Hello. I am having trouble getting a locally hosted server accesible from the internet. I have configured a VLAN following the guide Guide to set up DMZ via LUCI & https://blog.christophersmart.com/2015/01/17/creating-a-dmz-in-openwrt/ (former based on latter). I have static IP from my ISP and they also support rDNS, which is configured. The issue is both my static IP & domain point the LuCI log in screen.
The FW rules suggest (to me) that these requests should be going to the DMZ server:
config zone
option name 'dmz'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'DMZ'
option family 'ipv4'
option log '1'
config forwarding
option src 'dmz'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'dmz'
config redirect
option dest 'dmz'
option target 'DNAT'
option name 'dmz-http'
option family 'ipv4'
list proto 'tcp'
option src 'wan'
option src_dport '80'
option dest_ip '10.100.100.212'
option dest_port '80'
config redirect
option dest 'dmz'
option target 'DNAT'
option name 'dmz-https'
option family 'ipv4'
list proto 'tcp'
option src 'wan'
option src_dport '443'
option dest_ip '10.100.100.212'
option dest_port '443'
config rule
option src 'dmz'
option name 'dhcp-dns'
list proto 'udp'
option src_port '53'
option target 'ACCEPT'
list dest_ip '10.100.100.1'
Can anyone point to where the mistake is? Your assistance is much appreciated.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
Hi there. I'm not sure what has changed but I see it is working now & both IP & domain access the server if I access them from an external IP, e;g phone as a mobile hot-spot. From the LAN both addresses point to the router. I assume I'm missing Rule somewhere?
Regarding the formatting I could not find a 'format' to display the config text in a meaningful way, so I left it as I copy/pasted it. Could you suggest what format should be used in any future posts for this kind of text? Thanks
Hi there. I have found a solution to accessing the domain from withing the LAN. Thanks to another DMZ VLAN guide looked at. Per the guide: "Open Network | DHCP and DNS page, and switch to the Hostnames tab.
For each of the fully qualified domain names (FQDNs) of the services you host on the DMZ, you need to add the FQDN and the IP address of your DMZ host.
Scroll to the bottom and click Add. Enter the FQDN and select the DMZ host on the menu. Click Save."
