Redirect dest option

My router has two internal zone, one is lan(, another is guest( I created a redirect rule to let me access the internal webserver from outside, but when I set the rule I was confused with the dest option.

Here is the rule:

config redirect             
        option target 'DNAT'                
        option name 'web'        
        option src 'wan'                        
        option proto 'tcp udp'         
        option src_dport '51980'      
        option dest_ip ''
        option dest_port '80'                                 
        option dest 'guestzone'

I can always access my webserver no matter what the dest option is, so I am not sure about the meaning of the dest option, is it useless when setting DNAT? And how can I limit the dest zone in this situation?

1 Like

The dest zone option is not directly used in the DNAT rule.
However it is important that there is a rule in the destination zone to allow forwarding of the packets with a DNAT state.

1 Like

Yes, dest is irrelevant for DNAT, I updated the wiki.

It is limited by dest_ip.

Yes, but the rule is in the source zone to allow ingress redirected traffic and it is created automatically:

  • As long as there's at least one DNAT redirect configured for the source zone.
  • When custom_chains=1 which is the default.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.