Add a LAN IP Address to DMZ

To add a host into DMZ, go to NAT >> DMZ Host, and go the tab of the WAN interface you want the host to be accessed from

1. For WAN 1, select "Private IP"; For other WANs, check Enable.
2. Click Choose IP at Private IP and select the IP address of the DMZ host
3. Click OK to apply the settings.

Note that the following functions have higher priority than the DMZ Host settings so that traffic will not be forwarded to the DMZ host if: (1) It matches the Port Redirection settings. (2) It matches the Open Ports setting. (3) It is destined to the ports on which the router itself is actively listening. (For example, if WAN management is enabled on the router and allows telnet and HTTP access, inbound packets to ports 23 and 80 will be intercepted by the router).

Set up Access Control List (Optional)

Instead of anyone could access DMZ, we may prefer to set up a whitelist for the source IP. We can achieve this by two firewall rules. Go to Firewall >> Filter Setup >> Default Data Filter to add the rules:

Rule #1 (usually we start adding rules from index 2)

• Direction: WAN -> LAN/DMZ/RT/VPN
• Source IP/Country: Allowed source
• Destination IP/Country: DMZ host
• Action: Pass Immediately

Rule #2

• Direction: WAN -> LAN/DMZ/RT/VPN
• Source IP/Country: Any
• Destination IP/Country: DMZ host
• Action: Block Immediately

Now, only source IP 111.111.111.111 could access DMZ host 192.168.1.11