SSG20 with WRT54G in DMZ
I want to provide internet access only (no internal access) to WiFi users and have added a WRT54G to the DMZ port (eth0/1) on the SSG20. The Internet access is provided on the eth0/0 (untrusted) connection. I can get out to the internet via the trusted (eth0/2-0/4) connections. But I can’t get out via the DMZ.
I have x.x.0.x/24 as the IPs from the Internet gateway. eth0/0 is x.x.0.103
The trusted IPs are x.x.20.x/24
I want to give 10.10.x.x to Wifi users and have them go out on the eth0/0 connection. I have set the WRT54G to use 10.10.1.1 (not really but it helps for explanation purposes) but its internet connection is set to use DHCP and so should get a x.x.0.x address. It does not presently get this address. Hence my problem and seeking advice.
Also the WRT54G is using DHCP to provide WiFi users with an address.
I am not familiar with the SSG20 this is my very first one so any boob advice would be appreciated. I have read the manual but it is not scenario based and so doesn’t give any examples on how to do what I want.
Thanks in advise for any help.
OK I suspect I am on the right track to solving this but a simple ANY to ANY DMZ -> Untrust policy with NAT still doesn’t provide Internet access for the WiFi users.
If anyone is having similar issues this may be related: http://www.juniperforum.com/index.php/topic,9413.0.html
Please note I haven’t tested this yet so will provide an update on this once I have done so.