2nd LAN subnet unreachable from Internet in Drop-In mode


#1

Hi Support

I’m having problem with the Internet unable to see my 2nd LAN subnet (DMZ: 121.x.x.x/28) in Drop-In mode.
Access from Internet to the mapped server 165.x.x.10 and 165.x.x.11 is fine.
Tried searching the manual & user guide - nothing helpful inside.
Below is my setup.
Someone able to shed some light? I could have missed out certain configuration in the LB.



#2

Hi Anthony,

It looks like you will need to add a static route on Peplink LAN interface for 121.x.x.x/28 that points to the external IP of your firewall.

Hope this helps.

Mike


#3

I’ll give that a try.

I always thought we are suppose to add this under the WAN1 setting - "Additional Public IP Settings"
Do I still need to do so for the above?


#4

I believe your second (DMZ network) is owned by the firewall so you would not have the Balance claim this with additional public IPs. Since this network is routed to your firewall by the ISP and passed through the Balance at layer 2, a LAN static route in the Balance will tell it where this network is located at when routing at layer 3.


#5

Got it.
Thanks guys~!


#6

Just to close this off.
The solution works.
Thanks all~!