Recommended Posts

Hello, I was looking to have one of my network devices completely exposed to the internet, as I have read the easiest way to do this is by setting up a DMZ (after giving that device a dedicated IP)

The problem I am running into is this, my router DOES NOT have a DMZ setting, so I was wondering if I can just open up the entire range of ports (1-65534) through port forwarding. Will this give me the same affect?

Link to comment
https://www.neowin.net/forum/topic/1026548-alternative-to-setting-up-a-dmz/
Share on other sites

  On 18/09/2011 at 20:21, remus_lupin said:

Hello, I was looking to have one of my network devices completely exposed to the internet, as I have read the easiest way to do this is by setting up a DMZ (after giving that device a dedicated IP)

The problem I am running into is this, my router DOES NOT have a DMZ setting, so I was wondering if I can just open up the entire range of ports (1-65534) through port forwarding. Will this give me the same affect?

The thing about a DMZ is that it puts that computer separate from your internal network. If you just open those ports, that machine is still on your internal network, and then you'd need to run a firewall on your other machines to protect it from that machine since it's wide open.

Why do you need a device completely exposed? What device is it?

EDIT: What router do you have? I've never seen one that doesn't have a DMZ.

  On 18/09/2011 at 21:21, HawkMan said:

It will, along with most likely breaking your network.

If you don't have a dmz, just open the ports you need.

Yeah it did break my network, I undid it. The problem is, I have TRIED opening just the ports I need but it didn't help. So I figured I would try giving my device FULL access to the internet (no restrictions)...

  On 18/09/2011 at 21:25, farmeunit said:

The thing about a DMZ is that it puts that computer separate from your internal network. If you just open those ports, that machine is still on your internal network, and then you'd need to run a firewall on your other machines to protect it from that machine since it's wide open.

Why do you need a device completely exposed? What device is it?

EDIT: What router do you have? I've never seen one that doesn't have a DMZ.

Here is what I am trying to do, get my PS3 from NAT type 3 to NAT type 2. I have tried opening all recommended ports and UPNP is enabled, I have searched through many different forums and attempted many different things, setting up a DMZ was my last resort less of calling my ISP and asking for a public IP (as the one I have is private - I read this may cause my NAT type 3 problem). However they charge $10 each month for a public IP, so I was looking for a way around this.

EDIT: It's a new internet service (I live out in the country and cannot get fibre optics/cable etc. it is a turbo hub from bell with a built in router that allows me to get highspeed internet service) The modem/router is made by Netgear and the model is MBR1210

http://www.bell.ca/shopping/en_CA_ON.4G-NETGEAR-MBR1210Turbo-Hub/71142.details

  On 18/09/2011 at 21:43, farmeunit said:

Yup I have tried both of those, however I do thank you for the link to the manual (doh) I am going to try setting up the DMZ now, hopefully it will work!

Unfortunately setting up a dmz did nothing, I still have NAT type 3.

I have each of my devices running on their own IP and I made sure when I set up the DMZ that I added the IP for the PS3 and not one of my other computers, I also made sure I put the NAT filtering on OPEN not secure

Unfortunately setting up a dmz did nothing, I still have NAT type 3.

I have each of my devices running on their own IP and I made sure when I set up the DMZ that I added the IP for the PS3 and not one of my other computers, I also made sure I put the NAT filtering on OPEN not secure

  On 18/09/2011 at 22:22, remus_lupin said:

Unfortunately setting up a dmz did nothing, I still have NAT type 3.

I have each of my devices running on their own IP and I made sure when I set up the DMZ that I added the IP for the PS3 and not one of my other computers, I also made sure I put the NAT filtering on OPEN not secure

Sounds like double nat to me

  On 18/09/2011 at 22:25, chrispinto said:

Sounds like double nat to me

I don't have a second router on my network, the turbo hub has one built in and I am using that directly.

  On 18/09/2011 at 22:25, x9248 said:

PS3 supports uPnP btw.

I have tried UPnP on my router and PS3, still NAT type 3, then I tried manually port forwarding. Still NAT type 3.

I am not having trouble with playing games, even with type 3 all games I have tried work well, I just can not do video chats.

i had the same issues. have a E2000 Cisco router, we have 2 XBox360 1PS3 3 computers in the house, and this NAT problem was happening with the 2 xbox360 and PS3. I ended up installing DD-WRT onto my router and now i dont have the issue. the custom firmware is amazing! i day look into what you have and if you cant install it, get a new router that lets you!

  On 18/09/2011 at 23:52, lflashl said:

i had the same issues. have a E2000 Cisco router, we have 2 XBox360 1PS3 3 computers in the house, and this NAT problem was happening with the 2 xbox360 and PS3. I ended up installing DD-WRT onto my router and now i dont have the issue. the custom firmware is amazing! i day look into what you have and if you cant install it, get a new router that lets you!

Unfortunately I do not think this will help in my case, as the turbo hub itself is what seems to be limiting my NAT type, so even if I bought an external router and put DD-WRT on it, it would still be going through the turbo hub and my NAT would be limited at that point. Having said that I checked google and there is no custom firmware for my particular model.

Thank you very much for the suggestion though!

seems like this problem has been going on for sometime, and there is no fix for it. what about firmware is there a update you can use? have you contacted the location where you got the device from and question with them?

"calling my ISP and asking for a public IP (as the one I have is private"

If your router has a private IP from your ISP on its wan port, then yeah your behind a double nat.. And nothing you do on your router is going to make any difference for unsolicited inbound traffic.

Unless you have control over the device giving your router the private IP on its wan port, there is NOTHING you can do.

  • Like 1
  On 19/09/2011 at 11:03, lflashl said:

seems like this problem has been going on for sometime, and there is no fix for it. what about firmware is there a update you can use? have you contacted the location where you got the device from and question with them?

  On 19/09/2011 at 12:16, BudMan said:

"calling my ISP and asking for a public IP (as the one I have is private"

If your router has a private IP from your ISP on its wan port, then yeah your behind a double nat.. And nothing you do on your router is going to make any difference for unsolicited inbound traffic.

Unless you have control over the device giving your router the private IP on its wan port, there is NOTHING you can do.

Unfortunately I did call them and they would not give me a public IP... They told me that they are only available for their business clients.

Oh well, thanks for all your help!

So you can not get any unsolicited inbound traffic? Or do they have your private IP in the dmz of their nat? You can make things work in a double nat, as long as the traffic is being sent to your private IP.

I would do a simple port forward to some service that is listening, be it ftp, ssh, http, telnet, something that is easy to turn on and you know is listening on your machine via netstat -an seeing the box listening on that port.

Then setup a forward on your router to that port and ip of the box listening. Then check that with canyouseeme.org -- do you see that port open.

I can walk you through a simple port open and forward check.

  On 19/09/2011 at 13:42, BudMan said:

So you can not get any unsolicited inbound traffic? Or do they have your private IP in the dmz of their nat? You can make things work in a double nat, as long as the traffic is being sent to your private IP.

I would do a simple port forward to some service that is listening, be it ftp, ssh, http, telnet, something that is easy to turn on and you know is listening on your machine via netstat -an seeing the box listening on that port.

Then setup a forward on your router to that port and ip of the box listening. Then check that with canyouseeme.org -- do you see that port open.

I can walk you through a simple port open and forward check.

Thanks, I will try this when I get home, I am at school all day today. Will be home around 10:30pm Eastern time.

I think I understand what I need to do, I won't know until I actually try though, so a walkthrough would be fantastic.

depends on the server your picking, lets say you installed filezilla server, by default ftp server listens on tcp 21, so you verify ftp server is listening say on your box 192.168.1.42 via netstat -an on the .42 box, or just accessing it via 192.168.1.42 from a different box on your network - does ftp work? If so then your listening, now go to canyouseeme.org and put 21 for the port - should show closed, then setup the port forward on your router to forward 21 to your 192.168.1.42 now does canyouseeme.org show open? If so then you have atleast some inbound ports forwarded by your isp to your private IP.

If shows not open even when you forward, then your isp is not forwarding any ports to your routers private wan IP. And there is nothing you can do for running any services or having any unsolicited reaching your network.

Now you say your routers wan has a private ip?? Really, thats a really lame ISP -- you might want to change. So your saying when you look on the wan status of your router it shows 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?? If this is the case your ISP is a joke, and I would switch as fast as I could get another one connected.

But if that is not an option, if your ip is private, you can reduce issues with making sure your routers nat private side is different. Ie if your routers wan is 192.168.1.0/24 then make your private lan 192.168.2.0/24 for something.. Having the same network on your wan and lan can cause you all kinds of grief -- it works sometimes, but can have issues.

I tried your steps but even after port forwarding canyouseeme.org still was unable to pick up anything through port 21 (using filezilla).

And yes the WAN status of my router shows 172.16.x.x

Right now I am with Bell Canada, I would switch... but unfortunately I can not, I live in a very bad area and don't really have any other choice (rogers offers the same service but slower - and I have read online they suffer from the same things I am currently experiencing). I had dial-up until a couple years ago (we can not get cable etc.) I am using a portable internet service that uses cell service for internet (its expensive and offers little bandwidth).

I had a different service which was much more open (allowed for NAT 1 on my PS3) however just last week they said they were discontinuing the service and I would have to convert to this new one. Sure it's faster but I went from an unlimited bandwidth plan (3mbps) at $45/month to a 3GB/month plan on a 21mbps speed (5mbps down) for $55/month going up to a max of 10GB in a month for $80. However I have 6 months unlimited, at the end of which I am sure they will have larger plans at more reasonable prices.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • It's become a central place at my workplace. I use it for meetings, general chatting between employees, and the teams for storing of files to share between people at work. 
    • It's a Dell color laser printer. Back when Microsoft kept having these security flaws with the print spooler and recommending you disable it I just got in the habit of it, and I use it so rarely now I just leave it disabled in case another flaw pops up.
    • KDE makes progress toward full Wayland session restore in Plasma 6.5 by David Uzondu In the latest issue of This Week in Plasma, the development team, as usual, brings news of ongoing work for the desktop environment. While KDE continues to polish the recently released Plasma 6.4, work has already taken off on the next major version of Plasma, 6.5. A significant step forward is being made on Wayland session restoration; the xx-session-management-v1 restore protocol has been implemented in Qt 6.10, which means KDE applications and Plasma itself can soon start using it to finally bring proper session restore to Wayland. For more immediate user-facing changes in Plasma 6.5, the Welcome Center application now teaches you about the many available keyboard shortcuts, as well as "what the heck the 'Meta' key is." For those who frequently work remotely, Plasma's built-in RDP server now supports syncing clipboard text between the client and server. The clipboard also received another useful feature, letting you copy the QR code for an item, not just view it. The team is also addressing smaller usability issues across the desktop, including fixes that will land in point releases for Plasma 6.4. Spectacle, for example, will no longer show a ghostly semi-transparent version of its menus in screenshots. The New! badge, which was introduced in Plasma 6.4 is now easier to read with better colors. Other notable UI improvements include: A new button on the "missed notifications" pop-up that lets you view what you actually missed. The Networks widget is now much better at telling you what it is doing, like when it is "looking for wireless networks". Inertial scrolling with touchpads is now active in all QtQuick-based KDE software. As always, the KDE team spent the week squashing bugs across various versions of Plasma and related software. Plasma 6.4.1, which went live this Tuesday, addressed several crashes in the desktop portal implementations and patched the open/save dialog, where apps could insert extra UI elements in the wrong places. It also resolved a recent performance regression affecting some games and fixed a strange issue with drawing tablets where the pointer could disappear when two were connected in different modes. 6.4.1 tackled a particularly odd hardware-specific problem with Samsung Odyssey G5 monitors endlessly turning on and off because of a faulty DDC implementation. KDE responded by blacklisting the device. In addition to that, the update fixed an accessibility regression in Discover, corrected an issue where deleting a favorited app left behind a ghost item you couldn't un-favorite, and restored the Window List widget's ability to minimize windows. As for fixes planned for 6.4.2, here's the full list as outlined by the Plasma team: Fixed a case where System Settings' Flatpak App Permissions page could cause the whole app to crash. Fixed an issue that could sometimes cause Plasma to go back to sleep again right after waking up, when the "Sleep then hibernate" setting is in use. The appearance of text labels in Folder View pop-ups is once again correct. You're no longer erroneously prompted to authenticate for a Wireguard VPN whose credentials are already stored in KWallet, and the wallet is set up to automatically open at login. Fixed an issue in the KDE desktop portal's screenshot implementation that prevented the delay setting from taking effect. Missing app backends listed in Discover's Settings page once again show the correct names. The brightness level shown on System Settings' Display & Monitor page now matches the one shown in Plasma. Fixed an issue that caused the panel to have too much space in it until restarting Plasma if you stop displaying the date on a horizontally-laid-out Digital Clock widget. The older Plasma 6.3.6 fixed video stuttering on variable-refresh-rate screens and patched the Weather Report widget after Environment Canada changed its data format. You can check out the full update on the official KDE Blog.
    • I'm happy with my setup. I have a raid 1 two drive Synology setup that I backup with Time Machine to every so often. What is your setup at home? 
    • Enterprise support (ex. Premier Support) is a bit different cup of coffee. I am not saying it is great, but they have SLAs and I have received solution within hours and even patches within 3 days.
  • Recent Achievements

    • One Year In
      TsunadeMama earned a badge
      One Year In
    • Week One Done
      shaheen earned a badge
      Week One Done
    • Dedicated
      Cole Multipass earned a badge
      Dedicated
    • Week One Done
      Alexander 001 earned a badge
      Week One Done
    • Week One Done
      icecreamconesleeves earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      569
    2. 2
      ATLien_0
      187
    3. 3
      +FloatingFatMan
      184
    4. 4
      Skyfrog
      112
    5. 5
      Som
      108
  • Tell a friend

    Love Neowin? Tell a friend!