Hello there. I'm having difficulty replicating a swconfig DMZ/VLAN setup currently running on Netgear R6020. The DMZ is given a dedicated physical port on the R6020 & is connected to a single internet facing email server. I followed this guide https://blog.christophersmart.com/2015/01/17/creating-a-dmz-in-openwrt/ to get it working on the R6020.
I want to replace the R6020 with a WRT1900AC that uses DSA. It's a pretty simple network set up but I cannot find a forum post/easy to follow, for me, guide to implement this on the WRT, that works. Reading Mini tutorial for DSA network config , it appears it might not actually require a created VLAN, it could be possible to segment off the DMZ to a separate bridge interface, with fw rules to prevent traffic from the DMZ to LAN, assigned to one physical port. Is this correct? Thank you.
You don't need a bridge for a single wired device.
Just remove one of the lan[1-4] ports from the default bridge and use it as a device to create the new interface.
Hi there. Thank you for responding. Following your suggestion, I removed 'lan4' from 'br-lan' device, then Create new Interface, name 'DMZ', static address, assign 'device' 'lan4', Create Interface.
In the dialogue that opens, assign ipv4 address, subnet, enable 'DHCP'. I know I'd have create a fw zone but leave that blank for now, Save & apply.
Ok. Device on Lan4 does not get ip. So, assign the fw zone 'Lan' & miracles, Lan4 device gets an ip address!
I know I will have to get the fw etc set up correctly but please don't underestimate how appreciative I am. I've spent several days trying to figure this stuff out. Thank you!!
I did notice that although I set the DHCP lease to 2m, after 2m the Status/Overview showed the devices attached as lease remaining as 'expired'. Is that a fw issue? Why would br-lan interface say that also. Another test confirms the leases just stop after expiration. Fw? And why br-lan, did not change anything there except lease time. And now they are back to having leases! Very perplexing.
Thank you:-)
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.