Thank you for your help.
Can this be achieved with a firewall rule that directs all traffic for A.dyndns.org to be routed via the Wireguard interface?
Yes. Users on any device in LAN B can access the BI server at 192.168.0.1:81Your explanation is not complete or maybe just lacks some clarity.
Are you saying that
a. Users at Device B, via wireguard, successfully access the Iris Server on the LAN at Device A?
Note: Assuming the users simply put in their APP or browser 192.168.0.1:81 and the connection works great.
Correct.b. You want users to be able to access the server by FQDN type name? like A.dyndns:81
I do not understand how static DNS would get around the firewall not allowing traffic through.
This will not work if you are expecting the users to go out the local WAN at Device B, and then reach the Device A on its WAN port due to the fact that you have already stated
that you block incoming traffic on the WAN side.
One may consider something funky with static DNS, but that may interfere with the fact that the router needs to go out local WAN to reach the a.dydnsn.org for Wireguard handshake.
How would the IP/Cloud DNS name provide a solution?
Perhaps consider using the IPcloud DNS name for wireguard, and then something like static DNS for the other pointing to the wireguard IP on the device ????
Yes. It would seems to be that if I could direct any traffic destined for A.dyndns.org to go through Wireguard, then that would work.
In other words any traffic queries for that URL should go through wireguard.
Can this be achieved with a firewall rule that directs all traffic for A.dyndns.org to be routed via the Wireguard interface?
No idea.Then one has to deal with that traffic at arrival at Device A................ Hairpin NAT???
/ip dns static add regexp=["a.dyndns.org]" address=wireguardIP/32
Statistics: Posted by Josephny — Thu Apr 04, 2024 5:43 pm