WRV54G - Hardware DMZ for Front End Server. Doesn't Work

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by jesseinsf, Nov 8, 2005.

  1. jesseinsf

    jesseinsf Guest

    You guys/Gals are always talking about VPNs. Well do you guys even know that you can't setup a "Hardware DMZ"? Not Software. Hardware DMXs are good to separate the rest of the network from the DMZ. Software exposes the whole network for hackers to have a field day so I don't want that, So why is a Hardware DMZ not able to be setup in the WRV54G (Even with the Latest Beta Firmware 2.38.6)? because there is no area to input the network Data like Subnet Mask, Default Gateway ext. Does anyone even know about this? If so, let me know. Btw, I tried all Firmware that this router had and still nothing
  2. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    You weren't too specific about what your issues were, so permit me to ramble:

    The hardware DMZ works fine for me. When you enable the hardware DMZ feature on the WRV54G (on switch port 1, I'm sure you realize), the IP address of the DMZ port becomes the same as that for your LAN side, except the 3rd octet in the address is incremented by 1. For example, if the LAN address of your router is, the DMZ interface will be This is automatically reflected in the routing table of the WRV54G. You must manually set the IP address of your DMZ server to reflect the IP subnet of the DMZ, ensuring that the default gateway and DNS server for your server is set to the IP address of the DMZ interface on the Linksys.

    You can test the operation of the DMZ with a simple test: You should be able to ping from servers on the DMZ to the Internet, from the Internet to the DMZ, but *not* from the DMZ to the inside network. BTW, I'm running the same firmware version that you are.

  3. SuperTealc

    SuperTealc Guest

    Hello All,

    I've the same issue but whatever I try, I can't understand what is the problem...
    My lab setup:
    WRV54G Rev2 firmware v2.39
    1 static IP address from my ISP on WAN interface
    Lan network is
    WRV54G LAN IP address is
    I use NAT (gateway mode)

    The DMZ host
    IP pluged on router port 1 (Hardware DMZ led is green)
    Gateway (should be WRV54G)

    I can ping dmz host from the router but i can'''''' ping router from dmz host
    No internet access from dmz

    Lan can fully access to internet

    What is missing??? I'll be crazy!!!
  4. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    I don't think you're crazy and you're probably not missing anything per se. I vaguely remember something like this when I was doing my own testing but I can't remember specifically what the issue was.

    When you say "no internet access from the dmz" does this mean that you can't ping domains or actual IP addresses? Going with the former for a minute, ensure that the router is setup as the DNS server for the workstation, in addition to being its default gateway. Check the routing table on the WRV54G. Obviously it should have a route to the subnet since its physically connected to it on LAN port 1 (the DMZ). Try putting a static route to in the router, using the IP address of the LAN port as the next hop gateway. It might not let you, but there's no harm in trying.

    Similarly, examine the routing table on your workstation ("route print" is the command) If the router is your default gateway you should see an entry like this:

    Active Routes:
    Network Destination Netmask Gateway Interface Metric 10

    If your workstation is dual-homed (ie: 2 NICs) its possible that you have more than one gateway to If this is true, then ensure that the WRV54G has the best metric by (again on the PC) typing in this command:

    route add mask metric 1

    Other thoughts: look at the syslog output from the router. See if it's discarding ICMP from your workstation when you're trying to ping the router from the workstation. It almost sounds like its accepting icmp echo-replies but not icmp echo-requests.

    Anyway...just thoughts. PM me again if you're still having no luck.

