your router with this version of Openwrt is already in DSA (at most check first)...
exec:
if grep -sq DEVTYPE=dsa /sys/class/net/*/uevent; then
echo "You have DSA"
fi
preamble:
you found many different instructions, because creating a "dmz" network obviously depends on your specific needs (which you did not specify) ...
answer to the question asked:
hoping I didn't forget anything here's what you need to do:
remove an ethernet port from "br-lan" to create a new "br-dmz" ps: as long as it's one of those not connected to anything...
create an empty bridge called "br-dmz" and add the ethernet port removed from "br-lan"
create a new interface "dmz" with the ip addresses of the dmz network
create a zone in the firewall called "dmz"
ps: obviously these are the first steps, then you need to evaluate your specific needs...
reference document:
additional documents to consider (based on your needs):
yes i have static, 1 ipv4 and /56 /64 ipv6 which allows internet acces to an internal private ip for 1 computer which runs various servers
until now i thought dmz allowed only 1 computer to be accessed via ip or domain, which is what i currently have setup using the linksys dmz option under security
so when the ip's or domains are used the router forwards those requests to the server
Instead of a complete "DMZ" where all ports are forwarded to the host in question, it is far better (i.e. safer/more secure) to only port forward the specific ports that are in use by services that are intended to be exposed to the internet.
Do you have a list of services/ports that you want to expose?
Also, as an aside, if this is for personal access to your machine while away from home, it is actually easier (and safer) to setup a VPN server on your router instead of opening ports. In this context, you'll have a VPN client on your remote device(s) like computer/phone/tablet or even a travel router and that will connect back to your home network. If, on the other hand, you are serving to the internet in general (i.e. anyone may visit your site/services), port forwarding is the way to go.
You are certainly welcome to do that, and i will explain how, but I want to reiterate that doing so may be very dangerous because it will effectively expose your host directly to the internet, thus making literally every service/port on that device a potential attack vector. This includes network services that run on the host that you don't intend or need to expose to the internet. Any vulnerability in any one of those services (or the configuration thereof) will mean your host will be compromised, which can result in your entire network and your router also being compromised.
That said, if you still want to do this, despite the dangers I have described:
Create a port forward with:
source zone wan
source destination port 1-65535
protocol TCP+UDP or even protocol any/all
destination port 1-65535
destination zone lan
desination < IP address of server >
This will mean that your computer is 100% exposed to all of the internet. And to drive the point home one last time, I'll reference the title of this thread "Dmz setup for dummies" -- doing a true "DMZ" like this is about as dumb as it gets on the modern internet.