Using OpenWrt as both DMZ and non-DMZ host

Hi all, I wanted to get some opinions from this community if my plan makes sense or not, before I cause myself a network blackout :slight_smile:

What I have:

I have an unmodified ISP router (R0) that feeds a local network (LAN0). On this LAN0 I have a OpenWrt router (R1), that is defined as a DMZ host on the ISP router R0.
R1 also has it's own LAN1 where I host some public facing servers via port forwarding.

What I want to change:

I want to add some extra servers inside LAN1 and expose them via the OpenWrt router R1 with port forwarding to the outer LAN0 network but NOT to the Internet which would happen by default since R1 is a DMZ host and thus fully exposed.
My plan is to add a second IP address to the R1 WAN interface, this would actually be a 2nd WAN interface according to this guide:

It should be no problem to add a 2nd "WAN" IP to R1 because its WAN is using private IP addresses from LAN0.
This way I could then inplement forward rules for the 'internal' servers using this 2nd WAN IP while the first one which is defined for the DMZ host would only forward to those servers meant for the external world.

What do you think? Is this plan reasonable?

Just as a follow-up in case someone else has a similar question and finds this thread: it works out of the box according to the OpenWrt guide linked in the post above!
Thanks to the OpenWrt community for putting up nice documentation!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.