Issues with Allow Remote Access LAN


I bought a few days ago a BRUME 2

I Set up the VPN with WireGuard

I have unchecked the option Allow Remote Access LAN

And still, even if i am connected with the VPN i can access to the ips of my Local Network.

For example i can access my local gateway by IP, or even my NAS i can open the page administrations

I only want to have internet access through my VPN

I already upgraded to version 4.1.1 and 4.2 and same issue

Thank you in advance

I haven’t had a chance to test it yet。
But you can try setting the wgclient zone input to DROP in the Advanced ->network->Firewall

Hello, thank you for your kind response, but i think it is already set as you said

Allow access to LAN is designed to control traffic between wgserver zone and LAN zone but not WAN zone.
You can explicitly block traffic to the WAN directly connected network using the command line:

# is the local WAN network.
iptables -t mangle -I FORWARD -i wgserver -d -j DROP

Hello, thank you for your answer, i connected via SSH added your command, and still no effect.
At this moment the gateway is connected directly connected to the ISP router.

Do you use port forward? and what’s the topology?

Hello, yes i use port forward on my main router. Since i can connect remotely.

My typology

Okay, do you change “” accordingly? Could you tell NAS IP, Brume2 WAN IP?
In my network that command works.

My bad, i didn’t even notice, my WAN range IP address is 192.168.1.X, i change it and it is working!

Thank you very much!