DMZ with public addresses
I need help setting up a DMZ in a XG-7100 router. We have 13 public IP addresses that are used for public servers, one is assigned to the WAN the others are in the DMZ.
I need to section one of the Ethernet ports to assign as a DMZ then add the public servers there. I have tried numerous things but failed to gt the DMZ traffic working.
Anyone in Houston, TX willing to come by and help? let me know your rate and disposition.
KOM last edited by
This shouldn't be too hard. Get your DMZ working first. It's just an interface like any other, but you want to put rules in place so that DMZ clients are prevented from accessing LAN or any other interface other than WAN. Remember that all interfaces beyond WAN/LAN need to have rules added or no traffic will flow whatsoever.
Create Virtual IPs (IP Alias) for all of your public addresses except the one you will use for WAN.
Create a port-ward for your first server:
Check to see if it works by accessing it from WAN, not LAN. Use your phone with wifi disabled, for example. Accessing it from LAN by using its WAN address is not the best way to test it.
if it doesn't work, troubleshoot it:
If you want to access your servers via their WAN address, you will need NAT reflection or split DNS:
Do it step by step. Ask questions here if you need to. Post screenshots of what you have done.
The best option for you is a routed subnet that can be placed on an interface behind the router. What they should have provisioned for you is something like a /29 on the interface and the /28 routed to you on that. Then you would be golden.
If you have an interface /28 on WAN and want to use those addresses for servers behind it, the best option is to either port forward or use 1:1 NAT.
The only other option is some sort of filtering bridge.
I can't get it to work, is anyone in Houston willing to come to my office and guide me on this?
What have you done?