I am using GL-MT300-V2. I am using a Mobile Data dongle for WAN connection with the 2 Ethernet ports set as LAN. WiFi disabled.
I want to limit the WAN to connect only to one domain e.g. myownserver.co.uk , all other domains to be blocked.
On one LAN port is a Windows tablet PC and I only want one application to have Internet access to FTP data to server ( or via HTTP Post to the same server).
I would welcome advice on setting up suitable Firewall rules. Currently there is a default set of rules from the GL install
Careful though, because you are trying to achieve the opposite thing than described in the guide.
You'll disable the lan->wan forwarding and the firewall rule will allow the traffic from lan to this specific domain.
Hi. I had the same problem and found this topic. This is solution I use (openwrt 23.05.0).
Install pbr app ( luci-app-pbr). It will require to uninstall dnsmasq and install dnsmasq-full first. Refresh OpenWrt Web interface.
Go to Services -> Policy Routing. Enable and start pbr if it is not running. Add new policy to required subnet and domain for wan. Save changes.
Go to Status -> Routing and find IPv4 Rules created by pbr app. Find fwmark for pbr_wan.
Go to Network -> Firewall and remove forwarding from LAN to WAN.
Go to Network -> Firewall -> Traffic Rules tab and add new rule which will accept traffic from LAN to WAN with mark from step 3. Mark should be set in the Match mark field in Advanced Settings tab. Save changes.
Maybe it will require to restart router.
It works but I am not shure if LAN hosts can set same mark to bypass the firewall on router.