How to limit port forward to only one WAN interface?


I'm considering switching to OpenWrt, and have been testing possible configurations in a VM. I have two public dynamic IPs, and I want to port forward from them to devices on my network. More specifically, I have two WAN interfaces, and I want to have mappings sort of like the following:

wan1 port 80 -> lan port 8080
wan2 port 80 -> lan port 8001

From what I've read and observed, I could do this with two firewall zones, but that would appear to break the overarching wan zone, and cause all of the other firewall rules that involve it (like allowing pings) to break. Is there a way to set this up how I want it without breaking that zone?

You can modify default rules to use * as source zone for both wan1 and wan2 zones.


Would something like wan* also work, or is this relying on me not having any other zones than wan1, wan2 and lan? Just curious, I don't plan to ever add more zones.

It is not hard to test, but I doubt it can work this way.

Then probably the simplest solution cold be the most effective one in your case.

Alright, as I said, I was just curious. Thanks for the help!

1 Like