Port forwarding not working when connected to wireguard VPN


I have an openwrt snaphot installation on a raspberry pi 4B. WAN connectivity has been provisioned through a usb ethernet adapter. I have set up port forwarding for ports 80 and 443 such that requests for my website are forwarded to a web server on my LAN. Finally, I have a wireguard server that allows me to connect to my network remotely.

All works fine except for a singular issue I have not been able to solve so far. When connected to my wireguard VPN, I am greeted with a RFC1918 restriction if I try to access my web domain. If I set the option rfc1918_filter to '0' in /etc/config/uhttpd, the RFC1918 forbidden message goes away but then I am directed to the Luci login console when trying to access my web domain. As explained, this only happens when the client device is connected to my wireguard VPN.

So in a nutshell, port forwarding for ports 80 and 443 do not work for clients connected to the wireguard VPN. Without wireguard, the domain is accessible normally from the open internet and also from other computers on my LAN.

Please can someone help me solve this issue? Most of my configuration is run-off-the-mill but I am happy to provide detailed configuration if need be. At this stage I am wondering if this is a well-known problem with an equally well-known fix.


Dipak Jha

Attach the WG interface to the LAN zone, and DNAT reflection should probably work.

Or simply rebind the domain to its private IP on the local DNS and specify that DNS in the WG client connection settings.

1 Like

Thanks a ton @vgaetera. I deleted my existing wg firewall zone, attached the LAN zone to the wg interface and rebooted my router to pleasantly discover all works fine, and as expected. You've made my day since, honestly, I had been struggling with the problem for days.


Dipak Jha

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.