How do I put an IP in the DMZ?

Completed

Comments

8 comments

  • Avatar
    Firewalla

    Do you mean you want to forward a port to an IP that does not map to any MAC address? Is that IP a black hole? if not, it must be mapped to something

    0
    Comment actions Permalink
  • Avatar
    Nate Church

    My firewalla Gold is set up with each port as 10.1.x.x, 10.2.x.x and 10.3.x.x

    I chose a range of IPs, 10.3.224.1-10.3.224.3 that are on the same subnet as the k8s cluster and gave them to metallb. It is a loadbalancer for hardware k8s clusters (https://metallb.universe.tf/). I think it uses ARP to broadcast itself, but I am not 100% sure on that. Suffice to say I am not a network engineer. 

    Does that answer your question?

    1
    Comment actions Permalink
  • Avatar
    Nate Church

    Bump.

    Looking to forward external traffic to an internal IP, or to place that IP in the DMZ. The IP is not associated with a device in firewall. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    I am still puzzled on why your IP/devices in your 10.x.x.x network don't have a MAC ... do they all show up as one big device with the same MAC?

    For DMZ, tap on network button->nat->DMZ, you can configure it that way

    0
    Comment actions Permalink
  • Avatar
    Nate Church

    Kind of the opposite I think.

    I did some reading, and the virtual IP piggybacks on one of the nodes interface, and thus MAC address. In my cluster there are three nodes, which are really three physical machines, and at any given time the IP may reside on any one of those nodes. I did some fiddling around and I can determine which node the IP is on, but it might change. It shows that the virtual IP shares the MAC address of the node it is on. 

    The problem with the standard DMZ interface is that is doesn't show that IP, it shows normal physical devices. Does Firewalla allow for two "devices" to share a MAC address? How does it handle manually assigned IP addresses?

    0
    Comment actions Permalink
  • Avatar
    Ricardo Marques

    Hi Nate. I think I am having the same problem. Did you ended up finding a solution to this?

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Putting an IP address in DMZ is supported on app release 1.50. Please see the release notes: https://help.firewalla.com/hc/en-us/articles/4554420886163

    0
    Comment actions Permalink
  • Avatar
    Pablo Cisneros

    Having the same issue after to put as Router my gold in front of the network
    before that my pull images from Kubernetes works fine

    now i got this message 

    Any solution that you can provide guys ?

    Failed to pull image "pcisnerp/python-hello-app-for-prod:latest": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/pcisnerp/python-hello-app-for-prod:latest": failed to resolve reference "docker.io/pcisnerp/python-hello-app-for-prod:latest": failed to do request: Head "https://registry-1.docker.io/v2/pcisnerp/python-hello-app-for-prod/manifests/latest": dial tcp 34.205.13.154:443: i/o timeout

    0
    Comment actions Permalink

Please sign in to leave a comment.