1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042 DMZ help needed

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by john0720, Sep 27, 2004.

  1. john0720

    john0720 Network Guru Member


    I'm trying to configure the DMZ port on my RV042 but I'm having troubles. Hopefully someone can spot the errors of my ways!

    Here is my configuration information:

    3 static IP addresses from my ISP: xx.yy.zz.25, .151, and .154

    WAN IP = xx.yy.zz.25
    Subnet mask =

    DMZ IP = xx.yy.zz.151
    Subnet mask =

    My computer behind the DMZ port has IP address .154. Its gateway is configured to be .25.

    Here's the strange part: From my local LAN (192.168.1.x) I can freely talk to the DMZ computer. The router routes from the LAN to the DMZ port just fine. Likewise, if I open up the firewall rule I can talk from the DMZ machine to a machine on my LAN.

    If I try to ping a machine on the internet (e.g., a server @ my work) from my DMZ computer I can see the packets being accepted by the router going out, but no incoming packets are routed to the DMZ. If I try to access my DMZ computer from a machine on the internet no packets get routed to the DMZ machine.

    As an experiment, I tried hooking the DMZ computer directly to my DSL modem. Doing this I could easily get to and from my DMZ computer (IP == .154). So I know that my ISP is properly routing .25, .151, and .154 to my DSL modem. Its just that my RV042 doesn't seem to want to route packets from the WAN port to the DMZ port.

    I tried completely disabling the firewall with no affect. I tried creating wide open firewall rules with no affect.

    I tried creating a static route, but I'm not sure I did it right.

    I tried calling Linksys/Cisco tech support and had the most horrible time. "The computer connected to my DMZ port doesn't receive packets." To which I was asked "Do you have a computer connected to your DMZ port?" Great example of why we outsource tech support!

    The firmware version of my router is 1.2.3 (May 28 2004 12:16:40).

    Any advice would be greatly appreciated!
  2. Webmeisterus

    Webmeisterus Network Guru Member

    Alhtough I have not used an RV042, your problem seems identical to the failure of the DMZ port on the RV082 until its most recent firmware update 1.1.5. In the RV082's case, the DMZ port simply did not route from the WAN until the firmware update. Since version 1.1.5 for the RV082 is more recent than the 1.2.3 firmware for the RV042/RV016, I suspect you'll need a firmware update to correct your issues with DMZ.

    Hope this helps.
  3. michael_k007

    michael_k007 LI Guru Member

    WAN - DMZ not working

    I'm using version rv042 and I see the same problem, where no
    traffic is going from the WAN to the DMZ or vise versa

    Is this still a problem where the packets are not routed properly?
  4. egyvoip

    egyvoip LI Guru Member

    Simple you can't work like that try to change your wan subnet to and your DMZ PC too even your ISP doesn't provide, then try again

    lets know the updates
  5. Sleeman

    Sleeman LI Guru Member

    RV042 DMZ - how it works with PPPoE

    Linksys did a p*ss poor job of explaining this in any documentation, and their tech support folks seem to know even less.

    I've used the DMZ port successfully with a DSL provider, and here's how.

    1. Get your ISP to assign you a static IP when you login with PPPoE credentials.

    2. Get your ISP to route a 'block' of IP's to your static IP.

    3. Configure the DMZ as 'Subnet' with the gateway address and subnet.

    IP 'blocks' can be of various sizes, but if you only need 1 public IP, the 'block' would come with a .252 subnet.

    Let's say your ISP gives you aaa.bbb.ccc.192 - 195 with a subnet of

    This means all IP's in that range have the same subnet AND. . .

    .192 is the 'network' address.
    .193 is the 'gateway' address **this is the address you use in the 'setup' page of the RV042.
    .194 is the *only* usable public IP in the DMZ.
    .195 is the 'broadcast' address.

    If you get a .248 block with a .192 network, then you end up with 5 usuable IP's in the DMZ (you need to run the DMZ port through a switch to use all more than 1 IP).

    Here's a good site: www.learntosubnet.com

    For the $, this is the cheapest 'true' DMZ solution you're going to find.

    Does it work? Yes, but the jury is still out on how solid it is. I've got an IP-PBX that doesn't work on it - SIP packets that SHOULD make it to the DMZ don't, and my IP-PBX vendor is baffled. Linksys tech support is non-exisitant (and I'm a Linksys VAR). I demonstrated the problem, did Ethereal packet traces to prove the packets weren't making it to the DMZ, and wraped up the issue with a bow on top so they could replicate the problem and fix it (and I replicated the problem on more than 1 RV042 myself).

    Did I ever hear back from them? Nope. I suspect it's a Cisco conspiracy. If the DMZ on the RV's worked as it _should_ and word got out, they wouldn't be able to make them fast enough. Simply a case of Cisco not allowing the developers to fix a feature that perhaps they didn't want in a $200 router. Too bad, cuz it would be killer if it was solid.

    I hope this helps other folks. I had to figure this out on my own, and searching the site, there's not much here with a decent explanation - at least from how I understand and have used the product.


  6. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    I have my RV042 behind my PIX firewall. In effect, the PIX is the "ISP" per the last post. I'm using 3 subnets on the RV042, LAN:, WAN:, DMZ:

    My mail / www server is in the DMZ on IP address, and is configured with a static IP address to use the DMZ interface on the RV042,, as its default gateway.

    For some reason (and yes, I agree the documentation is sparse), the DMZ subnet and WAN subnet have to be "on the same subnet". What this amounts to is as long as the 1st 3 octets, 192.168.99.xx are the same then everything's hunkey dorey.

    BTW, I've noticed SIP is broken across the RV042 also. I have my VoIP phone in the WAN subnet between the RV042 and the PIX


Share This Page