What's new

Access webserver on lan synology from guest network on AX88u router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

grottoguy

Occasional Visitor
Hello.
See attached for a basic diagram, and also most of the setup of my issue.

I have two homes where I'm implementing roughly the same network, and then a peer to peer wireguard between them.
In one I have 192.168.1.x and in the other, 192.168.2.x.
I have a synology NAS with a reverse proxy behind my AX88u routers in both locations.
In both locations, I have a guest wifi network as well as the 'regular' wifi, and the guest network is set to 'no intranet'.
However, I would like to be able to open a website on the NAS ONLY to my guest network (i.e., not to the outside world).
Using my 192.168.2.0 network as an example,
my addresses are / would be:
public static address X.Y.Z.50
DNS fqdn foobar.com that points to that same public address
192.168.2.1 router
192.168.2.10 NAS (where reverse proxy runs, and webservers)

From a PC on the 192.168.2.0 subnet, I can do a ping and connect to the foobar.com. The traceroute shows it go immediately to it, no other hops.

From a Phone on the guest network, if I try to ping or traceroute or http access the same foobar.com, I get nothing, no route, no ping response.
I assume this is somehow related to the core mechanism of the guest network with 'intranet disabled'.
The guest network is assigning addresses in the 192.168.101.x space.
I see that by connecting my cellphone, for instance, to the guest wifi, and then looking at its ipconfig using pingtools.
My phone shows
dhcp server 192.168.101.1
domain [as expected, the name from DNS]
gateway: 192.168.101.1
DNS 192.168.101.1
Network address 192.168.101.0/24
Broadcast 192.168.101.255

I suspect if I enabled 'LAN access' for the guest network, it would probably find its way.

But I don't want to do that, so I am wondering how to allow the guest network devices (or even just one) to find their way to the 192.168.2.x network, or even more specifically, just to that 192.168.2.10 reverse proxy...
-could I perhaps create a static route from a specific client on the 192.168.101.0 guest network, back to the Synology device IP?
-is there some other better option?

I think a vlan capable router would work, and I think the vlan support is actually there, but not exposed in the GUI, and I frankly don't want to delve into the command line stuff anymore...

Thanks for any thoughts, hope this laid it out properly, happy to answer any questions.
 

Attachments

  • network.PNG
    network.PNG
    94.5 KB · Views: 13
Here's a simpler thought then- while I want to use my guest network for guests, I also want to let them access a single locally hosted webserver on my internal network, ideally through my synology reverse proxy.
I'm about there now in the sense that all the reverse proxy stuff is good to go, but only from the non guest network. If I try to traceroute from the guest network to my public IP via its DNS name, it goes nowhere, even though it sees my router's public address when it does the DNS lookup... So the guest network is I guess not allowed to go 'out and back' through the front door as I'd like?
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top