I'm going to join Naftali on the opening point. For all of the features and documentation and helpful guidance on this website, there is no transitionary documentation between "How to Install" and, say, " SIP daemon for Lantiq devices with owsip."
When a typical SOHO (me) wants to add a DMZ for a small web server, there is nothing to hang his/her hat on. Yes, you have "Routing Example: Bridged DMZ," but it only applies to one particular architecture, sort of like a paint-by-the-numbers guide for a picture of a horse when I actually need a sailboat. And no picture anyway, dammit! One simple graphic might have answered a raft of questions.
Why don't I just read the documentation from step one and build from there? Because I have already, regrettably, spent weeks of my spare time doing just that. Here is the information for "untagged", one of many details that I need to understand just to complete the FIRST STEP of my DMZ:
An untagged port, with VID X, in a switch assign the VLAN tag X to incoming packets. When the packet is leaving the untagged port, and was tagged with the VID X, the VLAN tag is removed. This helps, for example, to communicate between tagged and untagged ports. A packet without VID, going inside an untagged port, gets the VID X and can be routed out other ports belonging to the same VID (apart from bridged ports).
A bit dense for me! One detail of many that must be entered correctly so that I don't bring down my network, or worse, assume that I am safe behind it!
Yes, I did write for help a week ago, but I'm afraid that my question was just as unintelligible as some of the documentation I find here. Meanwhile, no work is getting done. I understand Naftali's frustration.