Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cannot access DMZ from Private LAN

Posted on 2008-11-18
9
Medium Priority
?
408 Views
Last Modified: 2012-05-05
Hello,

I have a RV016 linksys router.  The WAN public IP is .218 and there is a machine plugged into the DMZ port on this router with a public .219 address.  The public can access the .219 DMZ address but the users that I have plugged into this same router with private 192.168.0.x addressed cannot communicate to the .219 DMZ machine.  Any thoughts on why?  Thank you.
0
Comment
Question by:AncientFrib
  • 5
  • 4
9 Comments
 
LVL 15

Expert Comment

by:bkepford
ID: 22990782
By default the local hosts block any traffic from a PC on the DMZ. To change that you have to change your accces lists setup.
This post should answer any more of your questions
http://www.experts-exchange.com/Networking/Misc/Q_23201531.html 
0
 
LVL 5

Author Comment

by:AncientFrib
ID: 22991130
I understand that machines on the DMZ shouldn't access local/private IP addresses, but I want my local PCs with private IP addresses to have the ability to access the public IPs on the DMZ.
0
 
LVL 15

Expert Comment

by:bkepford
ID: 22991194
Do you have any additional rules? If you have any additional rules this may kill the default rule that allows LAN to DMZ communication occure. Can you post some screen shots of your setup.
 
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 5

Author Comment

by:AncientFrib
ID: 22991217
Here is a pic of the rules.  I have not changed them.  The WAN IP is .218 and it is also the DMZ gateway.
rules.jpg
0
 
LVL 15

Expert Comment

by:bkepford
ID: 22991276
Have you tried changing your DMZ gateway to the ISPs gateway instead of the WAN IPs address? Just going to the WAN1 IP may be what is doing it.
If that doesn't work post some screen shots of the Ip addressing, NAT and routing setup.
0
 
LVL 5

Author Comment

by:AncientFrib
ID: 22994452
Hey bkep,

I cannot change the gateway of the DMZ only because there is a VPN setup between the WAN IP (.218) and another site.  The remote site is only allowing information sent through that tunnel from .219.  So if .219 bypasses .218 won't it circumvent the VPN tunnel?

The local IP address scheme is 192.168.0.0/24 with DHCP disabled.  NAT and routing have not been touched so they are set to the defaults.  Thanks for your help.
0
 
LVL 15

Expert Comment

by:bkepford
ID: 22994526
Actually it shouldn't. The ACL for the tunnel should pick up the traffic as it leaves the WAN1 interface to get to the ISP gateway. Even if for some reason it doesn't work if it has a possibility to fix your issue you may want to give it a shot,
Just out of curiosity what servics are you running on your server in the DMZ?
 
0
 
LVL 5

Author Comment

by:AncientFrib
ID: 22994648
It is an SMPP server.
0
 
LVL 15

Accepted Solution

by:
bkepford earned 2000 total points
ID: 22995922
Have you thought of using the DMZ host setting instead of using the DMZ port. This will let your local hosts have access?
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question