Hello,
Hardware Tp-link archer C7 v4, DynDNS no-ip, DMZ in Livebox4 to OpenWrt, WireGuard server.
I followed the instructions in the link
Router vs switch vs gateway and NAT See also: OpenWrt as client device, OpenWrt as router device The following is meant as roundup: * such that you can decide if you want to configure your device as either switch, as router or as gateway * ...
Device as router as "exposed host" in the ISP router, to set port forwarding in my OpenWrt router
config redirect
option target 'DNAT'
option name 'allow-wireguard-lan'
list proto 'udp'
option src 'wan'
option src_dport '51820'
option dest 'lan wg_lan'
option dest_ip '192.168.1.1'
option dest_port '51820'
However, doesn't it duplicate the rule created by OpenWrt
config rule 'wg'
option name 'Allow-WireGuard-lan'
option src 'wan'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
Thanks for the lighting
egc
August 25, 2023, 12:40pm
2
If you have put this router in the DMZ you are exposed to the internet so just keep the router default gateway with NAT and firewall
The following should do, no need to have a DNAT rule (this seems a persistent misunderstanding not sure where it comes from)
Furthermore put the WG interface in the LAN zone and you should be good
1 Like
[quote="egc, post:2, topic:169665"]
Many thanks for your quick response.
The configuration of the WG interface in the LAN area is default.
Have a nice day
1 Like
system
September 4, 2023, 7:55pm
4
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
