What to replace fritzbox 7530 with

A short time after joining Zen, I found how useless for me the fritzbox modem is, does anyone know of a modem that allows phone, and a subnet of external ip's Please

The biggest problem with this modem with subnet, is that you cannot bridge the external ip's

Perfect example, windows 2019 Server with Hyper-V running 3 virtual servers, ftitzbox will not allow three external ip's through one ethernet card.

Thank in advance for any help... Alan

I don't know of anything other router that does the full range of what you are asking for.

There are plenty of routers that will allow you to do 1:1 mappings of public IPs into a DMZ network where your Hyper-V can reside in a much safer manner than literal bridging.
pfSense and EdgeRouter being a couple I have used, and Mikrotik highly likely.
Some people will have got that working on Draytek but at times I have found their quirks too much bother.
You'd be left doing the phone/dect stuff on a separate box or keeping the Fritz!box around for that function.

Also Zen, IDNet and others provide IPv6 as standard so you can already use the Internet → Permit Access section to allow incoming traffic to your servers without NAT so the global addresses would be valid even if they are on the LAN.
It isn't open to the world by default, naturally.

The Fritz!box stateful firewall is reasonably functional for a home router.
Like many home routers it is missing the ability to specify firewall groups or ranges of remote addresses that should be allowed by an incoming rule (i.e. inbound source filtering) which are present on the purpose-built firewall/router OSes.

However have you checked what the Public IPv4 Subnet feature does?

I don't have an external IPv4 subnet at home but I would think it lets you consume your subnet in some way, presumably by allowing you to assign it to one or more of your LAN ports turning them into a DMZ network.

Edited by prlzx (Sun 11-Jun-23 11:23:03)

I should add - if you are being provided a routed IPv4 subnet,
it should be separate from the subnet used by your router's own WAN interface, rather than the router being in that subnet externally.

For example if you WAN interface is configured by PPPoE that should look like a /32 with a default route towards the ISP's gateway, and not part of the subnet being routed towards you.

The smallest additional range from Zen is a block of 8 IPs of which 5 will be usable after configuring that public /29 inside your network.

In that case bridging is not what is required but routing to use the public subnet inside your network.

Edited by prlzx (Sun 11-Jun-23 11:32:19)

Thank you for your reply,

This company use a funny system, the wifi access is on the gateway of the subnet, first problem, you are not allowed to talk to and subnet ip's from the wifi ip's.

The second point is you are not allowed to bridge ip's (external)

Third point the company gives no support on using the ip's or to setup the modem to use them

Firth point working with the German company of the modem, is drefully slow, one question a day

Now I have totally grey heir

All the best from Alan

Sorry that's the problem, the wifi is part of the Subnet, in fact wifi routes via Gateway of subnet
most other company's like Vodafone give you separate Subnet from the ip used by the wifi.

All the best from Alan

In that case I think you would be better with something like pfSense which would focus on your router, firewall, nat, dhcp and dns requirements with support for multiple types of VPN and a range of free add-on packages.

I already use pfSense for FTTC and FFTP but also leased lines, including types where the additional IPv4 addresses are in the same subnet alongside the router's WAN IP. In this case I use:

* the IP alias function to claim additional addresses in the external /29 and then
* 1:1 (bidirectional) NAT to map to servers in a DMZ network. This allows the external IPs to be consumed without port translation while still being able to apply a firewall policy to decide what services shall be exposed.

If your preference is still to place physical or virtual servers on the external facing network with the public IP configured directly on their NICs, pfSense also supports bridging 2 or more interfaces.

Some Netgate models have an integral switch chip which would allow them to be switched in the external network
without even passing through the router itself. That makes the most sense when the WAN configuration is static IP and subnet rather than PPPoE though. These built-in ports can be used for WAN, LAN , VLAN access or trunk, or any other local network including as a DMZ.

In return for this flexibility Wi-Fi and telephony would be handled separately though.
I suspect you could run the Fritzbox as an access point and still make use of the telephony.

You might want to look at this YT playlist if you wanted to know more.

Edited by prlzx (Sun 11-Jun-23 18:02:28)

Wow thank you, I watched pFsence on youtube, looks very good, .totally amazed

Looks like I need to give a lot of though and time to this problem and take the best long term root

Thanks again

All the best from Alan