Routing and firewall rules

Lauryx · Dec 7, 2024, 2:50 PM

Hello.

I have the network as in bellow image
The outcome is to be able to access the NVR using nvr.domain.com and the NAS using nas.domain.com
Also to be able to access the NAS from the PC3
Can someone help me please with the necessary settings to be able to achieve the mentioned outcome.

Thank you

Gblenn · Dec 8, 2024, 2:08 PM

@Lauryx So it looks like you already have the VPN up and running, using Wireguard?
And I guess that also means that you can access any IP on either side, from any of the clients?

So what is left is to create a "Host Override" on each site, which you do under Services > DNS Resolver (or Forwarder). At the bottom section you can add your host override as nvr and domain.com and the IP is 192.168.0.199

You will have to set up something similar on the OpenWRT. I think it might be under DHCP and DNS and static leases.
In the end the file /etc/config/dhcp needs to contain this:
config domain
option name 'nas'
option domain 'domain. com'
option ip '192.168.1.200'

Lauryx · Dec 10, 2024, 8:22 AM

@Gblenn
Thank you very much for your reply.

The first problem is that even if yes, the Wiregurad VPN works great, i am not able to connect to NAS form PC3 and NVR from PC1.

I do not understand what rules i need do add to the firewall to allow traffic pass

Thank you

Gblenn · Dec 10, 2024, 12:04 PM

@Lauryx Ok, so perhaps it's the Static route that you are missing then. If you go into System / Routing and static routes you need to add a route to 192.186.0.0/24 using the Wireguard Gateway.

Again, how you do this on the OpenWRT side is something I don't know...