Create new interface DMZ but problem to access

herken · Dec 21, 2019, 12:44 PM

hello,

i would to create a DMZ interface for my servers. I create the interface DMZ, actually i have 3 interfaces:

LAN : 10.0.0.1 all works fine and computer have full access
WAN : Connection to the router
DMZ : 12.0.0.1

I have several problem, in DHCP server section i can't create a new dhcp server for DMZ, i read somewhere i can create a dhcp for each interface but i don't see how

Is there an error somewhere?

Second question : From the DMZ lan, i put a computer with IP 12.0.0.2 and put gateway and mask 255.255.255.0 and gw 12.0.0.1 but i can't access to the 12.0.0.1 (i suppose i can access to the web ui from the ip of the interface, right?)

I would to have an access to internet using the computer on the dmz, i created the following rules but it's not working :

It's what i see on the log from the computer 12.0.0.2

I don't find the rules Default deny rule IPv4 (1000000103), what is that?

THank you for you help !

FOr information, no gateway is configured for DMZ.

viragomann · Dec 21, 2019, 1:46 PM

Is your DMZ bridged to WAN?
If not, why are you using public IPs on it?

herken · Dec 21, 2019, 1:49 PM

Hello,

i'm not sure it's bridged, where can i check that please (sorry, newbie :) )

you speaking about the range 12.0.0.0? I just choice it but i can change it if it's not a good solution. What's the better choice as subnet?

My situation : LAN => Computers and servers ( maximum 50 devices)
DMZ : Maximum 10 devices.

Thanks !

Rico · Dec 21, 2019, 1:52 PM

https://en.m.wikipedia.org/wiki/Private_network

-Rico

herken · Dec 21, 2019, 1:55 PM

@Rico Ok i will change the DMZ ip to 10.2.0.1, i'm in the good range now, thanks.

It's why it's why it's not working ?

Rico · Dec 21, 2019, 1:57 PM

Destination WAN net is wrong, put any there for testing.

-Rico

Rico · Dec 21, 2019, 1:59 PM

Same for the protocol, atm you only allow TCP traffic.

-Rico

herken · Dec 21, 2019, 2:06 PM

@Rico ok i changed the rules and now it's seems ok to the log, the traffic can pass but i cannot surf actually and the ping to 10.2.0.1 not pass but not blocked by the firewall as you can see

Have i to create a route or something else?

The actual rule :

Thanks !

Rico · Dec 21, 2019, 2:07 PM

Show the DMZ IP configuration (screenshots).

-Rico

herken · Dec 21, 2019, 2:08 PM

@Rico Sure

Rico · Dec 21, 2019, 2:09 PM

Wrong netmask, change /32 to /24

-Rico

herken · Dec 21, 2019, 2:12 PM

@Rico Ho nice it's ok now ! Cause the mask 255.255.255.255 the computer can only see itself right?

Do you know why i can't create a DHcp server on the DMZ interface ? I already configure it on the LAN interface but i imagine we can create for each interface, right?

Thanks so much Rico!

Rico · Dec 21, 2019, 2:14 PM

With the correct netmask you should be able to configure the DHCP server now.

-Rico

herken · Dec 21, 2019, 2:15 PM

@Rico You right i just checked now and the DMZ interface appear now, so perfect.

Thanks !

Gertjan · Dec 21, 2019, 3:05 PM

As said above, remove the WAN net.

Also : TCP only ??
That means that there will be no DNS (UDP mostly !) requests allowed .....
Make that an "any" or at least TCP/UDP/ICMP.

Rico · Dec 21, 2019, 3:22 PM

Glad you have it working now. :-)

-Rico

herken · Dec 21, 2019, 3:56 PM

@Gertjan All works now :) !
Thanks men !