[GL-AX1800] Why enabling DMZ disables Port Forward of others?

lama · 2022-06-18T06:02:28.896Z

So,… I’ve many outers which gives me options to set many DMZ addresses but here on GL-AX1800 3.xx firmware, if i put even 1 ip address there, Port forwarding rules of others will get killed??? WHY?

Please fix this,… After setting port forwarding rules,… router still blocks access to my Synology NAS. Now the only way is to put NAS IP on DMZ and let Synology’s Firewall protect itself (which is doing great job). but if other port forwarding rules get disrupted then there its unacceptable

All this probably means, there is some bug in Port Forwarding OR DMZ is not implemented right

shivadow · 2022-06-19T19:34:25.616Z

Same for me on the slate. One or the other and neither seems to work as it should… Maybe someone can report this as a bug or something?

lama · 2022-06-20T08:20:41.914Z

In my old Asus router, I had option to set 4 DMZ addresses. In my case, I require 2 DMZs here on AX1800.

I also require HTTPS connections secured by either “Let’s encrypt” or OpenWRT’s use of “Mozilla Certificate” for DDNS, Adguard, etc etc (all that router serves now and in future, ie, WebDAV)

alzhao · 2022-06-24T04:11:36.226Z

I can only find one DMZ in my ASUS router. Do you have screenshot how 4 DMZ work?

lama · 2022-06-24T13:01:46.447Z

If only my old router was alive I remember were tables with rows and columns,…

I hope this is not imaginary or mix up of port forwarding rules,…

I’m searching for google images to find any asus with more DMZs (hoping it’s not an error in my memory)

LupusE · 2022-06-24T15:40:40.786Z

The setting DMZ means every communication from the outside to the WAN Port of the router will be forwarded to this ‘zone’. I do like the word ‘Expose host’ better, because it is only one possible internal IP.
If you want 4 DMZ, you need 4 external IP. Not impossible, only unusual.

Some routers are able to say

port 123 to internal IP 1.2.3.4
port 80 to internal IP 1.2.3.80
port [xxx] to internal IP [1.2.3.xxx]
All other to internal IP 1.2.3.254 (DMZ/Expose Host)

The DMZ client could be a router as well, but this makes only limited sense. The NAT problem will only be moved.

I’m aware, that maybe I don’t make friends here with this statement, but I doubt a lot of people here are able to secure a computer the same way as a ordinary factory default router will.
If I need to open all ports, I have to ask the use of my services. This means servers and games.

I see the valid critic, that not all port forwardings should be overwritten by DMZ. I have many smaller VMs, that needs some ports and could forward everything else to my honeypod.

lama · 2022-07-30T13:33:48.713Z

So,… There is another solution of this problem if gl-inet can implement it its called “Port Triggering” (Specify ports to allow devices on your local network to dynamically open specific external ports and forward packets (from the Internet) to the device that triggered it.)

alzhao · 2022-07-30T14:30:54.867Z

We will add function for port forward and dmz to work together.

lama · 2022-07-30T15:17:29.229Z

Cool! This is great

image709×453 10.2 KB

Although having Port Triggering added will awesome (currently Firewall page looks so dumb )

EDIT:
I noticed another problem with Port Forwarding and DMZ, NAT Loopback missing so cant access my DDNS from within network

lama · 2022-08-16T18:03:18.399Z

So,… when to expect firmware with these?

Apparently,… the newest betas are only for AXT1800 and Not the Flint. Also, Adguard is broken in newest firmware,…

I managed to backup adguard settings and install adguard on my NAS but still,… having it on router was better