SSG20 with WRT54G in DMZ



  • I want to provide internet access only (no internal access) to WiFi users and have added a WRT54G to the DMZ port (eth0/1) on the SSG20.  The Internet access is provided on the eth0/0 (untrusted) connection.  I can get out to the internet via the trusted (eth0/2-0/4) connections.  But I can’t get out via the DMZ.

    I have x.x.0.x/24 as the IPs from the Internet gateway.  eth0/0 is x.x.0.103

    The trusted IPs are x.x.20.x/24

    I want to give 10.10.x.x to Wifi users and have them go out on the eth0/0 connection.  I have set the WRT54G to use 10.10.1.1 (not really but it helps for explanation purposes) but its internet connection is set to use DHCP and so should get a x.x.0.x address.  It does not presently get this address.  Hence my problem and seeking advice.

    Also the WRT54G is using DHCP to provide WiFi users with an address.

    I am not familiar with the SSG20 this is my very first one so any boob advice would be appreciated.  I have read the manual but it is not scenario based and so doesn’t give any examples on how to do what I want.

    Thanks in advise for any help.



  • OK I suspect I am on the right track to solving this but a simple ANY to ANY DMZ -> Untrust policy with NAT still doesn’t provide Internet access for the WiFi users.



  • If anyone is having similar issues this may be related: http://www.juniperforum.com/index.php/topic,9413.0.html

    Please note I haven’t tested this yet so will provide an update on this once I have done so.


 

45
Online

38.4k
Users

12.7k
Topics

44.5k
Posts