I had been using a netgear VPN firewall router that allowed me to setup the DMZ using a private IP and a IPV4 DHCP server. To that DMZ port I attach a normal WiFi firewall router (it's WAN port to the DMZ port on the VPN firewall router). The VPN Firewall routers WAN port was to the cable modem. Since the product was discontinued and no more firmware updates (and moving to a subscription model), I decided to find something else and decided on the RV340.
I wanted to duplicate what I would do above, I tried enabling the hardware DMZ (172.16.1.2) , and moving from DHCP on the wireless router to static IP 172.16.1.1 with DNS/Default GW to 172.16.1.2. It worked to the point of DNS worked, but trying to ping or access anything wouldn't go through. I tried playing with the firewall access rules, but no dice. I figure it may be the private IP address dang it. Now that was with the firmware out of the box which was from 2012 (I since upgraded to latest version after abandoning hardware DMZ).
Can Issue 1 above be done or you have to have a public IP when using hardware dmz?
I moved to setting up a VLAN but it just refused to create what I wanted. The box is 192.168.3.1 (VLAN1), and wanted a new VLAN on port 4 of 172.16.1.2 but it wouldn't take it, instead I had to use 192.168.2.2 (untagged for port 4 and excluded ports 1-3, changed vlan1 to exclude port 4) and enabled DHCP for a single address 192.168.2.1 (the wireless router is now set to DHCP mode on the WAN port) and setup the DMZ on the firewall tab to be 192.168.2.1. That worked, but then I could access the 192.168.3.x network from the DMZ network (192.168.2.x). So I had to go in an setup access rule to deny VLAN2 from going to VLAN1. That seemed to work although I can still ping 192.168.3.1 itself (but not the other items in 192.168.3.x).
Is there a way to use something like the 172.16.x.x VLAN when main box is 192.168.x.x?
Why can 192.168.3.1 be pinged from DMZ network and is the 192.168.3.x network secure with those access rules setup (deny from VLAN2 to VLAN1)?
What does it mean to Tag, Untag or Exclude a port on the VLAN configuration. I didn't quite get it when it said at least one port has to be untagged on each vlan.
P.S. It's late, I'm tried, hope the above makes sence.