Hi there, iptables has nothing to do with routing, it can help to do some selective routing with marks and also help to masquerade packets so they can return.

You're setup looks ok to me. The firewall tab is not very useful since it only allows rules on the INPUT/OUTPUT chain, whereas in you case you'll be using most likely using the FWD chain and NAT table. I see that you have a static route so maybe masquerade is not necessary.

I'd recommend you to debug this use tcpdump in linux machines and wireshark in windows machines to inspect ping request/replies

yes, but you can also do it in real time for both nics, so you can see if packets are being fwd in between nics,

tcpdump -nni any 'icmp' and start watching the output. There should be no ping movement until you start the ping, unless there is a openvpn client or other sw generating pings.

or open two terminals with tcpdump one for each nic.

Hi,
you should not need any routing besides the one Default route to internet, because the 2 local networks are known to linux as they are directly attached.
If you want internet connectivity for the vdr host, you must enable IP Forwarding in the linux kernel
If you want to forbid access to 192.168.2.0/24 from vdr net, you need an iptables rule, otherwise it would also be routed.

DNS is more challenging, if you want name resolutin depending on the subnet you need split dns. If you don't need you own zones, and just want internet dns,
you can directly address the router, provider dns or maybe opendns, because of the default route the dns requests are also forwarded.
But you can also install dnsmasq on omv which justs forwards the requests to internet.
But remember, if you want to address the fritzbox you and have forbidden access to 192.168.2.0/24, you need to whitelist the FB IP in iptables.

I am pretty sure forwarding comes enabled by default in Debian. But is always good to have the setting there, just in case.