Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Automatically enable and disable a router's DMZ' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Automatically enable and disable a router's DMZ
Authored by: rflo on Oct 19, '05 08:08:48AM

Why not open the ports you need instead of activating the DMZ? Putting any machine except a stripped server in a DMZ is dangerous.

---
Ronald Florence



[ Reply to This | # ]
Agree
Authored by: sudogeek on Oct 19, '05 08:31:04AM

I can only agree. If you're not sure what ports are active or used because the documentation is poor (like pcAnywhere), you can briefly set up your computer as a DMZ address. Then connect using whatever program/service of interest, like Acquisition or BitTorrent, and run "netstat -a" in a terminal session. Note which ports are active and whether thay are TCP or UDP. Then, take the computer out of the DMZ and open the appropriate ports.



[ Reply to This | # ]
Agree
Authored by: Greedo on Oct 19, '05 08:39:29AM
Or install somthing like Little Snitch, which will alert you when an application is trying to connect over a non-standard port.

[ Reply to This | # ]
Also agree
Authored by: Brock Lee on Oct 19, '05 08:46:11AM

I also agree. Open ports on the router selectively (which is a capability of three different brands of consumer-grade routers I've used -- Linksys, D-Link, Belkin). Don't expose the entire system.

P.S. FWIW, D-Link has given me the most problems with wireless compatability.



[ Reply to This | # ]
Agree also
Authored by: timhaigh on Oct 19, '05 04:01:25PM

DMZ's are dangerous for security.

I just open the ports I need in my firewall. All the reasons stated in the OP's hint for opening a DMZ don't make sense at all.

Bittorrent. If you use Azureus you only need to open 1 tcp port, and 1 udp port for decentralised tracking.

Serving Web pages you only need to open tcp port 80

Remote Logging via SSH you need to open tcp port 22 and if using public key authentication it is very secure.



[ Reply to This | # ]