4

I have OpenWRT router.

I have NAS in my LAN, which i need to access from WAN and from all computers in the LAN. So, it should be accessible from any computer and it needs to access some of them, too.

I read OpenWRT wiki and forums, and they recommend VLAN for network separation, but i do not need that - i want it all be on one network, so it can be visible to each other, and NAS visible from the WAN?

Any idea, how that can be done?

In case, if its important my equipment:

  • Router Model: Buffalo WZR-HP-G300NH

  • Firmware Version: OpenWrt Backfire 10.03.1 / LuCI 0.10.0 Release (0.10.0)

Slavik
  • 218
  • 1
  • 3
  • 7

2 Answers2

7

I have met similar problem and I can share solution which appears to be very simple. In OpenWRT the feature you are looking at is plain port forward.

Open you router IP, typically http://192.168.1.1

In Network menu, choose Firewall, the Port Frowards. Scroll down to "New port forward" and add:

  • Name: ALL->DMZ
  • Protocol: choose do you need both TCP=UDP or just TCP
  • External zone: wan
  • External Port: leave empty!!!
  • Internal zone: lan
  • Internal IP address: choose IP of host, in your case it's NAS
  • Internal port: leave empty!!!

Click Add, and Save & Apply.

That will work exactly the same as in other routers firmware "DMZ host", the host with ALL external traffic redirected to it by default.

To have more security I recommend you to forward only ports you need, without exposing it widely to Internet.

If you will want to add additional SINGLE Port Forwards, they will be added to the end of list. IMPORTANT: always move rule ALL->DMZ to the bottom of the list and "Save & Apply". The rules are processed in the order, so the first one met condition and others do not work.

Best Regards, Arunas B.

Arunas Bartisius
  • 709
  • 1
  • 7
  • 13
2

As advised above, I'd really recommend just forwarding the port(s) needed for discovery and data retrieval. Forwarding all ports will expose the administration login mechanism on your device to the entire internet. Being that your storage will likely contain personal data which I'm pretty sure you wouldn't want just anyone to be able to read, the DMZ/forward all is a terrible choice.

Research which ports your device uses for discovery/data retrieval and ONLY forward those ports. Best way to research this is to look at your product manual. Likely it will recommend opening certain ports on a firewall, this is where you'll get the information you need.

Geruta
  • 129
  • 2