Recommended Posts

Hello, I was looking to have one of my network devices completely exposed to the internet, as I have read the easiest way to do this is by setting up a DMZ (after giving that device a dedicated IP)

The problem I am running into is this, my router DOES NOT have a DMZ setting, so I was wondering if I can just open up the entire range of ports (1-65534) through port forwarding. Will this give me the same affect?

Link to comment
https://www.neowin.net/forum/topic/1026548-alternative-to-setting-up-a-dmz/
Share on other sites

  On 18/09/2011 at 20:21, remus_lupin said:

Hello, I was looking to have one of my network devices completely exposed to the internet, as I have read the easiest way to do this is by setting up a DMZ (after giving that device a dedicated IP)

The problem I am running into is this, my router DOES NOT have a DMZ setting, so I was wondering if I can just open up the entire range of ports (1-65534) through port forwarding. Will this give me the same affect?

The thing about a DMZ is that it puts that computer separate from your internal network. If you just open those ports, that machine is still on your internal network, and then you'd need to run a firewall on your other machines to protect it from that machine since it's wide open.

Why do you need a device completely exposed? What device is it?

EDIT: What router do you have? I've never seen one that doesn't have a DMZ.

  On 18/09/2011 at 21:21, HawkMan said:

It will, along with most likely breaking your network.

If you don't have a dmz, just open the ports you need.

Yeah it did break my network, I undid it. The problem is, I have TRIED opening just the ports I need but it didn't help. So I figured I would try giving my device FULL access to the internet (no restrictions)...

  On 18/09/2011 at 21:25, farmeunit said:

The thing about a DMZ is that it puts that computer separate from your internal network. If you just open those ports, that machine is still on your internal network, and then you'd need to run a firewall on your other machines to protect it from that machine since it's wide open.

Why do you need a device completely exposed? What device is it?

EDIT: What router do you have? I've never seen one that doesn't have a DMZ.

Here is what I am trying to do, get my PS3 from NAT type 3 to NAT type 2. I have tried opening all recommended ports and UPNP is enabled, I have searched through many different forums and attempted many different things, setting up a DMZ was my last resort less of calling my ISP and asking for a public IP (as the one I have is private - I read this may cause my NAT type 3 problem). However they charge $10 each month for a public IP, so I was looking for a way around this.

EDIT: It's a new internet service (I live out in the country and cannot get fibre optics/cable etc. it is a turbo hub from bell with a built in router that allows me to get highspeed internet service) The modem/router is made by Netgear and the model is MBR1210

http://www.bell.ca/shopping/en_CA_ON.4G-NETGEAR-MBR1210Turbo-Hub/71142.details

  On 18/09/2011 at 21:43, farmeunit said:

Yup I have tried both of those, however I do thank you for the link to the manual (doh) I am going to try setting up the DMZ now, hopefully it will work!

Unfortunately setting up a dmz did nothing, I still have NAT type 3.

I have each of my devices running on their own IP and I made sure when I set up the DMZ that I added the IP for the PS3 and not one of my other computers, I also made sure I put the NAT filtering on OPEN not secure

Unfortunately setting up a dmz did nothing, I still have NAT type 3.

I have each of my devices running on their own IP and I made sure when I set up the DMZ that I added the IP for the PS3 and not one of my other computers, I also made sure I put the NAT filtering on OPEN not secure

  On 18/09/2011 at 22:22, remus_lupin said:

Unfortunately setting up a dmz did nothing, I still have NAT type 3.

I have each of my devices running on their own IP and I made sure when I set up the DMZ that I added the IP for the PS3 and not one of my other computers, I also made sure I put the NAT filtering on OPEN not secure

Sounds like double nat to me

  On 18/09/2011 at 22:25, chrispinto said:

Sounds like double nat to me

I don't have a second router on my network, the turbo hub has one built in and I am using that directly.

  On 18/09/2011 at 22:25, x9248 said:

PS3 supports uPnP btw.

I have tried UPnP on my router and PS3, still NAT type 3, then I tried manually port forwarding. Still NAT type 3.

I am not having trouble with playing games, even with type 3 all games I have tried work well, I just can not do video chats.

i had the same issues. have a E2000 Cisco router, we have 2 XBox360 1PS3 3 computers in the house, and this NAT problem was happening with the 2 xbox360 and PS3. I ended up installing DD-WRT onto my router and now i dont have the issue. the custom firmware is amazing! i day look into what you have and if you cant install it, get a new router that lets you!

  On 18/09/2011 at 23:52, lflashl said:

i had the same issues. have a E2000 Cisco router, we have 2 XBox360 1PS3 3 computers in the house, and this NAT problem was happening with the 2 xbox360 and PS3. I ended up installing DD-WRT onto my router and now i dont have the issue. the custom firmware is amazing! i day look into what you have and if you cant install it, get a new router that lets you!

Unfortunately I do not think this will help in my case, as the turbo hub itself is what seems to be limiting my NAT type, so even if I bought an external router and put DD-WRT on it, it would still be going through the turbo hub and my NAT would be limited at that point. Having said that I checked google and there is no custom firmware for my particular model.

Thank you very much for the suggestion though!

seems like this problem has been going on for sometime, and there is no fix for it. what about firmware is there a update you can use? have you contacted the location where you got the device from and question with them?

"calling my ISP and asking for a public IP (as the one I have is private"

If your router has a private IP from your ISP on its wan port, then yeah your behind a double nat.. And nothing you do on your router is going to make any difference for unsolicited inbound traffic.

Unless you have control over the device giving your router the private IP on its wan port, there is NOTHING you can do.

  • Like 1
  On 19/09/2011 at 11:03, lflashl said:

seems like this problem has been going on for sometime, and there is no fix for it. what about firmware is there a update you can use? have you contacted the location where you got the device from and question with them?

  On 19/09/2011 at 12:16, BudMan said:

"calling my ISP and asking for a public IP (as the one I have is private"

If your router has a private IP from your ISP on its wan port, then yeah your behind a double nat.. And nothing you do on your router is going to make any difference for unsolicited inbound traffic.

Unless you have control over the device giving your router the private IP on its wan port, there is NOTHING you can do.

Unfortunately I did call them and they would not give me a public IP... They told me that they are only available for their business clients.

Oh well, thanks for all your help!

So you can not get any unsolicited inbound traffic? Or do they have your private IP in the dmz of their nat? You can make things work in a double nat, as long as the traffic is being sent to your private IP.

I would do a simple port forward to some service that is listening, be it ftp, ssh, http, telnet, something that is easy to turn on and you know is listening on your machine via netstat -an seeing the box listening on that port.

Then setup a forward on your router to that port and ip of the box listening. Then check that with canyouseeme.org -- do you see that port open.

I can walk you through a simple port open and forward check.

  On 19/09/2011 at 13:42, BudMan said:

So you can not get any unsolicited inbound traffic? Or do they have your private IP in the dmz of their nat? You can make things work in a double nat, as long as the traffic is being sent to your private IP.

I would do a simple port forward to some service that is listening, be it ftp, ssh, http, telnet, something that is easy to turn on and you know is listening on your machine via netstat -an seeing the box listening on that port.

Then setup a forward on your router to that port and ip of the box listening. Then check that with canyouseeme.org -- do you see that port open.

I can walk you through a simple port open and forward check.

Thanks, I will try this when I get home, I am at school all day today. Will be home around 10:30pm Eastern time.

I think I understand what I need to do, I won't know until I actually try though, so a walkthrough would be fantastic.

depends on the server your picking, lets say you installed filezilla server, by default ftp server listens on tcp 21, so you verify ftp server is listening say on your box 192.168.1.42 via netstat -an on the .42 box, or just accessing it via 192.168.1.42 from a different box on your network - does ftp work? If so then your listening, now go to canyouseeme.org and put 21 for the port - should show closed, then setup the port forward on your router to forward 21 to your 192.168.1.42 now does canyouseeme.org show open? If so then you have atleast some inbound ports forwarded by your isp to your private IP.

If shows not open even when you forward, then your isp is not forwarding any ports to your routers private wan IP. And there is nothing you can do for running any services or having any unsolicited reaching your network.

Now you say your routers wan has a private ip?? Really, thats a really lame ISP -- you might want to change. So your saying when you look on the wan status of your router it shows 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?? If this is the case your ISP is a joke, and I would switch as fast as I could get another one connected.

But if that is not an option, if your ip is private, you can reduce issues with making sure your routers nat private side is different. Ie if your routers wan is 192.168.1.0/24 then make your private lan 192.168.2.0/24 for something.. Having the same network on your wan and lan can cause you all kinds of grief -- it works sometimes, but can have issues.

I tried your steps but even after port forwarding canyouseeme.org still was unable to pick up anything through port 21 (using filezilla).

And yes the WAN status of my router shows 172.16.x.x

Right now I am with Bell Canada, I would switch... but unfortunately I can not, I live in a very bad area and don't really have any other choice (rogers offers the same service but slower - and I have read online they suffer from the same things I am currently experiencing). I had dial-up until a couple years ago (we can not get cable etc.) I am using a portable internet service that uses cell service for internet (its expensive and offers little bandwidth).

I had a different service which was much more open (allowed for NAT 1 on my PS3) however just last week they said they were discontinuing the service and I would have to convert to this new one. Sure it's faster but I went from an unlimited bandwidth plan (3mbps) at $45/month to a 3GB/month plan on a 21mbps speed (5mbps down) for $55/month going up to a max of 10GB in a month for $80. However I have 6 months unlimited, at the end of which I am sure they will have larger plans at more reasonable prices.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • LibreWolf 140.0.2-1 by Razvan Serea LibreWolf is an independent “fork” of Firefox, with the primary goals of privacy security and user freedom. It is the community run successor to LibreFox. LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM. LibreWolf features: Latest Firefox — LibreWolf is compiled directly from the latest build of Firefox Stable. You will have the the latest features, and security updates. Independent Build — LibreWolf uses a build independent of Firefox and has its own settings, profile folder and installation path. As a result, it can be installed alongside Firefox or any other browser. No phoning home — Embedded server links and other calling home functions are removed. In other words, minimal background connections by default. User settings updates Extensions firewall: limit internet access for extensions. Multi-platform (Windows/Linux/Mac/and soon Android) Community-Driven Dark theme (classic and advanced) LibreWolf privacy features: Delete cookies and website data on close. Include only privacy respecting search engines like DuckDuckGo and Searx. Include uBlockOrigin with custom default filter lists, and Tracking Protection in strict mode, to block trackers and ads. Strip tracking elements from URLs, both natively and through uBO. Enable dFPI, also known as Total Cookie Protection. Enable RFP which is part of the Tor Uplift project. RFP is considered the best in class anti-fingerprinting solution, and its goal is to make users look the same and cover as many metrics as possible, in an effort to block fingerprinting techniques. Always display user language as en-US to websites, in order to protect the language used in the browser and in the OS. Disable WebGL, as it is a strong fingerprinting vector. Prevent access to the location services of the OS, and use Mozilla's location API instead of Google's API. Limit ICE candidates generation to a single interface when sharing video or audio during a videoconference. Force DNS and WebRTC inside the proxy, when one is being used. Trim cross-origin referrers, so that they don't include the full URI. Disable link prefetching and speculative connections. Disable disk cache and clear temporary files on close. Disable form autofill. Disable search and form history...and more. Notes: To receive automatic updates, you may refer to the unofficial LibreWolf-WinUpdater that employs a scheduled task to accomplish the same. Download: LibreWolf 64-bit | Portable 64-bit |~100.0 MB (Open Source) Download: LibreWolf 32-bit | Portable 32-bit | Other Operating Systems Links: LibreWolf Home Page | Addons | Screenshot | Reddit Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • At least it doesn't reset your defaults lol. Back to Bing, MSN and Copilot lol. Wait, that's a feature, not a bug?
    • Exactly what I was going to say, lmao. Pro-grade where? I have the S24 Ultra and there are only marginal differences between that series and the S25 series. Hell, even the S23 and S22 series is similar. Samsung stopped trying years ago.
    • Are you asking us or telling us my friend?
    • Performance and bloating is my main concern.
  • Recent Achievements

    • Week One Done
      Hartej earned a badge
      Week One Done
    • One Year In
      TsunadeMama earned a badge
      One Year In
    • Week One Done
      shaheen earned a badge
      Week One Done
    • Dedicated
      Cole Multipass earned a badge
      Dedicated
    • Week One Done
      Alexander 001 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      562
    2. 2
      +FloatingFatMan
      182
    3. 3
      ATLien_0
      170
    4. 4
      Skyfrog
      108
    5. 5
      Som
      106
  • Tell a friend

    Love Neowin? Tell a friend!