[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ by IP?
 Date:  Sun, 5 Dec 2004 16:08:48 -0500
On Sun, 05 Dec 2004 10:23:17 -0500, Max Khitrov <mkhitrov at umd dot edu> wrote:
> Hmm... So does DMZ for m0n0wall do something else then the DMZ ports on
> things like linksys and d-link routers? See the problem I ran into when
> trying to configure port forwarding on my old d-link is that some
> programs wouldn't use the same ports all the time, sometimes I couldn't
> figure out what ports were being used in the first place, and then there
> were some other things. So in the end, the only way to access everything
> on my server was to specify its IP in the DMZ config and any ports that
> weren't forwarded specifically would just go to that DMZ host. Not to
> mention that on my d-link the DMZ host wasn't isolated from the rest of
> the network, so I'm not sure what that's all about.

It's a matter of symantics, really.  What Linksys/Dlink and other SOHO
boxes consider a "DMZ" technically isn't one (unless they have a 3rd
interface, none of the Linksys do).  The only way to have a real DMZ
is to have a 3rd interface, or you could use VLAN's on the LAN, but
that's generally not the best way to do it (slip up on your VLAN
configuration and you just connected your LAN and DMZ).

And I'm not speaking in m0n0wall terms, but generic firewall
terminology.  Shame on vendors that call inbound NAT forwarding a
"DMZ".  </rant>

That's beside the point though, and I'm just moving the thread in a
direction that isn't helping the original question by going off on my
soap box.  :)

What exactly are you trying to accomplish?  You shouldn't need to
forward a bunch of ports.