[resolved] DMZ Port Forwarding


Hardware Tp-link archer C7 v4, DynDNS no-ip, DMZ in Livebox4 to OpenWrt, WireGuard server.
ISP Orange Router/Modem Livebox4: public IP

I followed the instructions in the link

Device as router as "exposed host" in the ISP router, to set port forwarding in my OpenWrt router

config redirect
	option target 'DNAT'
	option name 'allow-wireguard-lan'
	list proto 'udp'
	option src 'wan'
	option src_dport '51820'
	option dest 'lan wg_lan'
	option dest_ip ''
	option dest_port '51820'

However, doesn't it duplicate the rule created by OpenWrt

config rule 'wg'
	option name 'Allow-WireGuard-lan'
	option src 'wan'
	option dest_port '51820'
	option proto 'udp'
	option target 'ACCEPT'

Thanks for the lighting

If you have put this router in the DMZ you are exposed to the internet so just keep the router default gateway with NAT and firewall

The following should do, no need to have a DNAT rule (this seems a persistent misunderstanding not sure where it comes from)

Furthermore put the WG interface in the LAN zone and you should be good :slight_smile:

1 Like

[quote="egc, post:2, topic:169665"]
l'interface WG dans la zone LAN

Many thanks for your quick response.

The configuration of the WG interface in the LAN area is default.
I noticed that by removing port forwarding, the internet connection was faster.
I am reassured by your response.

Have a nice day

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.