Brume 2 in DMZ?

I want to use Brume 2 with wireguard to access my private network from outside and also use the piHole-DNS server within the LAN at home.

I use ipfire at home. Is it a good idea to put the Brume 2 in DMZ of the ipfire and grant access to the pihole in the green network? Or is it better to put the Brume 2 directly to the ISP router (red network of the ipfire). Than It’s nt a good idea to grant access to the green network for piHole.


Why would you want to use DMZ? It sounds like you only need to open the ports that WireGuard uses.

just for security reasons, for I don’t want to bring it to the internal network, or to let it in the network of the ISP router. I have ipfire running after the ISP router, so I have also the possibility to connect the VPN server within the DMZ. Is it not a good idea?

The problem is, I get no connection to the Brume 2 in the DMZ.

  1. changed IP of the Brume 2 to (DMZ network within ipfire is on
  2. made a rule within firewall for Clients in private network to connect to Brume2 in the DMZ (pinhole)
  3. made a rule for the Brume2 to connect to the internet (ISP red zone)
    4.set the gateway for Brume 2 in LUCY (this setting would be nice in the standard GUI)
  4. port forward the wireguard ports in the ISP router
  5. port forward the wireguards ports in the ipfire

Now I get the connection to the, but the websites I open in smartphone (via wireguard) are droped. Logs of ipfire shows droped ICPM from DMZserver to these websites. No TCP, but ICMP… why that?? I allowed all kind of protocols.

refreshing of Apps within GliNet interface works, but not the DDNS Test and no connection from the client to the web. There the ipfire logs show that the requests to the webpages are all ICMP (not TCP) and are all dropped. So it seems to be a DNS resolving problem within the network.