Currently, I have an OpenWRT router in the DMZ (Orange) with masquerading disabled, providing DNS and a DHCP server for two computers. This way I have segmented my work computers from my private network (blue and green).
I am getting a fiber connection soon. This will give me telephone over SIP in the future.
I am thinking of replacing the OpenWRT router with an AVM Fritz!Box 7530 AX. The Fritzbox would then also provide VoIP.
As far as I know you can not disable masquerading in the Fritzbox to avoid double NAT.
Alternatively, you can set up the Fritzbox as an IP client. But then I think you no longer have a DHCP server. Can anyone give me information about this?
Would the following work without disadvantages/security issues (or do I have a thinking error):
The Fritzbox goes into the DMZ (Orange) as a cascaded router. To avoid Double NAT I disable Masquerade ORANGE (IPFire). Then I set up appropriate static routes in IPFire and Fritzbox.
Does this work?
IPFire - Routing Table Entries:
Host IP address / Network: 192.168.50.0/24
Gateway (Fritzbox): 192.168.50.10