Community home

SamA2V2 · ‎16-12-2022

Hi all,

Looking to setup the Vodafone router and put one of the devices onto the DMZ as it cannot be behind a firewall and can't work with NAT. Will setting the DMZ force all router traffic to the IP of the device and not do any NAT? Is there any settings I need to consider to not cause issues and force all traffic to it?

CrimsonLiar · ‎18-12-2022

it would be interesting to know what the device is.

The only way to totally avoid NAT is to have a direct connection to the internet - if you have a local IP then you have NAT, but unless it's some really eclectic hardware having the DMZ exposed host should be just fine!

I'll be honest though, using the DMZ router is dangerous as your exposed host can still talk to other devices on the network. If I had to do this, I'd probably be looking at third-party hardware with a better firewall that can protect your other devices from the device in the DMZ

Cynric · ‎18-12-2022

I think DMZ to LAN depends on the router and/or it's firmware version. I had a Netgear box where you had to give specific permission to enable cross zone traffic, the default being "off".

CrimsonLiar · ‎18-12-2022

@Cynric yup, but what you are describing is more protection than my Asus router running the Merlin firmware offers by default!

Personal position but if I were doing this then I'd probably want to be using a firewall device that enabled an exposed LAN segment, and a regular segment for everything else.

It'll be interesting if @Ripshod reads this, as I believe they're running "Skynet" on their router, and can probably relay how many times their router gets probed daily!

Ripshod · ‎18-12-2022

@CrimsonLiar wrote:
It'll be interesting if @Ripshod reads this, as I believe they're running "Skynet" on their router, and can probably relay how many times their router gets probed daily!

15 minutes of probes below (I'll let you count them). While these are "just probes" the damage that can be wrought by a foul player making use of any open port they may stumble on is unimaginable.

Whether you want to hang your a**e out in the wind to be smacked is up to you but the work involved in picking up the pieces can take days.

The outgoing blocks are my chinese phone calling home.

List removed for security, but for those wondering there wer 67 seperate blocks in 15 minutes.

Cynric · ‎18-12-2022

I get loads of that in my log too (Zyxel VMG3925-B10). I would have hidden my IP before posting 😁

Ripshod · ‎19-12-2022

@Cynric wrote:
I get loads of that in my log too (Zyxel VMG3925-B10). I would have hidden my IP before posting 😁

Meh. The IP was edited but I've removed the list anyways - no way was I going to obfuscate all those macs.

Cynric · ‎20-12-2022

.@Ripshod A well crafted search/replace in the vi editor would do it 😁

I promise not the mention SED (Data General or Unix - I've used both), StopGap or Son-of-StopGap. [Removed]

[MOD EDIT: This post has been edited to remove inappropriate content please see Community Guidelines]

Community home

Setting the DMZ - Issues and errors?