Router in DMZ

Toggle sidebar Toggle sidebar
A

andrew.v.bruns

May 25, 2018
1
0
10
I am attempting to use my own router (Google WiFi) with Google Fiber and avoid a Double NAT situation due to using Xbox One X. I am a fairly novice networking person and I wanted to clarify something I’ve researched on. Since Google Fiber Network Box does not support Bridge Mode it looks like I need to setup a reserved IP for the wan address of my google WiFi and place it in the google fiber DMZ. Is there any security issues with this setup? I read where I should use a static ip but I’m not sure how to sue this it looks like google fiber supports this for business users??? please help I’m just trying to make the network as secure as possible and avoid the double nat situation and still have all the gaming features the Xbox supports. If this is a safe setup I’m assuming any switches or hardwired devices downstream are secure, too? Thanks!
 
Sort by date Sort by votes
eibgrad

eibgrad

Splendid
Feb 16, 2010
3,373
2
21,465
I think you're confusing "static IP" w/ "public IP". They're not talking about public IP when it comes to the DMZ, just a static IP.

In order for the DMZ to be effective, you don't want the IP placed in the DMZ to change to some other device. You want to make sure it always pointing to the same device. And you can do that by either creating a static lease in the ISP's router based on the MAC address of your own router's WAN MAC address, or just configuring a static IP on your own router that's part of the ISP's local network, but not within the scope of its DHCP server.

All that said, the DMZ has nothing to do w/ NAT! All the DMZ is is a convenience. It's typically used to avoid having to port forward *twice*, once on the ISP's router, and once again on your own router. Anything not port forwarded or blocked by the ISP's router, is passed to the device in the DMZ. So for port forwarding purposes, the only device you now need to configure is your own router.

But again, the DMZ has nothing to do w/ NAT. You are *still* double NAT'd regardless whether you do or don't use the DMZ. Unless you are able to place your ISP's router into bridge mode, all your outbound traffic will be NAT'd across each router. The only alternative is demote your own router to just a WAP, which minimally means disabling its DHCP server, assigning it a static IP in the private address space of the ISP's router, and patching it LAN to LAN wrt the ISP's router. Now the only router performing NAT is the ISP's. Of course, this turns your own router into nothing more than an wifi AP. You lose any other benefits that come from running your own router.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom