How do I put an IP in the DMZ?Completed
I am attempting to do self-hosting and have set up a kubernetes cluster to this effect. In addition to the nodes, the cluster hosts an additional load balanced IP that I wish to put in the DMZ (or to port forward). Unfortunately that IP is not associated with a device, so I am struggling to figure out how to add it to the DMZ or port forwarding.
The firewalla is set up to do routing with each port a subnet. I can modify my DNS table to create a name for the device, but that still doesn't make it available for DMZ configuration.
Any ideas are welcome.
My firewalla Gold is set up with each port as 10.1.x.x, 10.2.x.x and 10.3.x.x
I chose a range of IPs, 10.3.224.1-10.3.224.3 that are on the same subnet as the k8s cluster and gave them to metallb. It is a loadbalancer for hardware k8s clusters (https://metallb.universe.tf/). I think it uses ARP to broadcast itself, but I am not 100% sure on that. Suffice to say I am not a network engineer.
Does that answer your question?
Kind of the opposite I think.
I did some reading, and the virtual IP piggybacks on one of the nodes interface, and thus MAC address. In my cluster there are three nodes, which are really three physical machines, and at any given time the IP may reside on any one of those nodes. I did some fiddling around and I can determine which node the IP is on, but it might change. It shows that the virtual IP shares the MAC address of the node it is on.
The problem with the standard DMZ interface is that is doesn't show that IP, it shows normal physical devices. Does Firewalla allow for two "devices" to share a MAC address? How does it handle manually assigned IP addresses?
Putting an IP address in DMZ is supported on app release 1.50. Please see the release notes: https://help.firewalla.com/hc/en-us/articles/4554420886163
Please sign in to leave a comment.