On the Vigor Router, each WAN interface has a DMZ (demilitarized zone), where you can add a LAN host (IP address) and make it completely exposed to the Internet. The DMZ host will be accessible by the IP address of the WAN interface, and the router will map all the unsolicited traffic on the WAN interface to it. It is the solution when you need to do forward traffic to a LAN server but cannot define the traffic by UDP or TCP ports.
To add a host into DMZ, go to NAT >> DMZ Host, and go the tab of the WAN interface you want the host to be accessed from
Note that the following functions have higher priority than the DMZ Host settings so that traffic will not be forwarded to the DMZ host if: (1) It matches the Port Redirection settings. (2) It matches the Open Ports setting. (3) It is destined to the ports on which the router itself is actively listening. (For example, if WAN management is enabled on the router and allows telnet and HTTP access, inbound packets to ports 23 and 80 will be intercepted by the router).
Instead of anyone could access DMZ, we may prefer to set up a whitelist for the source IP. We can achieve this by two firewall rules. Go to Firewall >> Filter Setup >> Default Data Filter to add the rules:
Rule #1 (usually we start adding rules from index 2)
Rule #2
Now, only source IP 111.111.111.111 could access DMZ host 192.168.1.11
To add a host into DMZ, go to NAT >> DMZ Host, and add a profile as follows:
Note that the following functions have higher priority than the DMZ Host settings so that traffic will not be forwarded to the DMZ host if:
(1) It matches the Port Redirection settings.
(2) It matches the Open Ports setting.
(3) It is destined to the ports on which the router itself is actively listening. (For example, if WAN management is enabled on the router and allows telnet and HTTP access, inbound packets to ports 23 and 80 will be intercepted by the router).
Published On: 2018-05-09
Was this helpful?