Subnet with Balance 380 (DMZ)

I need to create a “DMZ” with its own subnet to hold a reverse proxy server which will sit in front of a public facing web server.

The reverse proxy will have an IP of
The rest of the LAN is on

How do I get the Balance 380 to forward WAN traffic to the reverse proxy, and to also route the proxy forward to the web server at ?

Thanks for any advice


Create a VLAN for the DMZ
Port forward in the usual way ports 443/80 from one of your WAN IPs to the IP in that VLAN you have given the Proxy (ie

Then create a firewall ruleset that blocks all ports to and from the web proxy apart from those needed for it to function (ie only traffic from destined to the IP of the web server at on ports 80/443. Block everything else.

Then your new VLAN is acting as a DMZ.

1 Like


Thanks for the help!

I’ve got it set up and can ping from the to, but not the other way. Seems I am missing something here. Before I point a public IP at the Reverse Proxy I wanted to be sure I can connect to the required server at


Thanks again,



Correction. I cannot ping either way. I expected that with “Inter-VLAN routing” enabled I would be able to connect to the server at from

Missing something in my settings. Any idea what?



For now, set internal firewall rules to any/any allow so that we know the firewall isn’t the cause. Login to the web server and the proxy and ping the Balance 380 IP on their VLANs own.

Then login to the balance and use the ping tool in the webadmin to prove you can ping both the web server and the proxy.from the router.

Make sure both devices have got their default gateways set to be the Balance 380 too.
Then check the software firewall logs on the webserver - often when using a private IP they will block all traffic apart from that which originates from the same subnet.

1 Like

Hi Martin,

I really appreciate the help but still am having problems. I’ll try and be as complete as possible.

The Peplink 380 is using version 6.3.4 build 3613

The main network is

I added the vlan subnet

I added a new internal firewall rule with logging enabled to try and see what is happening

The logs show this, which is a ping from my Win10 PC to the Server, but the ping times out with no response

Here is an attempt to SSH to the server. Also no response

I setup another PC on my LAN with IP of
This PC can ping and connect to the server at, but it cannot connect to the internet or to any device.

Here are some ping test results via the Balance380 (from

And here are ping test results via the Balance380 (from

Any more advice or ideas will be appreciated!



Do you have anything else on the network or is it just a single web server?
Is the Balance doing DHCP on both LANs?
What’s the default gateway set to on the server?

Hey Martin,

The server has as gateway
DHCP is not enabled on the vlan subnet
The server at will be the only device. It will become a reverse proxy. I did setup a win10 pc at for testing. It cannot see any devices either.



@Bill_Casey ,

How the proxy server and the test PC connected to the B305 ?

Setup looks good. Everything is pointing to either a network misconfiguration on the Web server or some sort of software firewall that is blocking access.

I would likely run a network capture on the web server (or on the balance) and prove that traffic is getting to the web server from the other LAN (but being rejected) to confirm this.

Hello Martin,

Thanks for looking at it. I’ll try and see if Wireshark can help diagnose the traffic.

  • Bill

The Balance is connected to a Netgear GS748Tv3 Switch
A NetGear GS116 Switch connects to the GS748Tv3
The Proxy Sever and the Test PC connect to a the GS116 switch

  • Bill

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.