cancel
Showing results for 
Search instead for 
Did you mean: 

HUB 3 DMZ setup on different IP range

Cryptoffa
Tuning in

Hi
This my first post here so please excuse my ignorance.
For the moment I've left my LAN on the default IP of 192.168.0.0 with the HUB 3 at 192.168.0.1
Thanks to some very helpful posts here (I'd have been lost without them) I've managed to configure the fourth LAN port on my HUB 3 as a DMZ port by creating a DHCP range and reserving the DMZ port IP address.
However, the DMZ configuration screens seem to automatically force the same IP range for the DMZ network as the rest of the network i.e. 192.168.0.0 which seems odd and unhelpful.
I would have thought it to be usual to have a different range for the DMZ network and indeed I require the DMZ subnet to be on a completely different IP range e.g. 172.16.2.0
Reason: I have a number of IP cameras which I need to keep well away from my LAN trading computers and I also wish to use MAC address filtering, which I've yet to master on the HUB 3.
Now if, for some strange reason, a solution to the above isn't possible, I'm wondering if I should put the cameras on a Guest network, always assuming the Guest network will be on a different IP range.
Any help with my dilemma would be very much appreciated
Thanks in advance

5 REPLIES 5

legacy1
Alessandro Volta
You need a better router
https://www.zyxel.com/uk/en/products_services/VPN-Firewall-ZyWALL-VPN300/
DMZ on simple home router let alone ISP hubs just forwards on the same LAN subnet TCP, UDP for the most part traffic to the given IP.
---------------------------------------------------------------

Thanks Alessandro for your prompt response but I'm afraid that >£1,000 seems rather overkill and is a bit out of my price range
ZyXEL ZyWALL VPN300 Network Security/Firewall | Ingress.co.uk 
I've used Zyxel products in the past and found them to be useful with helpful support
Going back a few years the old Zywall 5 was a very handy gadget
However surely there must be internal firewalls with proper DMZ for significantly less than that ??

Sure you could go with a USG60W by Zyxel but you will not get 1Gb TCP speed out of it more like 400Mb

or you can go Ubiquiti

or you can get a Managed switch and do ACL rules to have the DMZ IP not have access to your rest of the IPs in subnet.

---------------------------------------------------------------

Tudor
Very Insightful Person
Very Insightful Person

I use Ubiquiti kit and it’s easy to separate devices into VLANs according to their type, I have management, IoT and Cameras VLANs.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2

Thanks I'll do some more investigation and have a think.
As a temporary measure I currently have both 2.4GHz & 5GHz Wifi disabled on the HUB 3 and just connect a single HUB 3 LAN port to one of the WAN ports on an old Netgear FVS336G firewall with DMZ configured on a different subnet, but it's very unreliable.
This configuration intermittently blocks IMAP & SMTP and also occasionally ignores the MAC address filtering database which is unhelpful to say the least.
Perhaps a better replacement for the Netgear firewall might be a solution.