Solved

DMZ/INternet Port on Cisco RV042

Posted on 2011-09-26
2
1,726 Views
Last Modified: 2012-09-28
Hey all
Ok, I think this one will be an easy A for the Cisco people.  :-)

Here is what I have.  
4 Servers behind a Cisco RV042 router in a datacenter.  These are private servers with no one using them but exclusive customers.
Server number 5 will be a webserver.  I want it to sit on the DMZ/Internet Port and be accessible by most anyone.  The datacenter has given me a nice block of IP addresses to use.  Here they are:  72.xxx.xxx.82 - .94   72.xxx.xxx.81 is the gateway address.  The router is using .94
The operating system for the webserver is CentOS and the Control Panel is CPanel/WHM.  If I plug the cable into the switch (not the RV042) and give it an internal IP address with one-to-one NAT with IP address of .92 the server can get to the Internet with no issues at all.  But it can also get to the other servers on the network: not good.  And another little drawback is that I kept getting emails from the CPanel saying that "the FQDN resolves to 72.xxx.xxx.92 but it is supposed to resolve to 192.168.xxx.30" (these are the exact words of the email)
So, here is what I need to know.

The RV042 has two WAN ports, one labeled Internet and the other labeled DMZ/Internet.  From what I understand I should be able to turn on the second WAN port and make it a DMZ. The firmware version of the Router is  4.0.4.02.
On the setup page of the router is has a check box to enable DMZ.  If I check that it gives me a configuration page and on this page is has a circle for Subnet or Range (DMZ & WAN within same subnet).  If I check the subnet it gives me two boxes to fill in.  Box one is Specify DMZ IP Address and the other is Subnet Mask.  If I check the Range it gives me two boxes.  IP Range for DMZ Port and the two boxes have a "to" in between them.

Here is the main question with a small "what if" thrown in for good measure.

which one do I choose and what do I type in on the router and what IP address (with subnet and GW of course) do I put on the Webserver.  I really think it needs to be a public IP address to make it work right.
And now for the caveat.  If I want to add another webserver in the near future, can I connect a Switch to the DMZ Port and connect the two webserver to it?

Thanks and please ask for clarification if you need it.
0
Comment
Question by:jonmenefee
  • 2
2 Comments
 

Accepted Solution

by:
jonmenefee earned 0 total points
Comment Utility
Wow, not one response in 3 days.  well, fortunately I found the answer to this question and wil post it here for other people.

When you choose to activate the DMZ Port (not the DMZ host) on an RV042 Router you should choose the Range option.  Then you would put in the Public IP addresses of the different servers that will be using those IP addresses.  In my case I used 74.x.x.91 to 74.x.x.92.  Then, on the server you would put in the IP address that it will be (public one that you entered above), for the subnet mask you would use what your DataCenter gave you.. In my case it was 255.255.255.240 and for the Gateway you would put the same IP that the datacenter gave you.  In my case it was 74.x.x.81 (my usable IPs were 74.x.x.82 - 94.
The next thing you do, if it doesnt work is make sure that if the datacenter uses ARP caching to ask them to flush the cache :-)

I hope this helps and have a great day everyone!!
0
 

Author Closing Comment

by:jonmenefee
Comment Utility
I think that my solution is the correct one because it worked and since no one else was willing to step up and help, I had to find the answers myself
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now