I created a wireguard interface and assigned it to the 'wg' firewall zone. I have an NAS running on the 'lan' zone. I want to allow the 'wg' zone to access the nfs exports on the target box so I created this rule but that is not enough. What am I missing?
config rule
option name 'wg nfs share 2'
option src 'wg'
option dest 'lan'
list dest_ip '10.9.1.112'
option target 'ACCEPT'
option dest_port '111 2049 20048'
I am using ufw on the NAS. I created the following in /etc/ufw/applications.d/custom and allowed it. I can now connect the server from an iOS device using wireguard.
Something is still not configured correctly. I am using the vlc app on iOS. What is odd is that I see the exports in vlc, but I cannot access them.
I got to thinking that the connection through wg would not have the same IP range as the other clients on my lan interface, so I modified /etc/exports on the NAS to cover the IP range of the wg interface which is 10.200.200.0/24 basically just mirrored the entries like so:
### this is on the linux NAS, not the OW router
# cat /etc/exports
/srv/nfs 10.9.1.0/24(ro,fsid=root,no_subtree_check)
/srv/nfs/pics 10.9.1.0/24(ro,no_subtree_check,insecure)
/srv/nfs/media 10.9.1.0/24(ro,no_subtree_check,insecure)
/srv/nfs 10.200.200.0/24(ro,fsid=root,no_subtree_check)
/srv/nfs/pics 10.200.200.0/24(ro,no_subtree_check,insecure)
/srv/nfs/media 10.200.200.0/24(ro,no_subtree_check,insecure)
After restarting the nfs daemon, I can now browse into these locations on the iOS device but when I try to play one of the media files in vlc, it does not playback. The vlc screen is just blank. If I look at the output of wg on the OW router, the transfer/received amount are both incrementing higher indicating that data is flowing.
What could be preventing that app from rendering the video? If I playback the identical video without connecting over wg, it plays back fine.