So,… I’ve many outers which gives me options to set many DMZ addresses but here on GL-AX1800 3.xx firmware, if i put even 1 ip address there, Port forwarding rules of others will get killed??? WHY?
Please fix this,… After setting port forwarding rules,… router still blocks access to my Synology NAS. Now the only way is to put NAS IP on DMZ and let Synology’s Firewall protect itself (which is doing great job). but if other port forwarding rules get disrupted then there its unacceptable
All this probably means, there is some bug in Port Forwarding OR DMZ is not implemented right
In my old Asus router, I had option to set 4 DMZ addresses. In my case, I require 2 DMZs here on AX1800.
I also require HTTPS connections secured by either “Let’s encrypt” or OpenWRT’s use of “Mozilla Certificate” for DDNS, Adguard, etc etc (all that router serves now and in future, ie, WebDAV)
The setting DMZ means every communication from the outside to the WAN Port of the router will be forwarded to this ‘zone’. I do like the word ‘Expose host’ better, because it is only one possible internal IP.
If you want 4 DMZ, you need 4 external IP. Not impossible, only unusual.
Some routers are able to say
port 123 to internal IP 1.2.3.4
port 80 to internal IP 1.2.3.80
port [xxx] to internal IP [1.2.3.xxx]
All other to internal IP 1.2.3.254 (DMZ/Expose Host)
The DMZ client could be a router as well, but this makes only limited sense. The NAT problem will only be moved.
I’m aware, that maybe I don’t make friends here with this statement, but I doubt a lot of people here are able to secure a computer the same way as a ordinary factory default router will.
If I need to open all ports, I have to ask the use of my services. This means servers and games.
I see the valid critic, that not all port forwardings should be overwritten by DMZ. I have many smaller VMs, that needs some ports and could forward everything else to my honeypod.
So,… There is another solution of this problem if gl-inet can implement it its called “Port Triggering” (Specify ports to allow devices on your local network to dynamically open specific external ports and forward packets (from the Internet) to the device that triggered it.)