Hi,

this here ist my generell setup. At least what i am aiming for:
ISP-Router <-> OpenWRT Router
OpenWRTRouter:
Zones/Ports: LAN, IOT, GAST(guest), DMZ, MULLVAD_VPN
LAN, IOT and GAST should surf the internet via the VPN and the DMZ should be access the Intenet via the "normal" ISP-way.
Sadly i cant post a picture here..
but i post the link here. Maybe one of the mods could please get the picture in here? htt ps:// s26. postimg .org/ghp a3xp7t/ genere llsetup.png


My problem is, that when i'm activating the openvpn, everything what is going to the internet is routed via the vpn.
But like i mentioned, i want everything except the DMZ routed via the VPN. The DMZ should be reached via the normal intenet too and not via the VPN, because i cant do portforwaring via the VPN.

I hope u guys understand my broken english smile


Here are the firewall settings:

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'

config include
    option path '/etc/firewall.user'

config zone
    option input 'ACCEPT'
    option forward 'ACCEPT'
    option output 'ACCEPT'
    option name 'WAN'
    option network 'wan'

config zone
    option input 'ACCEPT'
    option forward 'ACCEPT'
    option output 'ACCEPT'
    option name 'LAN'
    option network 'LAN'

config zone
    option input 'ACCEPT'
    option forward 'ACCEPT'
    option output 'ACCEPT'
    option name 'IOT'
    option network 'IoT'

config zone
    option output 'ACCEPT'
    option name 'DMZ'
    option network 'DMZ'
    option input 'ACCEPT'
    option forward 'ACCEPT'
    option log '1'

config zone
    option output 'ACCEPT'
    option name 'GAST'
    option network 'GAST'
    option input 'REJECT'
    option forward 'REJECT'

config rule
    option target 'ACCEPT'
    option name 'GAST DNS'
    option src 'GAST'
    option dest_port '53'

config rule
    option target 'ACCEPT'
    option name 'GAST DHCP'
    option src 'GAST'
    option dest_port '67-68'

config redirect
    option target 'DNAT'
    option src 'WAN'
    option dest 'DMZ'
    option proto 'tcp'
    option src_dport '443'
    option dest_ip '10.0.3.10'
    option dest_port '443'
    option name 'HTTPS'

config redirect
    option target 'DNAT'
    option src 'WAN'
    option dest 'DMZ'
    option proto 'tcp'
    option src_dport '80'
    option dest_ip '10.0.3.10'
    option dest_port '80'
    option name 'HTTP'

config redirect
    option target 'DNAT'
    option src 'WAN'
    option dest 'DMZ'
    option proto 'tcp'
    option src_dport '21'
    option dest_ip '10.0.3.10'
    option dest_port '21'
    option name 'Forward'

config redirect
    option target 'DNAT'
    option src 'WAN'
    option dest 'DMZ'
    option proto 'tcp'
    option src_dport '22'
    option dest_ip '10.0.3.10'
    option dest_port '22'
    option name 'SSH'

config redirect
    option target 'DNAT'
    option src 'WAN'
    option dest 'DMZ'
    option proto 'tcp udp'
    option src_dport '8888'
    option dest_ip '10.0.3.10'
    option dest_port '8888'
    option name 'Forward8888'

config redirect
    option target 'DNAT'
    option src 'WAN'
    option dest 'DMZ'
    option proto 'tcp udp'
    option src_dport '8082'
    option dest_ip '10.0.3.10'
    option dest_port '8082'
    option name 'Forward8082'

config redirect
    option target 'DNAT'
    option src 'WAN'
    option dest 'LAN'
    option proto 'tcp udp'
    option src_dport '1194'
    option dest_ip '10.0.0.3'
    option dest_port '1194'
    option name 'Forward1194'

config zone
    option name 'VPN_FW'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option network 'MULLVAD_VPN'

config redirect
    option enabled '1'

config redirect
    option enabled '1'

config forwarding
    option dest 'GAST'
    option src 'WAN'

config forwarding
    option dest 'VPN_FW'
    option src 'LAN'

config forwarding
    option dest 'WAN'
    option src 'LAN'

config forwarding
    option dest 'LAN'
    option src 'VPN_FW'

config forwarding
    option dest 'LAN'
    option src 'WAN'

config forwarding
    option dest 'LAN'
    option src 'IOT'

config forwarding
    option dest 'VPN_FW'
    option src 'IOT'

config forwarding
    option dest 'WAN'
    option src 'IOT'

config forwarding
    option dest 'IOT'
    option src 'LAN'

config forwarding
    option dest 'IOT'
    option src 'VPN_FW'

config forwarding
    option dest 'IOT'
    option src 'WAN'

config forwarding
    option dest 'IOT'
    option src 'DMZ'

config forwarding
    option dest 'LAN'
    option src 'DMZ'

config forwarding
    option dest 'VPN_FW'
    option src 'DMZ'

config forwarding
    option dest 'WAN'
    option src 'DMZ'

config forwarding
    option dest 'DMZ'
    option src 'IOT'

config forwarding
    option dest 'DMZ'
    option src 'LAN'

config forwarding
    option dest 'DMZ'
    option src 'VPN_FW'

config forwarding
    option dest 'DMZ'
    option src 'WAN'

(Last edited by sensation90 on 7 Sep 2017, 13:37)