Create new interface DMZ but problem to access

herken

hello,

i would to create a DMZ interface for my servers. I create the interface DMZ, actually i have 3 interfaces:

LAN : 10.0.0.1 all works fine and computer have full access
WAN : Connection to the router
DMZ : 12.0.0.1

I have several problem, in DHCP server section i can't create a new dhcp server for DMZ, i read somewhere i can create a dhcp for each interface but i don't see how

Is there an error somewhere?

Second question : From the DMZ lan, i put a computer with IP 12.0.0.2 and put gateway and mask 255.255.255.0 and gw 12.0.0.1 but i can't access to the 12.0.0.1 (i suppose i can access to the web ui from the ip of the interface, right?)

I would to have an access to internet using the computer on the dmz, i created the following rules but it's not working :

It's what i see on the log from the computer 12.0.0.2

I don't find the rules Default deny rule IPv4 (1000000103), what is that?

THank you for you help !

FOr information, no gateway is configured for DMZ.

viragomann

Is your DMZ bridged to WAN?
If not, why are you using public IPs on it?

herken

Hello,

i'm not sure it's bridged, where can i check that please (sorry, newbie :) )

you speaking about the range 12.0.0.0? I just choice it but i can change it if it's not a good solution. What's the better choice as subnet?

My situation : LAN => Computers and servers ( maximum 50 devices)
DMZ : Maximum 10 devices.

Thanks !

Rico

https://en.m.wikipedia.org/wiki/Private_network

-Rico

herken

@Rico Ok i will change the DMZ ip to 10.2.0.1, i'm in the good range now, thanks.

It's why it's why it's not working ?

Rico

Destination WAN net is wrong, put any there for testing.

-Rico

Rico

Same for the protocol, atm you only allow TCP traffic.

-Rico

herken

@Rico ok i changed the rules and now it's seems ok to the log, the traffic can pass but i cannot surf actually and the ping to 10.2.0.1 not pass but not blocked by the firewall as you can see

Have i to create a route or something else?

The actual rule :

Thanks !

Rico

Show the DMZ IP configuration (screenshots).

-Rico

herken

@Rico Sure

Rico

Wrong netmask, change /32 to /24

-Rico

herken

@Rico Ho nice it's ok now ! Cause the mask 255.255.255.255 the computer can only see itself right?

Do you know why i can't create a DHcp server on the DMZ interface ? I already configure it on the LAN interface but i imagine we can create for each interface, right?

Thanks so much Rico!

Rico

With the correct netmask you should be able to configure the DHCP server now.

-Rico

herken

@Rico You right i just checked now and the DMZ interface appear now, so perfect.

Thanks !

Gertjan

As said above, remove the WAN net.

Also : TCP only ??
That means that there will be no DNS (UDP mostly !) requests allowed .....
Make that an "any" or at least TCP/UDP/ICMP.

Rico

Glad you have it working now. :-)

-Rico

herken

@Gertjan All works now :) !
Thanks men !