Gargoyle Forum

Port forwarding does not work when the wan (10.0.0.0) subnet is restricted from lan (192.168.1.1).

lan to wan firewall

config 'restriction_rule' 'rule_2'
option 'is_ingress' '0'
option 'description' '10-0'
option 'remote_addr' '10.0.0.2-10.0.0.254'
option 'proto' 'both'
option 'enabled' '1'

port forward

config 'redirect' 'redirect_enabled_number_0'
option 'name' '21-80'
option 'src' 'wan'
option 'dest' 'lan'
option 'proto' 'tcp'
option 'src_dport' '8121'
option 'dest_ip' '192.168.1.21'
option 'dest_port' '80'

If I disable 'restriction_rule' 'rule_2 port forwarding then works.

I have the same configuration on a WR741 and port forwarding works ok with firewall on.

I have tried versions 13.13 an upwards and the problem exists.

Cheers

I don't think this is a bug. You have specifically prevented communication between hosts in your LAN subnet and in the WAN subnet.

If a host in the WAN subnet has it's traffic forwarded to a host in the LAN subnet, your restriction rule will prevent any traffic from the LAN going back to the WAN (and the rule won't work). This is what the rule is supposed to do.

Thanks for the explanation.
As the above configuration was (and is) working on a TL-WR741, so I assumed that it's a bug with he 1043.


Can you help me set up something similar to protect my private lan?
The situation is:
My private lan is 10.0.0.0 with a gateway of 10.0.0.1
The routers output is setup to 192.. subnet
I want to restrict access to my private lan, from the 192.. subnet, but I want to be able to check my bridged p2p link (192.168.1.X) and AP remotely from my private network (10.. subnet)

Thanks in advance