Alternative to setting up a DMZ

By remus_lupin
in Smart Home, Network & Security

 Share

Recommended Posts

Experienced

remus_lupin

Posted
Posted

Hello, I was looking to have one of my network devices completely exposed to the internet, as I have read the easiest way to do this is by setting up a DMZ (after giving that device a dedicated IP)

The problem I am running into is this, my router DOES NOT have a DMZ setting, so I was wondering if I can just open up the entire range of ports (1-65534) through port forwarding. Will this give me the same affect?

Link to comment
https://www.neowin.net/forum/topic/1026548-alternative-to-setting-up-a-dmz/
Share on other sites
Grand Master

farmeunit

Posted
Posted
  On 18/09/2011 at 20:21, remus_lupin said:

Hello, I was looking to have one of my network devices completely exposed to the internet, as I have read the easiest way to do this is by setting up a DMZ (after giving that device a dedicated IP)

The problem I am running into is this, my router DOES NOT have a DMZ setting, so I was wondering if I can just open up the entire range of ports (1-65534) through port forwarding. Will this give me the same affect?

The thing about a DMZ is that it puts that computer separate from your internal network. If you just open those ports, that machine is still on your internal network, and then you'd need to run a firewall on your other machines to protect it from that machine since it's wide open.

Why do you need a device completely exposed? What device is it?

EDIT: What router do you have? I've never seen one that doesn't have a DMZ.

Experienced

remus_lupin

Posted
  • Author
Posted
  On 18/09/2011 at 21:21, HawkMan said:

It will, along with most likely breaking your network.

If you don't have a dmz, just open the ports you need.

Yeah it did break my network, I undid it. The problem is, I have TRIED opening just the ports I need but it didn't help. So I figured I would try giving my device FULL access to the internet (no restrictions)...

  On 18/09/2011 at 21:25, farmeunit said:

The thing about a DMZ is that it puts that computer separate from your internal network. If you just open those ports, that machine is still on your internal network, and then you'd need to run a firewall on your other machines to protect it from that machine since it's wide open.

Why do you need a device completely exposed? What device is it?

EDIT: What router do you have? I've never seen one that doesn't have a DMZ.

Here is what I am trying to do, get my PS3 from NAT type 3 to NAT type 2. I have tried opening all recommended ports and UPNP is enabled, I have searched through many different forums and attempted many different things, setting up a DMZ was my last resort less of calling my ISP and asking for a public IP (as the one I have is private - I read this may cause my NAT type 3 problem). However they charge $10 each month for a public IP, so I was looking for a way around this.

EDIT: It's a new internet service (I live out in the country and cannot get fibre optics/cable etc. it is a turbo hub from bell with a built in router that allows me to get highspeed internet service) The modem/router is made by Netgear and the model is MBR1210

http://www.bell.ca/shopping/en_CA_ON.4G-NETGEAR-MBR1210Turbo-Hub/71142.details

Grand Master

farmeunit

Posted
Posted

http://support.bell.ca/Documents/User-Guides/Mobile/NETGEAR/NETGEAR-En/Netgear_mbr1210%28en%29.pdf

Page 68 - Setting up a DMZ

I'm assuming you've looked at these?

http://community.us.playstation.com/thread/3001339?start=0&tstart=0

http://community.us.playstation.com/thread/3025578?start=0&tstart=0

Experienced

remus_lupin

Posted
  • Author
Posted
  On 18/09/2011 at 21:43, farmeunit said:

Yup I have tried both of those, however I do thank you for the link to the manual (doh) I am going to try setting up the DMZ now, hopefully it will work!

Experienced

remus_lupin

Posted
  • Author
Posted

Unfortunately setting up a dmz did nothing, I still have NAT type 3.

I have each of my devices running on their own IP and I made sure when I set up the DMZ that I added the IP for the PS3 and not one of my other computers, I also made sure I put the NAT filtering on OPEN not secure

Experienced

remus_lupin

Posted
  • Author
Posted

Unfortunately setting up a dmz did nothing, I still have NAT type 3.

I have each of my devices running on their own IP and I made sure when I set up the DMZ that I added the IP for the PS3 and not one of my other computers, I also made sure I put the NAT filtering on OPEN not secure

Mentor

chrispinto

Posted
Posted
  On 18/09/2011 at 22:22, remus_lupin said:

Unfortunately setting up a dmz did nothing, I still have NAT type 3.

I have each of my devices running on their own IP and I made sure when I set up the DMZ that I added the IP for the PS3 and not one of my other computers, I also made sure I put the NAT filtering on OPEN not secure

Sounds like double nat to me

Experienced

remus_lupin

Posted
  • Author
Posted
  On 18/09/2011 at 22:25, chrispinto said:

Sounds like double nat to me

I don't have a second router on my network, the turbo hub has one built in and I am using that directly.

  On 18/09/2011 at 22:25, x9248 said:

PS3 supports uPnP btw.

I have tried UPnP on my router and PS3, still NAT type 3, then I tried manually port forwarding. Still NAT type 3.

I am not having trouble with playing games, even with type 3 all games I have tried work well, I just can not do video chats.

Grand Master

The_Observer

Posted
Posted

i had the same issues. have a E2000 Cisco router, we have 2 XBox360 1PS3 3 computers in the house, and this NAT problem was happening with the 2 xbox360 and PS3. I ended up installing DD-WRT onto my router and now i dont have the issue. the custom firmware is amazing! i day look into what you have and if you cant install it, get a new router that lets you!

Experienced

remus_lupin

Posted
  • Author
Posted
  On 18/09/2011 at 23:52, lflashl said:

i had the same issues. have a E2000 Cisco router, we have 2 XBox360 1PS3 3 computers in the house, and this NAT problem was happening with the 2 xbox360 and PS3. I ended up installing DD-WRT onto my router and now i dont have the issue. the custom firmware is amazing! i day look into what you have and if you cant install it, get a new router that lets you!

Unfortunately I do not think this will help in my case, as the turbo hub itself is what seems to be limiting my NAT type, so even if I bought an external router and put DD-WRT on it, it would still be going through the turbo hub and my NAT would be limited at that point. Having said that I checked google and there is no custom firmware for my particular model.

Thank you very much for the suggestion though!

Grand Master

The_Observer

Posted
Posted

seems like this problem has been going on for sometime, and there is no fix for it. what about firmware is there a update you can use? have you contacted the location where you got the device from and question with them?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

"calling my ISP and asking for a public IP (as the one I have is private"

If your router has a private IP from your ISP on its wan port, then yeah your behind a double nat.. And nothing you do on your router is going to make any difference for unsolicited inbound traffic.

Unless you have control over the device giving your router the private IP on its wan port, there is NOTHING you can do.

  • +LogicalApex
  • Like 1
Experienced

remus_lupin

Posted
  • Author
Posted
  On 19/09/2011 at 11:03, lflashl said:

seems like this problem has been going on for sometime, and there is no fix for it. what about firmware is there a update you can use? have you contacted the location where you got the device from and question with them?

  On 19/09/2011 at 12:16, BudMan said:

"calling my ISP and asking for a public IP (as the one I have is private"

If your router has a private IP from your ISP on its wan port, then yeah your behind a double nat.. And nothing you do on your router is going to make any difference for unsolicited inbound traffic.

Unless you have control over the device giving your router the private IP on its wan port, there is NOTHING you can do.

Unfortunately I did call them and they would not give me a public IP... They told me that they are only available for their business clients.

Oh well, thanks for all your help!

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

So you can not get any unsolicited inbound traffic? Or do they have your private IP in the dmz of their nat? You can make things work in a double nat, as long as the traffic is being sent to your private IP.

I would do a simple port forward to some service that is listening, be it ftp, ssh, http, telnet, something that is easy to turn on and you know is listening on your machine via netstat -an seeing the box listening on that port.

Then setup a forward on your router to that port and ip of the box listening. Then check that with canyouseeme.org -- do you see that port open.

I can walk you through a simple port open and forward check.

Experienced

remus_lupin

Posted
  • Author
Posted
  On 19/09/2011 at 13:42, BudMan said:

So you can not get any unsolicited inbound traffic? Or do they have your private IP in the dmz of their nat? You can make things work in a double nat, as long as the traffic is being sent to your private IP.

I would do a simple port forward to some service that is listening, be it ftp, ssh, http, telnet, something that is easy to turn on and you know is listening on your machine via netstat -an seeing the box listening on that port.

Then setup a forward on your router to that port and ip of the box listening. Then check that with canyouseeme.org -- do you see that port open.

I can walk you through a simple port open and forward check.

Thanks, I will try this when I get home, I am at school all day today. Will be home around 10:30pm Eastern time.

I think I understand what I need to do, I won't know until I actually try though, so a walkthrough would be fantastic.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

depends on the server your picking, lets say you installed filezilla server, by default ftp server listens on tcp 21, so you verify ftp server is listening say on your box 192.168.1.42 via netstat -an on the .42 box, or just accessing it via 192.168.1.42 from a different box on your network - does ftp work? If so then your listening, now go to canyouseeme.org and put 21 for the port - should show closed, then setup the port forward on your router to forward 21 to your 192.168.1.42 now does canyouseeme.org show open? If so then you have atleast some inbound ports forwarded by your isp to your private IP.

If shows not open even when you forward, then your isp is not forwarding any ports to your routers private wan IP. And there is nothing you can do for running any services or having any unsolicited reaching your network.

Now you say your routers wan has a private ip?? Really, thats a really lame ISP -- you might want to change. So your saying when you look on the wan status of your router it shows 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?? If this is the case your ISP is a joke, and I would switch as fast as I could get another one connected.

But if that is not an option, if your ip is private, you can reduce issues with making sure your routers nat private side is different. Ie if your routers wan is 192.168.1.0/24 then make your private lan 192.168.2.0/24 for something.. Having the same network on your wan and lan can cause you all kinds of grief -- it works sometimes, but can have issues.

Experienced

remus_lupin

Posted
  • Author
Posted

I tried your steps but even after port forwarding canyouseeme.org still was unable to pick up anything through port 21 (using filezilla).

And yes the WAN status of my router shows 172.16.x.x

Right now I am with Bell Canada, I would switch... but unfortunately I can not, I live in a very bad area and don't really have any other choice (rogers offers the same service but slower - and I have read online they suffer from the same things I am currently experiencing). I had dial-up until a couple years ago (we can not get cable etc.) I am using a portable internet service that uses cell service for internet (its expensive and offers little bandwidth).

I had a different service which was much more open (allowed for NAT 1 on my PS3) however just last week they said they were discontinuing the service and I would have to convert to this new one. Sure it's faster but I went from an unlimited bandwidth plan (3mbps) at $45/month to a 3GB/month plan on a 21mbps speed (5mbps down) for $55/month going up to a max of 10GB in a month for $80. However I have 6 months unlimited, at the end of which I am sure they will have larger plans at more reasonable prices.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.