I just set my computer up on a Linksys router for DMZ Host. I then ran a check at ShieldsUP and it said I was unreachable and very secure using the IP Agent program from the web site. How can this be? Since I am on DMZ Hosting I should be exposed to the internet. Right? I checked WINIPCFG to make sure that the IP that IP Agent got was correct and it was. It was a 192.xxx.x.xxx IP. Any ideas. I dont want to leave my PC in DMZ to long if it will be vulnerable to Hacker's.

Thanks for the links Ken. However half of them Contradict the other half. One set says the computer set as DMZ is completely protected and the other half says your not. I will assume that my Linksys router is completely protecting the internal computer and the computer that is setup as DMZ Host. If ShieldsUp can't see it then nobody esle should be able to either.

Thanks

[ 03-21-2001: Message edited by: DIDS ]

DIDS, just to help you out a little. I have my machine in DMZ. The fact of the matter is this: Make sure you have no Trojans or Viruses sending packets out since you are open. Now, just because you are in DMZ does not mean outsiders can get in. For all intensive purposes you have to practically invite someone in for them to get access. Meaning, FTP Server, Web-Server, etc. Even then it is almost impossible to get access to any part of your machine that isn't part of the program that let them in. Are you following? What I did personally to absolutely keep everybody out and I mean everybody is that I unbound my TCP/IP from Client for MS Networks and File and Printer Sharing. What I did then was to use Netbeui to communicate between my machines. Also, I shared my drives only with a good password. I am running Win2k pro so I have the luxury of establishing group policies. But nevertheless the fact that you are still assigned an internal IP Address protects you even before you think about the items I mentioned above. Nobody, without you initiating first can get access to your machines IP internal address past the firewall. All DMZ means is that the firewall will not block incoming packets going to any port on your system. No biggy. Just be attentive of when you are running Sharing software like FTP, Web-Server to give them access only what you want to give them by the program.

Thanks for the reply Scum333. I only put it in DMZ on the weekends for a few hours to host Delta Force 2 games. I also installed BlackIce and ZoneAlarm on the host PC. I set ZoneAlarm to Medium security and BlackIce to Nervous. I doubt anyone will get into my PC with those settings. I cant unbind TCP/IP because Delta Force 2 needs that. I also have to have File & Printer Sharing to share the one printer between the 2 PC's. I really highly doubt anyone will be able to get into my system even if I leave my one PC in DMZ Host mode for more than a few hours on the weekends. Thanks for the help!

Hi DIDS,

There is a reson you got that rating from grc. You are using a private ip scheme (192.168.x.x), by definition non-routable from the net. When you put a machine in the dmz and want to test, do not use the ip agent. ShieldsUp will auto-respond to any private ip address with that VERY SECURE, unreachable, yadayadayada. Without using ip agent, it will test your public ip and THAT will allow you to determine the open ports on your dmz-host.

Give her a shot. Are you running a firewall on the dmz host? It appears that you are on a w9x/me box (winipconfig), which should be soliciting connections like crazy unless you are firewalled.

Hi cyberskye,

When both pc's are behind the router and I go to ShieldsUp without IP Agent. It shows a IP address of 66.66.XX.XX which is a RoadRunner IP. When I put one PC as DMZ Host and not use the IP Agent. It shows the same 66.66.XX.XX IP Address. It shows Stealth both ways without any Firewalls running. When both PC's are behind the router shouldn't their IP address's show as the IP address that the router assigns them? How can it show the same RR IP address both behind and outside the router? When I use the IP Agent with both PC's behind the router it shows the address of the router assigns them. When I place one PC as a DMZ Host and use IP Agent again. It still shows the IP address that the Router assigns them.

Do you have dhcp enables on the router? That will interfere with the dmz/forwarding features.

When both PC's are behind the router shouldn't their IP address's show as the IP address that the router assigns them?

Normally yes, but the router performs NAT on the packets from your machines to the net. That's how you get to share the connection without purchasing a seperate ip.

Do you have dhcp enables on the router? That will interfere with the dmz/forwarding features.

Yes I do have it enabled. The Linksys router book said to leave it enabled.

The book does however say to forward ports you need to disable it, but nothing about disableing it for DMZ Host.

[ 03-22-2001: Message edited by: DIDS ]

Hi

Normally you do want to leave it enabled. That makes moving machines on your lan around a little easier. I quote the manual:

"Before using Forwarding, the Router's DHCP function must be disabled under the DHCP
tab and the Router must be assigned a new static LAN IP address."

DMZ is forwarding of all ports. It's worth a shot, right? Just give each machine a static ip address on the same network as your router ie 192.168.1.x

Reboot and see if that works. Have you gotten the latest firmware yet? Definitely improved throughput.

Cheers

Do you have the 'block wan request' box checked on the filter screen in the router gui? That would stealth your system by not responding to ANY requests on the wan port.

Originally posted by cyberskye:
Do you have the 'block wan request' box checked on the filter screen in the router gui? That would stealth your system by not responding to ANY requests on the wan port.

Yes I do have this enabled.

I guess since ShieldsUp says I am Stealth in DMZ Host mode and I am able to host Delta Force 2 games. I should be all set for security. Right? I will still run ZoneAlarm and BlackIce just in case. Never hurts to have a Software firewall running. I will have ZoneAlarm set to Medium and BlackIce set to Cautious.