Balance 20, 30 or One Core with DMZ passthrough set-up questions


#1

I am looking at one of the above routers and I can’t find my answer to a DMZ. Here would be my set-up:

2 incoming PPPOE internet connections going to WAN1 and WAN2
Balance router running firewall and load balancing two PPPOE incoming internet connections
LAN1 going to a dlink switch for external network
LAN2 going to a WAP as a guest network WAP is in bridge mode
LAN3 going to a MESH WAP (ROUTER) with it’s own firewall in a double NAT set-up handing out it’s on DHCP addresses.

How do I get all traffic to pass through LAN 3 (or any LAN) port so my internal NAS, automation server, etc. has access to the outside world through the double NAT?

With my current TPLink router I can set a DMZ for the LAN port but I don’t see that option here. I’ve searched DMZ and it appears there is none so I’m guessing (hoping) there’s a good work around since this is a common feature on many routers.

Thanks in advance,

John


#2

Hi John, I’m not sure I understand the question correctly but we do support port-based VLAN’s if that is what you are referring to. This would allow you to setup unique networks and assign them to specific LAN ports.

Thanks.


#3

Thanks for the reply. It’s my understanding that with a VLAN my LAN3 Mesh WAP would need to be in bridge mode? I’m hoping to keep the LAN3 WAP in router mode and have it hand out it’s own DHCP’s. I should probably be saying LAN3 Router and not WAP. Sorry about that.

Edited original post for clarity


#4

There is no reason why you can’t have the LAN3 device in router mode, it just means you will be doing a double-NAT.


#5

And you believe that even without a DMZ open to LAN3 I won’t encounter issues by having a double firewall (peplink and lan3 router) or by not having all ports open as a DMZ does? Currently my NAS, router and automation systems have no problems reaching out behind the double NAT with the lan dmz’d.

Obviously Im not in tech however I dont want to drop this kind of money on a home business system to have it not operate correctly. I think your product will be a faster and more stable upgrade for my system.


#6

If all of your activity is outbound you will have no issues. If you have incoming connections to like a webserver you would need to do double port-forwarding.

Thanks.


#7

Thank you for your help.

Edit: I placed the order today. Thanks again.


#8

After a few days with the unit I’m very happy. I skipped the double NAT and put the eero in bridge mode. The interface on the Peplink allows me to throttle groups which I do for the guest network. I now understand better that the double NAT wouldn’t have allowed the router to load balance as effectively as only one IP address would be seen behind the second NAT. The Peplink Pepwave router utility is sure handy.

Thanks so much for your assistance.