locked
Remote access only works with DMZ enabled? RRS feed

  • Question

  • I've got my HP MediaSmart Server connected to a D-Link router, which is then forwarded to my Linksys WRT54G3G router. The firewalls on both routers are enabled, and port forwarding has been set up correctly, but remote access only works when the MSS is placed into the DMZ on the Linksys.

     

    Is this a big issue? I mean I've got it working after many weeks of trying and getting the correct settings, so should I be worried that the server is in the DMZ if the router's firewall is enabled? Any idea why remote access only works with the DMZ enabled?

     

    Thanks in advance!

    Sunday, March 16, 2008 12:39 AM

Answers

  • Actually, it's the double-NAT (assuming that your Linksys is connected to the D-Link via its (the Linksys') WAN port) that's killing you.
    Your choices are:
    1- forward the ports (80, 443, and 4125) from router1 to router2; then forward those ports (in router2) to the WHS; or
    2- use the Linksys as a switch/AP (much easier, will also eliminate several other potentional problems.)

     

    Assuming that you only *really* need the Linksys for the wireless functionality (and that you don't really need a double-NAT'ted network), you can configure the Linksys to operate in AP-only mode (but, it's not too intuitive.)  Refer to this thread (at the Smoothwall forums) on how to do it.  I'll leave it up to you, as to which router's DHCP server you want to use (one point, though:  if you keep using the Linksys as the DHCP server, make sure that you enter your D-Link's internal IP address as the default gateway and DNS server.  If you don't, none of the machines on the network will be able to get out - they won't know where 'out' is.)

     

    *Edit:  after re-reading those posts, I may be confused on something:  Which router is connected to the modem- the D-Link, or the Linksys?

     

    Monday, March 17, 2008 4:35 PM

All replies

  • I wouldn't want a server open to the internet, with absolutely no protection at all. I would definitely be worried if that was the only scenario available.

    It sounds as though your port forwarding isn't set up correctly, there is no reason why you shouldn't be able to run the server off a router off a router - if you see what I mean!

     

    Colin

     

    Sunday, March 16, 2008 6:29 PM
  • I should have clarified in my first post, everything is connected to the D-Link, but the D-Link is bridged with the Linksys. There's no port forwarding whatsoever set up in the D-Link, and it has its DHCP option disabled.

     

    Because everything is connected to the D-Link should I set up port forwarding from the D-Link to the IP address of the Linksys router as well, or doesn't it matter because it's already bridged with it?

     

    What about port forwarding the D-Link to the server's IP address?

     

    I did think it was a bit strange that remote access only works with the DMZ enabled for the server's IP address!

    Monday, March 17, 2008 3:31 AM
  • Actually, it's the double-NAT (assuming that your Linksys is connected to the D-Link via its (the Linksys') WAN port) that's killing you.
    Your choices are:
    1- forward the ports (80, 443, and 4125) from router1 to router2; then forward those ports (in router2) to the WHS; or
    2- use the Linksys as a switch/AP (much easier, will also eliminate several other potentional problems.)

     

    Assuming that you only *really* need the Linksys for the wireless functionality (and that you don't really need a double-NAT'ted network), you can configure the Linksys to operate in AP-only mode (but, it's not too intuitive.)  Refer to this thread (at the Smoothwall forums) on how to do it.  I'll leave it up to you, as to which router's DHCP server you want to use (one point, though:  if you keep using the Linksys as the DHCP server, make sure that you enter your D-Link's internal IP address as the default gateway and DNS server.  If you don't, none of the machines on the network will be able to get out - they won't know where 'out' is.)

     

    *Edit:  after re-reading those posts, I may be confused on something:  Which router is connected to the modem- the D-Link, or the Linksys?

     

    Monday, March 17, 2008 4:35 PM
  • Thanks cuppie, actually the Linksys is just connected to the D-Link via a normal port, rather than the WAN port on the D-Link. I don't actually use the router function of the Linksys - I just use it to insert my mobile broadband 3G card so I can access the Internet. So I guess in effect the Linksys accesses the information then passes it to the D-Link where everything is plugged in.

     

    Even though the D-Link has its DHCP disabled, would forwarding the ports from the Linksys to the D-Link then to the server still work?

     

    However just to reiterate, with the current set up as is, absolutely everything works, my main concern was just with the server being in the DMZ zone and if that is a good situation to be in or not. And then why it does only work while it's in the DMZ!

     

    Tuesday, March 18, 2008 8:12 AM
  • Nevermind got it sorted using your advice. I have forwarded the three ports from the Linksys to the IP address of the D-Link, then on the D-Link forwarded the same ports to the server.

     

    Everything still works and I have now disabled the DMZ option on the Linksys, so issue resolved!

     

    Tuesday, March 18, 2008 11:27 AM