I'm trying to make an attached topology.
This router should be attached to 2 different ISPs on both WAN interfaces (ISP1 with IP address - A.B.C.D, and ISP2 with IP W.X.Y.Z) and I want to use DMZ, too. My idea is to make a L2/L3 segmentation with 2 VLANs - Vlan RED for DMZ (private network 192.168.1.0/24) and vlan BLUE for Internal network (network 192.168.2.0/24). I checked in the manual that vlans are supported, but I can't see anything about 802.1q, can I use one trunk port or I should use 2 physical cables?
There should be inter-vlan routing and basic stateful firewall, so PCs in Vlan Blue should be able to initiate connections to DMZ servers, but the opposite should be denied. Router should make a port forwarding on its both WAN interfaces and forward incomming traffic (from Internet) to DMZ servers (with NAT). Both DMZ servers and internal PCs should have an internet access with NAT over both WAN uplinks.
Can I use RV042G for this setup and if not at all - are there any cisco SMB device which can do this?
RV042G support port-based VLAN (i.e. no 802.1q), and computers on different VLANs are isolated from each other.
However, RV042G supports multiple subnets on the LAN side. The topology you depicted can be supported with some access rules and port forwarding rules configured.
Hi Te-Kai Liu,
Greet to hear that! So if we assume that router has an IP address - 192.168.2.1 for Blue VLAN (PC network), can I make port forwarding rules something like:
If http traffic from PC network is comming to 192.168.2.1 on port 80 -> forward this to 192.168.1.10 (Web server on Red vlan).
If Yes - which source IP will Web server see the http request - PC real IP or 192.168.2.1 (if this IP is used on router for Red vlan) ?
With the current firmware, port forwarding can only forward traffic to the default LAN subnet (192.168.1.x) from both WAN IP addresses.
In this case I beleive that I should use only one internal subnet (default LAN) and place servers in the same Vlan as PCs.
Do you know - are there any ways to log into this router via SSH or telnet. Actually is this is a linux based OS and can I do things with iptables?