DMZ with ipv6 only and a dedicated PD

Installing and Using OpenWrt Network and Wireless Configuration
29

Find bellow a summary of how to settup a DMZ with two prefixs delegations. One for the LAN and the second for the DMZ.

This setup is mainly based on guide-to-set-up-dmz-via-luci 1

First step : create a new VLAN
Open Network -> Switch to setup a VLAN. To understand your default configuration, find the Switch Ports (for VLANs) section for your router in Table of Hardware. I created an VLAN with id 24, on LAN4 ans link to CPU (eth0).

InkedScreenshot_2021-04-18 lorien - Switch - LuCI(1)_LI
InkedScreenshot_2021-04-18 lorien - Switch - LuCI(1)_LI1175×454 69.5 KB

This action will create an interface named eth0.24

Second step : create a new Interface
Open Network -> Interfaces to setup the DMZ. The main setting is to set IPv6 assignement length to disabled

InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI_LI
InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI_LI1092×1092 104 KB

InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI(1)_LI
InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI(1)_LI1092×376 34.5 KB

InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI(2)_LI
InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI(2)_LI1092×202 19.3 KB

InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI(3)_LI
InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI(3)_LI1092×170 32.1 KB

InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI(4)_LI
InkedScreenshot_2021-04-18 lorien - Interfaces - LuCI(4)_LI1092×580 46.4 KB

Third step : settup firewall rule for DMZ
Open Network -> Firewall.

InkedScreenshot_2021-04-18 lorien - General Settings - LuCI_LI
InkedScreenshot_2021-04-18 lorien - General Settings - LuCI_LI1092×750 102 KB

This allow the LAN to get onto DMZ and prohibit DMZ to get onto LAN.

InkedScreenshot_2021-04-18 lorien - General Settings - LuCI(1)_LI
InkedScreenshot_2021-04-18 lorien - General Settings - LuCI(1)_LI1174×360 48.9 KB