maghuro
Very Senior Member
@RMerlin
At the moment, the firmware does not allow creating NAT/port-forwarding rules for interfaces other than the primary WAN. The GUI forces all Virtual Server / Port Forwarding rules to be applied only on the main WAN interface.
I would like to suggest adding an option in the port-forwarding editor to select the interface where the rule should apply. This would allow forwarding ports to WireGuard tunnels, secondary WANs, or custom interfaces. The same selection should also be reflected in the Port Forwarding Log view.
In my case, I needed to forward a specific port through a WireGuard interface, and the only way to achieve this was by manually adding iptables rules via SSH and placing a script in firewall-start. A simple additional drop-down field in the GUI would solve this cleanly, while the iptables backend already handles the rest.
Example of the type of rule that currently requires manual creation:
This is fully functional, but it requires scripting and maintenance. Having the interface selectable directly from the GUI would streamline the process for advanced setups while remaining optional for regular users.
Thanks in advance
At the moment, the firmware does not allow creating NAT/port-forwarding rules for interfaces other than the primary WAN. The GUI forces all Virtual Server / Port Forwarding rules to be applied only on the main WAN interface.
I would like to suggest adding an option in the port-forwarding editor to select the interface where the rule should apply. This would allow forwarding ports to WireGuard tunnels, secondary WANs, or custom interfaces. The same selection should also be reflected in the Port Forwarding Log view.
In my case, I needed to forward a specific port through a WireGuard interface, and the only way to achieve this was by manually adding iptables rules via SSH and placing a script in firewall-start. A simple additional drop-down field in the GUI would solve this cleanly, while the iptables backend already handles the rest.
Example of the type of rule that currently requires manual creation:
Bash:
iptables -t nat -A CUSTOM_PREROUTING_CHAIN -i wgc1 -p tcp --dport 12345 -j DNAT --to-destination 10.0.0.10:12345
iptables -t nat -A CUSTOM_PREROUTING_CHAIN -i wgc1 -p udp --dport 12345 -j DNAT --to-destination 10.0.0.10:12345This is fully functional, but it requires scripting and maintenance. Having the interface selectable directly from the GUI would streamline the process for advanced setups while remaining optional for regular users.
Thanks in advance
