How to open the DMZ using the MAC address on our Orange Livebox router

In RedesZone we have already explained in detail what the DMZ is, what it is for and how to use it in our router. Recently, in the new Orange routers, both in the Livebox Fiber, Livebox Plus and also in the company’s hybrid router called Livebox Evolution, we have a very interesting configuration when configuring the DMZ, and it is not necessary to put a Fixed IP on the end device, but we can open the DMZ directly with the device’s MAC address. Do you want to know all the details about this novelty?

As you all know, the DMZ, or also known as the demilitarized zone, is an option that all home routers incorporate to facilitate the opening of all ports to a device in question. This option was created so that any computer from the Internet could communicate with a computer that is behind the NAT, allowing all ports to be opened to that device (except the ports that are explicitly open to other computers).

Open DMZ by IP

Currently all routers allow the DMZ to be opened to a computer in question, using the private IP address of that device. As we have a DHCP server in the local network, it is possible that the IP of the device where we have opened the DMZ changes, and therefore, we will be opening the DMZ to another computer that is not the original one. This entails two problems, the first of which is security, and that is, if the device does not have a firewall, it could receive unwanted traffic from the Internet. If, for example, we have services such as FTP or SSH, they would be easily accessible through the Internet, and without our realizing it, as if we had made an explicit port forwarding to those services. The second problem is that the device that was in the DMZ is no longer there, therefore, we will not be able to use its services externally.

What you should always do if you want to open the DMZ to a certain computer, is to put a fixed IP on the device itself. This is achieved in two main ways:

• Manually configuring the fixed private IP address on the device, within the LAN subnet range, and outside the DHCP range so there are no conflicts of any kind. The DHCP server could provide the same fixed IP to a computer on the same network, therefore, we would have two identical IPs in the same subnet, and this cannot be done.
• Configuring the Static DHCP of the router. We can associate the MAC address of the device in question, with an IP that we want, in such a way that this IP is always provided when requested.

Open the DMZ by MAC address in Orange Livebox

In the new firmwares of the latest equipment from the Orange company, we only need to have the equipment connected to the router, either through Wi-Fi or cable. The DMZ in these routers relates the equipment to the MAC address, so we do not need to configure a fixed IP manually, nor do we need to configure the router’s Static DHCP. In this way, even if the private IP address changes at some point, we would not lose the configuration since it is associated with the MAC address, an address that is unique for each of the devices in the world.

It is true that in the first Orange Livebox firmwares it was requested to assign an IP in the router’s Static DHCP. So that the equipment always had that IP when connecting and did not create a conflict as we mentioned above. Once the IP was selected in the Static DCHP, it let us open the DMZ as shown in the following image of the interface:

With the new firmwares of the most current Orange Livebox routers from the Orange company, this configuration section has been improved, now it is not necessary to configure the Static DHCP, we simply select from the list of devices the device for which we want to open the DMZ and the router will automatically assign you an IP outside the DHCP range without the need to configure anything else. In this way the equipment will always have that IP address when connecting and we will not have conflict problems between Static DHCP and Dynamic DHCP. In this image we will see how the device for which we will open the DMZ is selected and we will also see that it no longer shows us the warning that a static IP must be selected in the DHCP configuration.

And in this last image we see how the whole process is finished, the Orange Livebox router assigns it an IP out of DHCP range and we already have our device with the DMZ open in just three clicks.

In the event that for some reason we have to reset our router to factory settings or the internal configuration is lost, we just have to go back to the DMZ select the MAC of our equipment and click on save, much easier than configuring the Static DHCP and later put the IP in the DMZ section.

Conclusions

In short, this new DMZ system through the MAC address will give us much more comfort, since it will not require IP address configuration on the computers where we want to open all the ports, nor will we have to configure the Static DHCP within of the router. We will only have to know the MAC address of the device in question and register it, forgetting what private IP address it has.