Discussion topic: Sky hub as just a modem.

@Warzilla 

Those rules seem good and I'd contact Sky, the router may have a fault or a bug.

From what you did I state that you only need the DMZ to 192.168.0.2 (inbound) and disable the firewall on outbound which you have done correctly. If anything, one has done too much, one thing you could try is factory resetting and only defining the DMZ to 192.168.0.2 and disabling outbound firewall rules and that's it.

@mae-3I've tried resetting a couple of times and different sets of configuration. Nothing works.

Will contact support, thank you very much for your help! Greatly appreciated! Have a lovely day

One can only hope the new router coming later this year will have a modem mode

I've discussed the issue with Sky Support. I was informed that business hub is much more restrictive than residential one, and at the same time there are fewer configuration options.

There is no way to fully disable firewall.

I've decided to do some extra work and I've set up a local DNS server in my LAN to resolve my custom domain to internal IP addresses (I was already running AdGuard so extra configuration was trivial).

@Warzilla 

Have you thought about replacing the Sky router with your own in its entirety? If you have a full-fibre connection that should be something that is relatively easy.

@mae-3  yes, I can connect my UDM Pro directly to ONT box, but I will lose:

1. VoIP (not a big deal)

2. 4G backup connection (that's more important)

At the moment everything works as I want with local DNS, so I'll live it as is.

Thanks for your help!

Glad you got it sorted, can always do what I did for double nat as sometimes it's down to local ip combo.

See here 

Double nat setup 

@TrebleTAI was looking at your guide, thanks!

Unfortunately, this doesn't work with the new Business Connect Hub, as you cannot fully disable internal firewall, and the hub will block LAN to self traffic.

There is no way to disable this firewall rule.

That's the same in my guide. The sky hub you can not disable ipv4 firewall. So you make the firewall rules and DMZ the ip.

@TrebleTA  Please note that I have a different router (Business Connect Hub: Arcadyan BR440). Even with DMZ and firewall rules in place, the router always drops all traffic originating from LAN and going back to LAN. There is no way to disable this rule.

Sounds faulty, by rights just putting the ip address in a DMZ should remove all firewalls and allow complete access, the firewall rules are there, just in case. So nothing should be droped via lan on that ip. 

Could be a faulty cable, or setup on the non sky device.

Sky Support informed me that the business router is much more restrictive than the residential one ("to protect the business"), there a fewer configuration options, and some settings cannot be disabled.

I can not comment on that, but I was told the other, sky business is better for double nat.

Sounds like a setup issue. What do you have on ya wan settings on the non sky device? 

If you dont mind me seeing?

My configuration is correct, I can access my servers and services from outside without any problems.

It is clear from Sky router firewall logs that it's dropping LAN2SELF packets.

I've resolved the issue by setting up a local DNS server - which to be honest is a slightly better solution than having the internal LAN traffic flow throught Sky router. It saves a few hops.

Thank you for your assiatance!