DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Firewall DMZ host
- mjsa8000
- Topic Author
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
11 Jun 2010 17:02 #62317
by mjsa8000
Firewall DMZ host was created by mjsa8000
I've tried searching for an answer to this to no avail - possibly because I'm not searching for the right thing.
Basically we have a 2820 with a range of WAN IP addresses set up as aliases. There's the default IP which is used for general internet surfing and inbound email, and the additional IPs are for our future use.
I need to route traffic on certain ports on one of these additional IPs to one particular fixed LAN IP. I also need all the traffic out of this LAN IP to appear on the interweb from the same certain WAN IP. I found I could achieve this by putting the LAN IP in the DMZ with that WAN IP.
Unfortunately this means that LAN IP is completely unfirewalled (other than the software firewall).
Surely there must be a way to achieve this WAN/LAN association without losing the firewall?
Thanks,
Martin.
Basically we have a 2820 with a range of WAN IP addresses set up as aliases. There's the default IP which is used for general internet surfing and inbound email, and the additional IPs are for our future use.
I need to route traffic on certain ports on one of these additional IPs to one particular fixed LAN IP. I also need all the traffic out of this LAN IP to appear on the interweb from the same certain WAN IP. I found I could achieve this by putting the LAN IP in the DMZ with that WAN IP.
Unfortunately this means that LAN IP is completely unfirewalled (other than the software firewall).
Surely there must be a way to achieve this WAN/LAN association without losing the firewall?
Thanks,
Martin.
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
14 Jun 2010 14:50 #62339
by voodle
Replied by voodle on topic Firewall DMZ host
You can also do that using the Address Mapping feature under the NAT menu, to control which IP it uses for outbound traffic, then set up port forwarding / open ports for that IP. Address Mapping is only in 3.3.3.
Alternatively, you can keep it as the DMZ, set up a firewall rule under firewall - Filter setup set to Block if no further match, direction WAN to LAN with that PC's IP as the destination, service type left as Any to Any. Then make rules after with the same destination / direction, action would be Pass Immediately and you'd need to edit the service type's destination port.
The first option is easier though.
Alternatively, you can keep it as the DMZ, set up a firewall rule under firewall - Filter setup set to Block if no further match, direction WAN to LAN with that PC's IP as the destination, service type left as Any to Any. Then make rules after with the same destination / direction, action would be Pass Immediately and you'd need to edit the service type's destination port.
The first option is easier though.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek