Cannot access DMZ from Private LAN
Hello,
I have a RV016 linksys router. The WAN public IP is .218 and there is a machine plugged into the DMZ port on this router with a public .219 address. The public can access the .219 DMZ address but the users that I have plugged into this same router with private 192.168.0.x addressed cannot communicate to the .219 DMZ machine. Any thoughts on why? Thank you.
I have a RV016 linksys router. The WAN public IP is .218 and there is a machine plugged into the DMZ port on this router with a public .219 address. The public can access the .219 DMZ address but the users that I have plugged into this same router with private 192.168.0.x addressed cannot communicate to the .219 DMZ machine. Any thoughts on why? Thank you.
ASKER
I understand that machines on the DMZ shouldn't access local/private IP addresses, but I want my local PCs with private IP addresses to have the ability to access the public IPs on the DMZ.
Do you have any additional rules? If you have any additional rules this may kill the default rule that allows LAN to DMZ communication occure. Can you post some screen shots of your setup.
ASKER
Here is a pic of the rules. I have not changed them. The WAN IP is .218 and it is also the DMZ gateway.
rules.jpg
rules.jpg
Have you tried changing your DMZ gateway to the ISPs gateway instead of the WAN IPs address? Just going to the WAN1 IP may be what is doing it.
If that doesn't work post some screen shots of the Ip addressing, NAT and routing setup.
If that doesn't work post some screen shots of the Ip addressing, NAT and routing setup.
ASKER
Hey bkep,
I cannot change the gateway of the DMZ only because there is a VPN setup between the WAN IP (.218) and another site. The remote site is only allowing information sent through that tunnel from .219. So if .219 bypasses .218 won't it circumvent the VPN tunnel?
The local IP address scheme is 192.168.0.0/24 with DHCP disabled. NAT and routing have not been touched so they are set to the defaults. Thanks for your help.
I cannot change the gateway of the DMZ only because there is a VPN setup between the WAN IP (.218) and another site. The remote site is only allowing information sent through that tunnel from .219. So if .219 bypasses .218 won't it circumvent the VPN tunnel?
The local IP address scheme is 192.168.0.0/24 with DHCP disabled. NAT and routing have not been touched so they are set to the defaults. Thanks for your help.
Actually it shouldn't. The ACL for the tunnel should pick up the traffic as it leaves the WAN1 interface to get to the ISP gateway. Even if for some reason it doesn't work if it has a possibility to fix your issue you may want to give it a shot,
Just out of curiosity what servics are you running on your server in the DMZ?
Just out of curiosity what servics are you running on your server in the DMZ?
ASKER
It is an SMPP server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This post should answer any more of your questions
https://www.experts-exchange.com/questions/23201531/RHEL-5-RV016-DMZ-setup.html