How to restrict Wireguard VPN to WAN only on Brume2


can anyone help me setting my firewall & zones the right way

Goal: i want to use my home as internet break out wenn i am travelling - but dont want to expose any ressources on my LAN.

brume2 sits behind my router (which acts as DHCP Server and my internetprovider does not allow me to set any firewall rules or VLANs)
Brume acts as a Router, is connected via WAN Port to a LAN-Port on my main Router (=WAN exit)

via gl.inet webadmin i installed wireguard

in luci i turned off the brume2 dhcp

needed Help: how to isolate brume2 as wireguard ↔ wan only vpn
thanks in advance

1 Like

I may not be understanding your scenario. Are you using WireGuard Server or WireGuard Client?
Are you wanting to use your home network as a forwarding node to access the Internet when you travel?

hi - thanks for asking. i use wireguard server at home - i want to connect while travelling (using a wireguard client) to my homeserver - but only for using my (home) internet (ip and breakout). eg.: some internet content is geo blocked … so i can read my newspaper ( from abroad. important: i dont want to expose anything else from my (hom) lokal LAN when using the wireguard tunnel

my settings so far

I think your “mgserver_deny_LAN” rule is work for the goal. We try it.

Alternatively, you can use the following at Firewall Custom Rules:

iptables -t mangle -I PREROUTING -i ovpnserver -d -j DROP