Hello,
I have a working wireguard configuration with the settings:
(wireguard1 interface created with my specific keys)
ip routes add dest:0.0.0.0/0 gateway:%wireguard1
ip routes add dest:VPN Endpoint IP, gateway: ISP Gateway IP
firewall NAT add Out.interface:wireguard1 action:masquerade
DHCP client defconf > add default route NO
All traffic from wlan and ether2-5 go through the VPN tunnel to ether1 (cable to ISP) and it works fine, but I want to isolate one port (for example ether5) so that anything plugged into that port will NOT use the VPN but access the internet normally through the ISP, and I want to be able to port forward a small http server onto that computer on ether5. I can use a static IP for that computer. I understand what my current configuration does except for the masquerade, and I don't understand how I'd modify that for my needs. I know how to do the port forward starting from default settings and I know I can host the server because I have a static IP from my ISP. Is this a stupid idea or somehow a fundamentally flawed idea?
Thank you
I have a working wireguard configuration with the settings:
(wireguard1 interface created with my specific keys)
ip routes add dest:0.0.0.0/0 gateway:%wireguard1
ip routes add dest:VPN Endpoint IP, gateway: ISP Gateway IP
firewall NAT add Out.interface:wireguard1 action:masquerade
DHCP client defconf > add default route NO
All traffic from wlan and ether2-5 go through the VPN tunnel to ether1 (cable to ISP) and it works fine, but I want to isolate one port (for example ether5) so that anything plugged into that port will NOT use the VPN but access the internet normally through the ISP, and I want to be able to port forward a small http server onto that computer on ether5. I can use a static IP for that computer. I understand what my current configuration does except for the masquerade, and I don't understand how I'd modify that for my needs. I know how to do the port forward starting from default settings and I know I can host the server because I have a static IP from my ISP. Is this a stupid idea or somehow a fundamentally flawed idea?
Thank you
Statistics: Posted by sk3zy — Mon Jun 03, 2024 7:59 pm