> lan 192.168.1.91 port 8001

From what I've read and observed, I could do this with two firewall zones, but that would appear to break the overarching wan zone, and cause all of the other firewall rules that involve it (like allowing pings) to break. Is there a way to set this up how I want it without breaking that zone?

vgaetera · May 20, 2019, 5:17am

You can modify default rules to use * as source zone for both wan1 and wan2 zones.

mincrmatt12 · May 21, 2019, 5:37pm

Would something like wan* also work, or is this relying on me not having any other zones than wan1, wan2 and lan? Just curious, I don't plan to ever add more zones.

vgaetera · May 21, 2019, 6:01pm

It is not hard to test, but I doubt it can work this way.

Then probably the simplest solution cold be the most effective one in your case.

mincrmatt12 · May 21, 2019, 9:38pm

Alright, as I said, I was just curious. Thanks for the help!