LRT214 DMZ & DHCP

[the-ninth]

Hi,

I am just setting up a LRT214 for our community network.

We use NAT for our LAN, but also have a small range of public IP addresses, which I would like to use for a DMZ. There are some appliances in the DMZ to which I do not have full access, therefore it would be useful to use DHCP with IP & MAC binding for their configuration. However it seems that the LRT214 does not support DHCP for the DMZ.

I looked at using a second VLAN as DMZ instead of the DMZ port, however the LRT214 does not support enabling/disabling NAT per VLAN. So I cannot have one VLAN with NAT and internal IP addresses and another VLAN without NAT and public IP addresses.

The last idea that came to my mind was use a VLAN as DMZ with NAT and a range of One-to-One NAT mappings. Need to research this option a bit further.

What are your thoughts? Am I missing something obvious? How would you solve this?

Regards, Robert

 

[Trip]

It may simply not be doable with the Linksys firmware, but it should be with a more enterprise-level firewall distro / services router.

Presuming that's the case, I'd return or eBay the Linksys and replace with a Ubiquiti EdgeRouter, Mikrotik RB/CCR, pfSense box, or whatever enterprise routing platform you like best.

 

[the-ninth]

Hi,

It may simply not be doable with the Linksys firmware, but it should be with a more enterprise-level firewall distro / services router.

Unfortunately an enterprise-level device is not within our budget.

But I think I got it to work now, using a VLAN as DMZ. The WLAN has an internal subnet of the same size as our public subnet. IP addresses are mapped via the One-to-One NAT feature. It was needed to make the default VLAN the DMZ VLAN, because the One-to-One NAT only works with the default VLAN.

Regards, Robert