RV082 Port Forwarding or DMZ Configuration Assistance

Similar Messages

• Port forwarding and DMZ refuses to work properly on WRT54G wireless router.

  I have a network setup on the wireless WRT54G version 8 (with latest firmware) router and port forwarding and DMZ refuse to work correctly. I'm trying to use bittorrent and connect my xbox360 to my computer and neither work properly even after setting up port forwarding in the "Applications and Gaming" tab.
  here's a screenshot of my port forwarding page:
  http://img205.imageshack.us/img205/1497/linksysbg2.jpg
  here's a screenshot of the DMZ page (my computer's IP ends in 102 obviously):
  http://img510.imageshack.us/img510/2131/linksys1rf5.jpg
  now, I've experienced this type of problem before. On a different linksys router a year or 2 back I remember the DMZ never working on that one either and I eventually had to buy a d-link router which worked perfectly. I'm only using this wireless router because it's my roommates and he brought it up. Somebody please explain to me why this isn't working correctly. I am becoming more and more frustrated as I lose faith in linksys routers. Thanks

  Did you tired upgrade of the firmware on the router??
  Also after upgrade reset & reconfigure the router for few seconds ... so that the firmware works properly for longer time ....

• RV082 port forwarding limited to 30 entries ?

  Hello,
  we use RV082 as main gateway and need to open/forward around 50 ports to inside. But during setting of the rules I got an error message "The max of Port Range Forwarding is 30 entries. You can't add any more.".
  In the online help is explicitely said "4. Click the Add to List button, and configure as many entries as you would like."
  How can we setup more than 30 port forwarding rules ?
  If it is this a sotfware bug, can this be corrected ?
  Regards,
  Petr Svoboda

  Petr, I agree with tekliu.  I use the UPnP rules with UPnP disabled for all of my port forwarding, unless a range is needed.  They should not cause any more exposure than regular Forwarding rules, and if you use port translation they will reduce your exposure.
  The only differences:
  Forwarding allows port ranges
  Forwarding has a "Port Triggering" section
  UPnP allows port translation (because it's only single port at a time, not a range)
  UPnP has unlimited entries

• Can anyone tell me how to port forward and setup an XBOX 360 using my Time Capsule??

  Xbox 360
  When playing the game online, the minimum speed of your network should be 128kbps. The ideal network speed for playing the game online is 768kbps. If you are having a problems with lag check the following:
  Network Troubleshooting:
  Disable any firewall or security features on your router.
  Set port forwarding on your router to the IP address of your Xbox 360. This game uses port 3074 (UDP/TCP). Additionally Xbox LIVE requires ports 80, 53 TCP and 88, 53 UDP.
  Place your Xbox 360 into the DMZ of your router.
  Disconnect your router and try the game. If it works regularly at this point something about your router may not be completely compatible with the specific needs of this game. Check with your router manufacturer and Microsoft's Xbox Live Connection Issues page for additional steps that may need to be done to resolve the issue you are having. You can also verify that you have an Xbox Live compatible router.
  If you are having issues connecting while multiple Xbox 360 consoles are connected on the same network, try forwarding port 3074 (UDP/TCP) for one Xbox 360 and setting the other as DMZ. There is a chance that this may not resolve you issue,  if it doesn’t then you may want to consider getting an additional public IP address by contacting your Internet Service Provider and assigning it to one of these two consoles.
  NOTE: If setting port forwarding or DMZ helps your connection issue, you may want to assign your Xbox 360 a static IP address within your home network. This can help to ensure that the configurations you made do not need to be done again. You can visit PortForward's Static IP Guide for a detailed guide on how to do this.
  NOTE: Many broadband internet modems are coming with routing capabilities built in. Please contact your internet service provider to determine if your internet modem has an integrated router. If it does, they should be able to assist you with the steps above for setting up your router.
  Once you have verified that your network setup is not the cause of the issue, try the following:
  Try connecting to a different server. Some servers may have other players connected to them that you do not have an optimal connection with. In most games this is accomplished by backing out to the main menu and then selecting multiplayer again. From there you can try connecting to another online game.
  Run the Xbox Network Self Test to see how strong your NAT is currently set to. Once the test is completed you will be notified if there is an issue with your connection. If you select "More Info" you will be given information about your NAT type and some steps to resolve any issues with your connection.
  Moderate and Strict NAT types may have issues connecting to online matches. You may get the error "Notice - The game session is no longer available." If you do then enabling UPnP, forwarding port 3074, or placing your Xbox in your router's DMZ may resolve this issue. Please consult your router documentation for instructions on how to do this.

  ouman88 wrote:
  Whoa....this just went way over my head.... I already have 6.1 installed for my Airport Utility.
  Read again what I wrote.. 6.1 is the problem.. or part of it.
  You need to install the earlier 5.6 version which I have given you explicit instructions to do.
  I have done something now and can not connect the XBOX at all now....unless you can provide me step by step directions I may have to call Apple Support.
  This will happen over and over.. just press reset and start again.. you need to learn how to do the setup and using 5.6 utility will help you.. as will using ethernet from the computer to the TC.. trying to fix things over wireless is like sitting on a tree branch you are sawing off. As soon as you update you will fall to the ground.
  I am not that sure that Apple Support will have any idea.
  Do a google search .. you will find most people struggle with this.. Microsoft made the xbox to use upnp with vista specs.. if you use a router without upnp, ie any apple router.. you will have issues.
  Have a go at bypassing the problem.. I have no idea if this will work.. I do not use a TC as the main router because much of my network including xbox and ps3 is just a pain.. I use a modem router with upnp. And bridge the TC.. that is the setup I would recommend.
  Try this.. once you have installed 5.6 utility.
  Get the IP of the XBox and click enable default host.. and put the IP address in there.. this is called DMZ.. all unassigned packets are forwarded to this ip address.. it is like a port forwarding for all ports.
  See if it helps.. If it does you will need to lock the xbox address so it doesn't change.. we can get to that.
  Tell me what kind of broadband you have and what modem router first.. none of this will work if you have double NAT.

• Port forwarding for Filemaker network

  I want to set up my computer as a host for Filemaker Pro networking. I have 2 other remote computer locations I want to share my FM database file. I am about to purchase a new AEBS for my router.
  Instructions from FM forum was to forward port 5003 on my router & use no-ip.com (to track my dynamic IP address) to get a specific domain name for the remote computers to find when they select Open Remote.
  Reading some of these posts sounds like the AEBS makes this easier. Is the port mapping same as port forwarding? Does the reserve IP address capability negate the need for the no-ip.com service?
  Would appreciate the step-by-step process I need to do this.

  Is the port mapping same as port forwarding?
  Yes, both terms are used interchangeably and mean the same thing.
  Does the reserve IP address capability negate the need for the no-ip.com service?
  No. Reserving an IP address is a means to instruct the DHCP service on the router to "save" a specific Private IP address for a device on the local network. No-IP.com is a service that basically tracks the dynamic Public IP address of your modem or router and provides you with a "static" URL address to access it from the Internet. A similar service to No-IP.com would be DynDNS.
  Accessing a server on the local network from a remote client would require that the client knows the Public IP address and port(s) required to access that server. Servers, like yours that are behind a firewall, must either use port mapping (port forwarding) or be configured to be in a DMZ which would completely expose them to the Internet. Port mapping reduces that risk to only allow predefined ports to be open to the Internet.
  Since most consumers have Internet service with comes with a dynamic (changing) Public IP address, just knowing what it is at any given time won't help in the long run. This is where services, like No-IP come in. Typically they will give you a client utility that you would run on your computer. This utility will provide them with an update every time your ISP changes your Public IP address ... or you may be required to do this manually. They will also provide you with a URL to use instead of using the Public IP address.
  To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
  1. Reserve a DHCP-provided Private IP address for the Filemaker Pro server.
  Internet > DHCP tab
  o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
  o Description: <enter the desired description of the host device>
  o Reserve address by: MAC Address
  o Click Continue.
  o MAC Address: <enter the MAC hardware address of the host computer's Ethernet or wireless depending on how it accesses the network>
  o IPv4 Address: <enter the desired Private IP address you want to assign to the host>
  o Click Done.
  2. Setup Port Mapping on the AEBSn.
  Advanced > Port Mapping tab
  o Click the "+" (Add) button
  o Service: <choose the appropriate service from the Service pop-up menu or leave blank>
  o Public UDP Port(s): <enter the appropriate UDP port values>
  o Public TCP Port(s): <enter the appropriate TCP port values>
  o Private IP Address: <enter the IP address of the host server>
  o Private UDP Port(s): <enter the same as Public UDP Ports or your choice>
  o Private TCP Port(s): <enter the same as Public TCP Ports or your choice>
  o Click "Continue"

• WRT54G V5 Port Forwarding Configuration Loss

  Hi All...
  Having a strange issue with my router item listed above. I go into the router and forward a list of about 12 ports for online gaming (in order to improve my NAT to "open"). Everything works fine for about ten minutes and then my NAT goes from Open to Moderate, which presents a whole slew of issues (bans you from certain servers, inhibits the use of voice with certain users on xbox 360 etc etc). A moderate NAT is bad for 360.
  So... I go into my router to check that the settings are there and they indeed are and using a diagnostic tool shows the ports are no longer open. So... apparently the linksys box has altered the configuration somehow that is not present in the GUI. If I save the settings again it does not reopen the ports so I am forced to restore the configuration file I created just after making the port forwards for the first time.
  So... The box reboots and the ports open back up... until about ten minutes pass and the ports close down once again. So in a nutshell, the configuration of my router is changing on its own and I don't know how to stop it. (Its alive!!!! hahha).
  Does anyone out there have any experience with this or the technical knowledge to assist? Linksys tech support and xbox tech support has been..... well.... not so helpful.
  Thank you for your time (sorry for the long post!)
  Brad G.

  well.....change the MTU settings to 1365 and enable DMZ instead of port forwarding.....ensure that the x-box has a static ip add and dns address....
  also, check the firmware on the router...if it is below v 1.01.1 , upgrade the firmware on the router...reset the router and reconfigure then

• Port Forwarding with Port Translation RV042, RV016, RV082

  This is a feature request for the Linksys RV series Routers.  Currently, it appears that the Cisco/Linksys RV042, RV082, and RV016 only support port forwarding and 1-to-1 Nat.  One item that I find very helpful with customers is port forwarding with port translation.  I am requesting that this feature be included with a future firmware relase for these RV series routers.
  Here is an example of the request.
  Take an incoming service request on a TCP or UDP destination port and forward it to an internal IP on a different TCP or UDP port.  For example, customer A wants to allow different machines on the internal network to receive Windows RDP connections inbound.  To make PC maintenance identical between the internal machines, the customer does not want to change the listening port for RDP on the individual PC workstations through the Windows Registry.  The customer also does not want to dedicate separate IP's to each machine in a 1-to-1 NAT setup.  The only option is to have remote connections to each of these PC's to use a different destination port.  So, for example, PC one could be reached on TCP port 5151, PC two on TCP port 5152, and PC three on port 5153.  This requres a firewall that is able to translate each of these connection requests to a different internal IP on the default RDP port (TCP 3389).  So, the following setup is required:
  Port Forwarding with Port Translation:
  Router External IP on TCP port 5151 ---> forwarded to PC One's internal IP on TCP 3389
  Router External IP on TCP port 5152 ---> forwarded to PC Two's internal IP on TCP 3389
  Router External IP on TCP port 5153 ---> forwarded to PC Three's internal IP on TCP 3389
  There are several comparable "small business" class router competitors to the RV042, RV082, and RV016 that will perform this port forwarding with port translation process without incident.  Unfortunately, these Cisco/Linksys small business routers will not accomplish this task currently.
  Please implement this feature in a future firmware release.
  Thanks!

  Excellent.  I see this now.  None of our customers actually use the UPNP feature, so we never realized that Port Forwarding with Port Translation features existed on this page along with the ability to enable or disable UPNP.
  Perhaps, in the future, this functionality could be moved to and incorporated into the port forwarding page which seems to be a more logical location.
  In either case I'm very happy to know that this feature is available on the RV's.
  Thanks for your assistance.

• WRT54G. DMZ/port forwarding no longer works?

  I have a computer hosting an IIS web site / other services (to the internet) that had been working for a long time.  Now, no matter what I do, I can not get it to work anymore, it's driving me crazy.  I can access the services on my local network using 192.168.1.x, just not from the internet IP.  The computer's IP is configured as the DMZ, I also tried specifically port forwarding instead.  Windows firewall has exceptions for the ports, and I even tried turning it off temporarily, no luck.  I am running out of ideas.  Can anyone help?  Any ideas?

  I've also got this problem. Though I swore it used to work with 4.21.1 initially. Regardless, this is weak & annoying so hopefully I can get my hands on 4.20.7 & downgrade.
  Also, in the last several months I've had to reflash & reprogram the device from scratch to "unbrick" it ... basically it would stop forwarding packets between the inside & outside interfaces. Meaning I could ping/manage it from the internet but not the LAN or vice versa. I assumed the issue was a corrupt configuration sine each time I had to rebuild my configuration from scratch after reflashing the firmware. Just restoring the configuration from a backup left things in the same unusable state as before.
  Hopefully Linksco will address these issues and get rid of this wonky firmware version in favor of a stable one. 

• How do I configure for port forwarding?

  I just relpaced my CISCO E3000 wireless router with an Apple Airport Extreme and need to set up port forwarding.  I find the Airport Utility confusing and very limited in capabilities.  How do I configure the router for Port Forwarding?

  Here's a document that you can follow:  https://discussions.apple.com/docs/DOC-3415
  However, I ran into an issue with setting this up and had to do a work-around: Custom Port Forwarding Config Not Working

• Use iptables on DMZ server to port forward

  Hello!
  My ISP have this great idea that we have to go to their site to do port forwarding and changing settings on the router/modem, so I was thinking to just set one of my servers as a DMZ, and do port forwarding with iptables on that server.
  The problem is that I can't find out how I can make packets coming in on one port go out to another ip in the LAN.
  Here is my network setup:
  1. Combined router, modem and wireless AP.
  2. Apple AirPort Express connected to the Wifi
  3. switch connected to the AirPort Express with ethernet.
  4. two servers connected to the switch(also with ethernet).
  the two servers have ip adress 192.168.2.3 and 192.168.2.4. And I have set up 192.168.2.3 as DMZ.
  How do I use iptables to route connections that is coming to 2.3 on a speciffic port to 2.4?

  hunterthomson wrote:
  Well, I have kind of turned into an arno-iptables-firewall fanboy. I mean really, you can read through the script in /usr/sbin/arno-iptables-firewall  Super well commented and written very well. It covers all your bases.
  You will want to use the updated package listed in the comments.
  http://dl.dropbox.com/u/1367726/arno-ip … all.tar.gz
  You will also want the SystemD Unit file
  https://aur.archlinux.org/packages/syst … -firewall/
  To do NAT and Port-Forwarding... basically just read through the whole firewall.conf and when you hit the bottom your done.
  But really, you just need to change these things.
  /etc/arno-iptables-firewall/firewall.conf
  Line #41, put your Internet facing interfaces here.
  Line #46, Probaly want to set this to '1' becuase it sounds like the server dose get it's IP from DHCP... but that is a bad idea because it needs to have the same IP all the time... so maybe leave it disabled '0'
  Line #87, Put your LAN facing interfaces here
  Line #94, Put the LAN network here, So like if your Internet facing network is 192.168.2.0/24 you could make the LAN 192.168.4.0/24
  Line #140, Change this to '1' to enable NAT for your LAN
  Line #162, Change this to '1' to enable Port-Forwarding
  Line #193-195, Here is where you define your port-forwards,
  Example: Forward TCP port 22 to host 192.168.4.55 and TCP port 80 to 192.168.4.66
  --> Line 193, NAT_FORWARD_TCP="22>192.168.4.55 80>192.168.4.66"
  Then open port 22 and 80 on the WAN side so they 'can' be forwarded.
  Line #1170, OPEN_TCP="22 80"
  You should also check out the config's in the plugins directory. This is where you get your moneys worth...
  ssh-brute-force-protection.conf
  ids-protection.conf
  traffic-shaper.conf
  ipv6-over-ipv4.conf
  traffic-accounting.conf
  transparent-proxy.conf
  multiroute.conf
  ipsec-vpn.conf
  And More !!!
  Thanks for answer. But it seems like you missed that the server is only connected to the LAN, never to the internet.

• WRT120N - DMZ works, port forwarding doesn't work; only one device allowed in DMZ

  Hi,
  I have an WRT120N router and two DVRs.  I can get either one of the DVRs to work just fine if I put it in the DMZ.  Neither one works when I enable port forwarding.  Since I cannot have two devices in the DMZ with this router, I cannot use that approach (throwing them in the DMZ) as a viable solution.
  I need help finding out what I am doing incorrectly with the port forwarding.  Basically I am creating an entry for each port of each device, going to the correct IP address of that device.  I have tried both protocols as well as just TCP.  This does not work.  Just for fun, I tried using the port range forwarding and this does not work either.  The only thing that works is if I throw either of the devices in the DMZ.
  So what I have essentially is this:
  DEVICE1 / 192.168.0.120 (internal) / PORT 999 / works great in DMZ but not in port fwd
  DEVICE2 / 192.168.0.121 (internal) / PORT 456 / works great in DMZ but not in port fwd
  I have used Wireshark from a remote computer to observe what happens when I navigate to the URL that I need, such as http://myjunk.ddnsprovider.xyz:999 (where 999 is the port on which the device in question serves).  I don't see anything out of the ordinary.  (I assume there is no way to run a packet sniffer on the router.)  (Can we "telnet" into the router, btw?)
  So either I am doing something wrong, or there is a need for a router software update, or the router is blocking some other protocol, etc.  Help is much appreciated!  BTW, tried with the router firewall off, too.  No go.
  Regards,
  Mike

  Whats the current firmware installed on your router? Have you tried to upgrade the firmware on your Router?

• No devices in DMZ drop down and PORT forward does ...

  Hi,
  We have just purchased B.T broadband with the new home hub, we have set up our hub/router the same as our old one with the correct ports forwarded for exchange to work and remote web space, it all works internally accessing the address but nothing works externally, emails don't get through etc..
  Any ideas?
  Also why does my device not appear in the DMZ drop down?
  Much appreciated any help, thanks a lot

  The home hub firewall will offer no protection to a device in the DMZ, as all incoming ports will be forwarded to the device.
  All you will be left with is the normal NAT function, which is needed to provide a range of local IP adresses.
  If you look at my security page, you will see there is a website you can use to find open ports.
  You may find it better to use a router which supports local loopback.
  There are some useful help pages here, for BT Broadband customers only, on my personal website.
  BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

• BT HomeHub 4 - Cannot configure Port Forwarding

  so I want to open port forwarding on my HH4 to set up Vodafone Sure Signal which stopped working when infinity installed. the instructions at 
  http://bt.custhelp.com/app/answers/detail/a_id/43715 
  bear no relation to what I get on Home Hub Manager please advise....

  Here is an example of the settings for an IP camera connected to a home hub 4.
  http://forumhelp.dyndns.info/hardware/cctv/foscam/foscam.html
  It should give you some extra guidance.
  There are some useful help pages here, for BT Broadband customers only, on my personal website.
  BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

• ASA 9.2 Port Forward

  Hello,
  i have a problem with a single port forward with 9.2 ASA (5505). Here is the related config.:
  access-list outside_access_in extended permit icmp any any
  access-list outside_access_in extended permit tcp any host 10.168.50.5 eq www log
  access-list DMZ_in extended permit ip any any
  nat (DMZ,outside) source dynamic obj_any interface
  nat (DMZ,outside) source static any any destination static VPN_Pool VPN_Pool no-proxy-arp route-lookup
  nat (outside,DMZ) source dynamic any interface destination static Public_Server Public_Server service HTTP HTTP
  object network Public_Server
   nat (DMZ,outside) static interface service tcp www www
  access-group outside_access_in in interface outside
  access-group DMZ_access_in in interface DMZ
  When i try to access the server, the console said ACL drops. The packet tracer said that it dropped in the implicit deny rule. Can you help me what can be the problem?
  Thank You!

  Yes, of course, i can ping, and also from VPN. And also the web service works from VPN, local. Tha packet-tracer said the same, the implicit deny catch it.:
  packet-tracer input outside tcp 8.8.8.8 http OUTIFIP http det
  Phase: 1
  Type: ACCESS-LIST
  Subtype:
  Result: ALLOW
  Config:
  Implicit Rule
  Additional Information:
   Forward Flow based lookup yields rule:
   in  id=0xad2a1718, priority=1, domain=permit, deny=false
          hits=89868, user_data=0x0, cs_id=0x0, l3_type=0x8
          src mac=0000.0000.0000, mask=0000.0000.0000
          dst mac=0000.0000.0000, mask=0100.0000.0000
          input_ifc=outside, output_ifc=any
  Phase: 2
  Type: ROUTE-LOOKUP
  Subtype: Resolve Egress Interface
  Result: ALLOW
  Config:
  Additional Information:
  in   OUTIFIP  255.255.255.255 identity
  Phase: 3
  Type: NAT
  Subtype: per-session
  Result: ALLOW
  Config:
  Additional Information:
   Forward Flow based lookup yields rule:
   in  id=0xad071248, priority=1, domain=nat-per-session, deny=true
          hits=1199, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
          src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
          dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
          input_ifc=any, output_ifc=any
  Phase: 4
  Type: ACCESS-LIST
  Subtype:
  Result: DROP
  Config:
  Implicit Rule
  Additional Information:
   Forward Flow based lookup yields rule:
   in  id=0xad2a23b8, priority=0, domain=permit, deny=true
          hits=883, user_data=0x9, cs_id=0x0, use_real_addr, flags=0x1000, protocol=0
          src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
          dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
          input_ifc=outside, output_ifc=any
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: NP Identity Ifc
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (acl-drop) Flow is denied by configured rule

• SRP547W, How to use multiple WAN IPs for port forwarding?

  Hi folks,
  We've run into some difficulty trying to take advantage of multiple WAN IPs in conjunction with the SRP547, and I'm hoping someone here can help out or at least tell us that we're going to need to buy a different router...
  What we're trying to acheive is the ability to port forward from our distinct public IPs to different internal servers. Looking at the options under Port Forwarding it looks like we can only configure forwards at the "WAN interface" level, but our problem is that we can't work out how to set up separate interfaces for each of our Public IPs...
  Our ISP provides us with a fully managed NTU/router with a single "Internet" ethernet port, which we can use by statically configuring IPs on our end. For this configuration this port has been directly patched to the WAN ethernet port on the SRP547W.
  We have been allocated a 255.255.255.248 (/29) subnet, giving us 5 usable IPs after the ISP's gateway address is taken into account, like so:
  a.b.c.208     Network Address (/29 subnet)
  a.b.c.209     ISP Gateway
  a.b.c.210     IP1
  a.b.c.211     IP2
  a.b.c.212     IP3
  a.b.c.213     IP4
  a.b.c.214     IP5
  a.b.c.215     Broadcast Address
  On the SRP we've set up the default "Ethernet WAN2" sub-interface with the following details for IP1
  VLAN ID:               4088 (Uneditable)
  Connection Type:       Static IP
  Internet IP Address:   a.b.c.210
  Subnet Mask:           255.255.255.248
  Default Gateway:       a.b.c.209
  The next step (I would have thought) would be to add a second sub-interface, using similar info for IP2
  VLAN ID:               4000 (Chosen arbitrarily)
  Connection Type:       Static IP
  Internet IP Address:   a.b.c.211
  Subnet Mask:           255.255.255.248
  Default Gateway:       a.b.c.209
  When we try to do so however we get:
  Fail!
  Conflict with Ether_WAN2 interface address type
  I should mention at this point that we're running on firmware version 1.02.01 (023).
  Any suggestions on how we can proceed?
  Is there a CLI or other method of configuration that might work if the web interface won't?
  Thanks,
  Tim.

  OK, I've seen reference to this solution before but not much in the way of details. Perhaps you can spell out how this ought to work, as the Software DMZ doesn't behave as I'd expected it to.
  As before, on the SRP we've set up the default "Ethernet WAN2" sub-interface with the details for IP1 with a /29 subnet.
  VLAN ID:               4088 (Uneditable)
  Connection Type:       Static IP
  Internet IP Address:   a.b.c.210
  Subnet Mask:           255.255.255.248
  Default Gateway:       a.b.c.209
  We'd now like to expose a server function on IP2, let's say LAN details for this server are:
  VLAN:                  3000
  VLAN IP Range:         192.168.1.1/24
  Server IP:             192.168.1.10
  Server Port:           80
  So first we turn on Software DMZ:
  Status:                Enabled
  Public IP:             a.b.c.211
  Private IP:            192.168.1.10
  WAN Interface:         Ether_WAN2
  My understanding, based on what you've said, is that this should expose the whole server to external access via IP2. Unfortunately, it doesn't seem to work this way - we don't seem to have any access at all. Perhaps there's a default deny rule on the firewall?
  Just to be sure, I tried creating a rule to allow HTTP traffic to the server in the Advanced Firewall page.
  In Interface (WAN):    All
  Out Interface (LAN):   VLAN.3000
  Source IP:             0.0.0.0
  Source Subnet:         0.0.0.0
  Destination IP:        192.168.1.10
  Destination Subnet:    255.255.255.255
  Protocol:              TCP
  Source Port:           Any
  Destination Port:      Single:80
  Action:                Permit
  Schedule:              Everyday
  Times:                 24 Hours
  Still no dice. What am I missing?
  Cheers,
  Tim.