WAN IP of router is still internal after adding to modem DMZ

[svrndmngjr]

My network is currently setup as such:

 

ISP-modem/router (white onu - currently with adminpldt access)
LAN: 192.168.1.1 (I can access my ISP-router's settings on a browser via this address)
WIFI Disabled
DMZ: 192.168.1.2 enabled

 

Asus AC-88U: connected to ISP-Modem via ethernet cable (ISP-modem lan port to AC-88U WAN port)
WAN Connection type: Automatic IP (192.168.1.2 - I can see this IP connected via lan to my ISP-modem)
LAN IP: 192.168.2.1 (I can access my router's settings on a browser via this address)

 

In my understanding, my router gets an internal WAN IP since it's connected to my ISP-modem and the ISP-modem assigns an IP to my router. What I want is to give access to my router to the internet so that it displays it's WAN IP as whatever public IP I currently have (dynamic IP) and not just the internal IP (192.168.1.2) and then use the free DDNS service that comes with the AC-88U.

 

The problem is that I have already enabled DMZ on the ISP-router and listed 192.168.1.2, but the AC-88U still reports an internal WAN IP.

 

What am I missing?

[Oshino Shinobu]

Sounds like the modem you're using is a modem/router combo unit. Have you turned DHCP and NAT off on that unit? 

[svrndmngjr]

29 minutes ago, Oshino Shinobu said:

Sounds like the modem you're using is a modem/router combo unit. Have you turned DHCP and NAT off on that unit? 

Not yet. Hmm, so should I have DHCP Service and NAT off on the ISP-modem/router and have DHCP Service and NAT turned ON only in the Asus-AC88U?

 

Edit: I tried to disable the DHCP service on the ISP-Modem/router (ROOT AP), I lost internet connection on the AC88U.

[PineyCreek]

You're looking for a bridge mode on the ISP modem/router combo, which is seemingly going out of style on ISP modems at least where I live.  Even better is buying your own modem (from an approved list given by your ISP), registering its MAC with the ISP, and not paying equipment rental fees.  If it's just a modem and not a router, you don't have to worry about the rest.  You may not be able to do bridge mode or use your own modem if you use the provider's VoIP service, etc. depending on what services you have and the way your ISP does business.

[svrndmngjr]

Just now, PineyCreek said:

You're looking for a bridge mode on the ISP modem/router combo, which is seemingly going out of style on ISP modems at least where I live.  Even better is buying your own modem (from an approved list given by your ISP), registering its MAC with the ISP, and not paying equipment rental fees.  If it's just a modem and not a router, you don't have to worry about the rest.  You may not be able to do bridge mode or use your own modem if you use the provider's VoIP service, etc. depending on what services you have and the way your ISP does business.

Hmm, but is DMZ capable of handing over the Dynamic IP from the ROOT AP to the AC88U? Or can this only be achieved using bridge mode?

I read this: https://www.howtogeek.com/255206/how-use-your-router-and-isps-modemrouter-combo-in-tandem/

Based on how I understood it, DMZ should be able to pass the Dynamic IP to the AC88U, but after I setup DMZ on the ROOT AP, the WAN IP of the AC88U still shows as an internal IP. The DDNS option in the AC88U also says: "The wireless router currently uses a private WAN IP address. This router may be in the multiple-NAT environment and DDNS service cannot work in this environment."

[PineyCreek]

12 minutes ago, svrndmngjr said:

Hmm, but is DMZ capable of handing over the Dynamic IP from the ROOT AP to the AC88U? Or can this only be achieved using bridge mode?

I read this: https://www.howtogeek.com/255206/how-use-your-router-and-isps-modemrouter-combo-in-tandem/

Based on how I understood it, DMZ should be able to pass the Dynamic IP to the AC88U, but after I setup DMZ on the ROOT AP, the WAN IP of the AC88U still shows as an internal IP. The DDNS option in the AC88U also says: "The wireless router currently uses a private WAN IP address. This router may be in the multiple-NAT environment and DDNS service cannot work in this environment."

DMZing will pass most things through, but it's still assigning an IP to the connected devices.  You'll need bridge mode I think if you want the actual WAN IP to show in the ASUS router.  If you turn off DHCP and NAT on the ISP router and use a static IP for the router beneath it, then use port forwarding, it will mostly work, but it just gets more annoying from there with having a system running the ddns client all the time connected to the ISP router in order to update the Ddns IP correctly.

 

Bridge mode's just cleaner by a long shot, and you don't have to deal with feature lockouts on the ISP stuff they provide.

 

Here's a post on it mentioning your scenario:

 

https://www.dyncommunity.com/questions/22865/2-routers-network-with-ddns-at-seconary-one.html

[R click]

Just now, svrndmngjr said:

DMZ: 192.168.1.2 enabled

 

im sorry but what is dmz?

[PineyCreek]

3 minutes ago, R click said:

im sorry but what is dmz?

https://en.wikipedia.org/wiki/DMZ_(computing)

[R click]

hmm so its a security feature do all routers have it?

Edit: nvm i did some research myself thx

[svrndmngjr]

37 minutes ago, PineyCreek said:

DMZing will pass most things through, but it's still assigning an IP to the connected devices.  You'll need bridge mode I think if you want the actual WAN IP to show in the ASUS router.  If you turn off DHCP and NAT on the ISP router and use a static IP for the router beneath it, then use port forwarding, it will mostly work, but it just gets more annoying from there with having a system running the ddns client all the time connected to the ISP router in order to update the Ddns IP correctly.

 

Bridge mode's just cleaner by a long shot, and you don't have to deal with feature lockouts on the ISP stuff they provide.

 

Here's a post on it mentioning your scenario:

 

https://www.dyncommunity.com/questions/22865/2-routers-network-with-ddns-at-seconary-one.html

Yikes. So just to double check, if I get the ROOT AP to run in bridge mode, then the AC88U WAN IP will show my public wan ip and NOT the internal one? And if I opt to not run in bridge mode, I cannot use the DDNS on the AC88U, instead, use a service like NO-IP and run a PC client that detects and re-links the new IP to the host name?

[PineyCreek]

Just now, svrndmngjr said:

Yikes. So just to double check, if I get the ROOT AP to run in bridge mode, then the AC88U WAN IP will show my public wan ip and NOT the internal one? And if I opt to not run in bridge mode, I cannot use the DDNS on the AC88U, instead, use a service like NO-IP and run a PC client that detects and re-links the new IP to the host name?

That sounds about right.  If you run the ISP modem/router in bridge mode then effectively all routing functions are turned off and it acts as a modem.  Therefore your AC88U will see the WAN IP directly.

[svrndmngjr]

2 minutes ago, PineyCreek said:

That sounds about right.  If you run the ISP modem/router in bridge mode then effectively all routing functions are turned off and it acts as a modem.  Therefore your AC88U will see the WAN IP directly.

Thank you so much for the clarification!

[R click]

guys I just added my phone as a dmz hosted device does that mean my phone now has a different public IP address?

[PineyCreek]

Just now, R click said:

guys I just added my phone as a dmz hosted device does that mean my phone now has a different public IP address?

Please don't hijack a thread like this.  Post a question as its own post in the appropriate category.  To answer, no, DMZ doesn't mean your get an extra public IP.  I pulled this simple explanation from TP-Link's site:

 

A DMZ (demilitarized zone) on a home router refers to a DMZ Host. Strictly speaking, this is not a true DMZ. A home router DMZ host is a host on the internal network that has all UDP and TCP ports open and exposed, except those ports otherwise forwarded. They are often used a simple method to forward all ports to another firewall/NAT device.

[R click]

k thx and sorry

[Alex Atkin UK]

All DMZ does on most routers is port forward EVERY PORT to the destination IP, that host will still have a LAN IP.

 

Incidentally, there is no such thing as an internal WAN IP.  A proper DMZ (multiple hosts) just puts those hosts on the EXTERNAL (Internet) network, rather than the internal.  For most uses, that's just not necessary.

 

Internal network always refers to the LAN, in that its isolated from the Internet by the router.  In your configuration the router is creating one internal network, the second router is creating a second internal network.  There is not a whole lot of point to doing that as the first router is still doing all the work of translating between the external and internal network.

You can only use a proper DMZ if your ISP has given you more than one public IP address which by default none will.  The only way to have your own router do all the work is either to put the first one in bridge mode (as already discussed) or completely replace it with your own (if your ISP supports it).