Redirecting an external ip in openwrt
When packets to an external ip address get forwarded back to a device in the internal network, it makes sense to directly redirect them to the internal device.
Motivation
When hosting a homeserver it simplifies the setup a little bit, when you have a static ipv4 address. Since the internet connection my home server is connected to only provides no static ipv4 address, or it would be very expensive, I rent a virtual private server (VPS) for 1€ a month. This VPS provides a static ipv4 address. My homeserver then connects via wireguard to this VPS and the VPS forwards port 80 and 443 to my homeserver.
This provides the advantage that no dynamic dns has to be used and no ports have to be forwarded from the router. Though it has the disadvantage, that devices in the local network send their traffic to the VPS which in turn sends it back to the homeserver via wireguard. To prevent this redundancy, I did setup my OpenWRT router to redirect traffic to this static ipv4 address (port 80 and 443) directly to the homeserver.
Redirecting tcp connections to the homeserver
The following config in /etc/config/firewall redirects tcp connections to port <port> with the destination <static ipv4>, to the homeserver ip <homeserver ipv4>. Furthermore, it assumes, that both the source and target are in the zone lan.
config redirect
option dest 'lan'
option target 'DNAT'
option name 'homeserver redirect from external ip'
list proto 'tcp'
option src 'lan'
option src_dip '<static ipv4>'
option src_dport '<port>'
option dest_ip '<homeserver ipv4>'