Website Host Inside VLAN; Access FQDN from another VLAN Rejected request from RFC1918 IP to public server address

Installing and Using OpenWrt
1

Issue: When I attempt to access www.example.com( 192.168.21.2 hosted by WebHost VLAN ID21) from WindowsPC1 (VLANID10 192.168.10.2) I receive error "Rejected request from RFC1918 IP to public server address".

I found this: OpenWRT Post #1
& Post #2

But to say I don't really understand how to accomplish either would be an understatement.

I've only been using the GUI so the conf files they are referring to I have been looking to for equivalents to in the GUI. I suppose I would need to SSH into the router to access them.

I know I can access the host at least using its private address, I can access the website host if i use another device on a different network. Very similar case to the other posts.

But you gotta be patient with me as this is the most in depth setup i've ever tackled, very new to this besides knowing how to flash a different OS to a router.

To my understanding, I need to setup a redirect or a rule, not sure of what kind though, that when a device from within the network attempts to connect to the FQDN it redirects it to the private address. But Im just about ready to bang my head on the wall.

But hopefully that's enough of that heres some diagrams

network
network1061×1320 113 KB

Things I've read:

I just haven't seem to have grasped it yet from what I've found.

thanks.

2

Welcome to the community. See this post with an example redirect rule to change the IP.

If you have difficulties adapting them to your interface names, just ask us.

3

Thank you,

I tried what you recommended:

config redirect
	option target 'DNAT'
	option src 'wan'
	option proto 'tcp'
	option src_dport '80'
	option dest_port '80'
	option src_ip '192.168.1.0/26' #<---SRC network
	option name 'REDIRECT_HTTP_LAN'
	option dest_ip '192.168.21.2"
	option dest 'lan' #<---place packet in same network SRC packet

config redirect
	option target 'DNAT'
	option src 'wan'
	option proto 'tcp'
	option src_dport '80'
	option dest_port '80'
	option src_ip '192.168.10.0/26' #<---SRC network
	option name 'REDIRECT_HTTP_LAN'
	option dest_ip '192.168.21.2"
	option dest 'Internet' #<---place packet in same network SRC packet

config redirect
	option target 'DNAT'
	option src 'wan'
	option proto 'tcp'
	option src_dport '443'
	option dest_port '443'
	option src_ip '192.168.1.0/26' #<---SRC network
	option name 'REDIRECT_HTTP_LAN'
	option dest_ip '192.168.21.2"
	option dest 'lan' #<---place packet in same network SRC packet

config redirect
	option target 'DNAT'
	option src 'wan'
	option proto 'tcp'
	option src_dport '443'
	option dest_port '443'
	option src_ip '192.168.10.0/26' #<---SRC network
	option name 'REDIRECT_HTTP_LAN'
	option dest_ip '192.168.21.2"
	option dest 'Internet' #<---place packet in same network SRC packet

But then after a reboot I no longer was receiving an ip from any vlan id and would time out if I set a static address and attempted to access luci. I reset the router to get back in.

My next question would be which file would this go in?

I was able to ssh in and look at it and I just appended that to the end of the file /etc/config/firewall