So I added Netbird ( How to install NetBird package - Technical Support for Routers / VPN, DNS, Leaks - GL.iNet (gl-inet.com) ) to the device and can’t ping the devices when adding route to the Netbird, my guess is the firewall blocking access to devices using the Netbird/Wireguard connection. Not sure what I should change in the router. Pinging (example my subnet 10.72.1.1 the Wireguard connection work, but any devices behind like 10.72.1.100 can be ping when on the same LAN but when using the Netbird/Wireguard connection they cannot ping?)
So looking at my iFace I have wt0 as a device that is not added to config device option name br-lan I can see list port for eth0 and eth1 should I add wt0 to the br-lan?
Make be you need to allow ingress traffic through the firewall once the connection is established. Check LuCi firewall tab.
I added wt0 to the br-lan and still no success. And allowed everything from LAN in the firewall and still no ping.
with the limited knowledge I have with Netbird (accordingly it is wireguard with some automations and scripts to make it easier to have a wireguard server).
can you please elaborate how you did the ping to where?
- did you ping to 10.72.1.1 from a ip client at 10.72.1.100+ ?
- did you ping from a client 10.72.1.100+ to the lan segment?
- or was your intention to ping from client to client in 10.72.1.100/24 ? (in that case you need in allowedips 10.72.1.100/24 or other client routes are not visible for other wireguard clients in the tunnel).
a simple case of testing if the tunnel works especially the handshaking part:
- ping from a wireguard client to
10.72.1.1
if that works, you can try even one thing further:
- ping from a wireguard client to lan gateway, this means your devices are also reachable on lan via the wireguard tunnel.
also it helps to have a tracert (i.e to something like 8.8.8.8) to see the hop networks 
this kinda also shows where you connection is stopping (you can discard all non rfc1918 addresses for security reasons if you want to post this).
^ also last time I was diagnosing something in wireguard and was banging my head to the wall only to figure out that a failing preshared key still tells there is a handshake in luci-app-wireguard for example, but this still does not allow traffic 
upon deletion of this key, then finally my configuration worked, it got me through all kinds of testing though wether it was invalid MTU, to routing even removing the firewall zone at one point 
that one can be very tricky in diagnosing connection problems.
From local I can PING every device (from the br-lan)
From Remote I can PING only the router 10.72.1.1
My guess is I need to allow traffic from wt0 to the lan-br
I tried:
iptables -I FORWARD -o br-lan -j ACCEPT
iptables -I FORWARD -o wt0 -j ACCEPT
iptables -t nat -I POSTROUTING -o wt0 -j MASQUERADE
I tried allowing all from wan to lan
I tried adding wt0 to the br-lan (and that broke everything needed to restart from scracth)
If anyone has any idea
Did you set your private network as such and your GL-XE300C4 as a routing peer in netbird webui?
https://docs.netbird.io/how-to/routing-traffic-to-private-networks
@JSChasle that’s it, I just received a Brume 2 and followed the previously linked documentation about routing traffic to private network and it is working.
No need to mess with the bridge or anything.
In your case it means going to your netbird admin, head over ‘Network Route’ and add 10.72.1.1/24 as a subnet and your GL-XE300 as a routing peer. Wait a little for your peers to pickup the route against netbird and enjoy