Behind ISP Router vs DMZ Host - Dynamic DNS

Started by spetrillo, January 01, 2024, 06:21:14 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 01, 2024, 06:21:14 PM
Hello all,

First off happy 2024 to all!

I have an OPNsense firewall that sits behind an ISP's router. Currently the WAN side of my firewall is actually a private IP that is part of the IP range the ISP router gives out for wired connections. Then the ISP router will route traffic out to the Internet. I have the option of making the firewall a DMZ host, and then the ISP router plays no role in ports being open or closed. The ISP router is also setup for dynamic DNS, so the public IP can be referenced by a FQDN.

If I make the firewall a DMZ host do I lose the dynamic DNS that is setup on the ISP router? Do I need to move the dynamic DNS setup from the ISP router to the OPNsense firewall? I am trying to understand if making the OPNsense firewall a DMZ host is a good thing or should I just leave it behind the ISP router.

Thanks,
Steve
January 03, 2024, 01:38:37 AM #1
"DMZ host" typically just means the ISP router forwards all inbound connections to this host. This doesn't disable NAT, so OPNsense still has a private WAN address and DynDnS updates should be performed by the ISP router.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
January 03, 2024, 01:57:05 AM #2
Quote from: Maurice on January 03, 2024, 01:38:37 AM
"DMZ host" typically just means the ISP router forwards all inbound connections to this host. This doesn't disable NAT, so OPNsense still has a private WAN address and DynDnS updates should be performed by the ISP router.

Cheers
Maurice

I figured as much...I just wanted to make sure.
Print
Go Up Pages1
User actions