Hi Community,
I am trying to set up a DMZ by creating a dual homed firewall configuration using two routers. I want to create a "secure" DMZ (not using the router's DMZ option) so that I can put a media server on the DMZ and access it remotely. I couldn't find any good tutorials on how to setup a dual-homed so this is what I have so far:
ISP
Router 1 (Netgear Running DD-WRT firmware):
LAN: 192.168.1.0/24
Vlans: 10.1.10.0/24 (DMZ) and 10.168.78.0/24 (Intranet)
DHCP and NAT enabled
Wireless disabled
Router 2 (PfSense): WAN port connected to DD-WRT LAN
WAN: 10.168.78.2
LAN: 10.201.10.0/24
DHCP and NAT enabled
Smart Switch:
LAN: 10.201.10.3
Wireless AP (Router3): Connected to Switch using Router 3 LAN port
LAN: 10.201.10.254
DHCP and NAT disabled
Questions:
1.) Is this the correct way of setting up this type of configuration?
2.) I can already tell that I am double NATting so any suggestions on how to work around this problem? I want router 1 and the DMZ to be isolated from my internal network, with my internal network handing out DHCP and all of my computers connected to the internal network
3.) If, lets say, I have Skype on my computer in the 10.201.10.0 network, since it's behind a second router would I have to port forward the Skype's ports to router 2, and then port forward from router 2 to my computer's IP?
Thanks for any advice anyone can give me!
I am trying to set up a DMZ by creating a dual homed firewall configuration using two routers. I want to create a "secure" DMZ (not using the router's DMZ option) so that I can put a media server on the DMZ and access it remotely. I couldn't find any good tutorials on how to setup a dual-homed so this is what I have so far:
ISP
Router 1 (Netgear Running DD-WRT firmware):
LAN: 192.168.1.0/24
Vlans: 10.1.10.0/24 (DMZ) and 10.168.78.0/24 (Intranet)
DHCP and NAT enabled
Wireless disabled
Router 2 (PfSense): WAN port connected to DD-WRT LAN
WAN: 10.168.78.2
LAN: 10.201.10.0/24
DHCP and NAT enabled
Smart Switch:
LAN: 10.201.10.3
Wireless AP (Router3): Connected to Switch using Router 3 LAN port
LAN: 10.201.10.254
DHCP and NAT disabled
Questions:
1.) Is this the correct way of setting up this type of configuration?
2.) I can already tell that I am double NATting so any suggestions on how to work around this problem? I want router 1 and the DMZ to be isolated from my internal network, with my internal network handing out DHCP and all of my computers connected to the internal network
3.) If, lets say, I have Skype on my computer in the 10.201.10.0 network, since it's behind a second router would I have to port forward the Skype's ports to router 2, and then port forward from router 2 to my computer's IP?
Thanks for any advice anyone can give me!