Thank you Andrew for your reply

I have tried port forwarding the HTTP trafic to the same IP without adding it to the DMZ and it doesn't work

Actually me failing in forwarding ports to any IP within my network is the reason I'm trying to add one IP to the DMZ

Would you please explain what you mean by "typically you'd just configure one of the 192.168.15.x addresses."

I only have one VLAN which is the default one.

Is there a way I can configure this router to place one machine in the DMZ by creating a separate VLAN for it?

This router makes me miss my old faithful 3Com so bad

Hi Mohammad,

From default settings (i.e. with NAT enabled), forwarding specific traffic to an internal client is just a matter of creating a port forwarding rule.  For example, the following screenshot shows how to forward HTTP traffic (port 80) to an internal client with IP address 192.168.15.2.  Please ensure that you enable the rule as shown.

Once the rule is configured, you should see it summarised as follows:

Alternatively, configure a DMZ host as follows.  In this case, all unknown inbound traffic will be forwarded to 192.168.15.2.

While you could create a separate VLAN and configure a host in that IP Subnet as the DMZ host, I don't think this is really what you are referring to above.  The SRP540 and SRP520-U series (the later will be available in the early New Year) both support the following:

Software DMZ: Allows a private DMZ host to be configured and bound to any public IP address.

Hardware DMZ: Configures LAN port 4 as a separate layer 2 DMZ interface to which the SRP will forward all traffic addressed to nominated IP addresses.  In this case the local client would be directly configured to use the public IP address.

I hope that this helps.

Andy

Hi Andy

Thank you for taking the time to detail the steps for me. I'm really grateful for that.

I have already done these steps before and it just doesn't work.

The only difference is that in my case my WAN Interface Name is "PVC0" since I'm using ADSL service.

Please check this picture:

I noticed something weird, it does not port forward to any Static IP inside the network!

If I want port forwarding to work I have to remove the machines static IP and have it negotiate a new IP from the routers DHCP pool.

Same weird rule applies to DMZ function. Even if I have it assigned to a specific MAC Address.

I'm positive it is a router/firmware issue.

Now I have some servers within the network with static IPs that I don't want to change... what can I do?

Thanks for the feedback Mohammad,

That does look suspect - let me take a look at that for you.

Cheers

Andy

Hi Mohammad,

I've just been trying this with my SRP527 which is connected using PPPoA to a UK service provider. 

I configured a port forward for a number of protocols and a PC on my LAN with a static IP address

From my testing, I see that forwarding works as expected.

I notice above that you are forwarding to 192.168.1.3, I assume that you have changed the default local subnet from 192.168.15.0/24.  There is no problem with doing this - I just wanted to double check that this is what you have done.

In  my testing, I have actually done the same thing as you - configured my  DHCP Server to use 192.168.1.1.  My PC is statically configured with  192.168.1.2.

What ADSL configuration are you using?  PPPoA, PPPoE...?

Apologies  for this question, but you do have the firewall on you server  configured to allow these connections from remote IP addresses?

If this is still not working for you, could I suggest that you factory reset and add a simple ADSL and port forwarding configuration, then see if this works before adding any additional configuration.

Regards,

Andy

Hi Andy

Thanks again for taking the time to help me

I have a PPPoE / LLC / UBR connection

I have to state that the connection to the internet is really fast and stable. I guess the Cisco router is more snappier and can handle trafic loads better than the old 3Com.

Since I was replacing an old 3Com router with a default gateway address of "192.168.1.1"  and my entire network was configured to use that IP as its gateway address I changed the Cisco router's Local IP Address/DHCP Rule to match the old 3Com's.

The firewall of the machine I want to place into the DMZ is not the problem. If I remove the Cisco and put back the old 3Com I can instantly access the machine from any external address.

Although I have already tired that twice, but when I get back to the office I'll factory-reset the router and maybe reload the firmware. It could be misconfigured or has a corrupt firmware image-although I get no wornings and the log doesn't show anything suspecious regarding this.

Thank you again

M. Ammar

Hi Andy,

I managed to get the DMZ function to work by having the machine negotiate an IP address from the server then add that IP to the DHCP Reservation List.

Bottom line is -after multiple resets anf firmware reloads- If I assign a static IP to that machine then DMZ function doesn't work.

I'll wait till the next firmware release and see. If it doesn't resolve this issue I might replace the router under warranty.

Thank you

Hi Mohammad,

Thanks for taking the time to feedback your findings.  Out of interest, what type of device are you using as your DMZ host?

If you'd be willing to try your static IP configuration once more, could you send me the remote support file from the SRP (look under the Admin menu) while DMZ forwarding is not working please?

Many thanks,

Andy

Hi Andrew,

Sorry for the late reply but I have been hammered with work in the past couple of weeks.

The router panel has nothing that says "Remote Support", but I do have "Remote Debug" under the Administrator menu.

If that is the function you were talking about then please let me know and I'll try placing a machine in the DMZ and send you the debug log if it still doesn't work.

Best,

M. Ammar

Hi Andrew,

I have this exact same problem with my SRP527W.  In actual fact I 2 units, the older is working fine but the newer one wont port forward and unfortuaneltly I dont have the option of using a DHCP Pool.  I have tried the same firmware as the device that is working and the latest one.  This is really frustrating as having two adls connections means I can remotely reset one router without having to drive in.  Please help!

Aleks,

Please update your router firmware to version SRP520_1.01.27_007 or higher. This have solved my problems.

Cheers