Cannot access DMZ from Private LAN


I have a RV016 linksys router.  The WAN public IP is .218 and there is a machine plugged into the DMZ port on this router with a public .219 address.  The public can access the .219 DMZ address but the users that I have plugged into this same router with private 192.168.0.x addressed cannot communicate to the .219 DMZ machine.  Any thoughts on why?  Thank you.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

By default the local hosts block any traffic from a PC on the DMZ. To change that you have to change your accces lists setup.
This post should answer any more of your questions 
AncientFribAuthor Commented:
I understand that machines on the DMZ shouldn't access local/private IP addresses, but I want my local PCs with private IP addresses to have the ability to access the public IPs on the DMZ.
Do you have any additional rules? If you have any additional rules this may kill the default rule that allows LAN to DMZ communication occure. Can you post some screen shots of your setup.
Put Your Flow Data to Work

SolarWinds® Flow Tool Bundle combines three easy-to-download, easy-to-use flow analysis tools that can help you quickly distribute, test, and configure your flow traffic.

AncientFribAuthor Commented:
Here is a pic of the rules.  I have not changed them.  The WAN IP is .218 and it is also the DMZ gateway.
Have you tried changing your DMZ gateway to the ISPs gateway instead of the WAN IPs address? Just going to the WAN1 IP may be what is doing it.
If that doesn't work post some screen shots of the Ip addressing, NAT and routing setup.
AncientFribAuthor Commented:
Hey bkep,

I cannot change the gateway of the DMZ only because there is a VPN setup between the WAN IP (.218) and another site.  The remote site is only allowing information sent through that tunnel from .219.  So if .219 bypasses .218 won't it circumvent the VPN tunnel?

The local IP address scheme is with DHCP disabled.  NAT and routing have not been touched so they are set to the defaults.  Thanks for your help.
Actually it shouldn't. The ACL for the tunnel should pick up the traffic as it leaves the WAN1 interface to get to the ISP gateway. Even if for some reason it doesn't work if it has a possibility to fix your issue you may want to give it a shot,
Just out of curiosity what servics are you running on your server in the DMZ?
AncientFribAuthor Commented:
It is an SMPP server.
Have you thought of using the DMZ host setting instead of using the DMZ port. This will let your local hosts have access?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.