Results 1 to 6 of 6

Thread: Someone explain DMZ hosting to me...

  1. #1
    Regular Member Fudgemaker's Avatar
    Join Date
    Mar 2002
    Location
    Wellesley, Massachusetts
    Posts
    117

    Question Someone explain DMZ hosting to me...

    Hello, i am left a little skeptical here... i want to know what DMZ hosting is on my router configs in the ports section... anyone know...
    -I know where there's a good party. They've got liquor in the front and poker in the rear-

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,431
    In a nutshell, routers most commonly share a single IP adress to an internal network using a method called NAT...Network Address Translation. It hides the network (most commonly using a private IP scheme, like 192.168.1.XXX) from the outside world...all the outside world can see is the WAN IP that the ISP gives the router, like 64.252.13.14. All LAN workstations are hidden and protected because of the NAT.

    Now someone needs to correct me here, but there are something like 64,000 ports out there. Each port or range of ports serves a special purpose, such as port 80...websites run on, port 23 I think is for FTP, port 5631 and 5632 are used by PcAnywhere host mode, Quake 3 uses port 27960, etc etc.

    In NAT...you can forward a particular port or range of ports to only one computer inside the LAN. So if you are running a web server, and you want the outside world to see it, you need to forward port 80 to the private IP address of your web server. Lets say your server has an IP of 192.168.1.11....you'll forward to that IP. Since you only are forwarding one port, port 80, all your other ports on that computer are still protected.

    DMZ...DeMilitarized Zone, means to put an IP completely out in the open....so that EVERY port is wide open. Not secure at all...it's completely naked.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Regular Member Fudgemaker's Avatar
    Join Date
    Mar 2002
    Location
    Wellesley, Massachusetts
    Posts
    117
    if i put my ip in that to the computer i'm on, will that take away all the other ports/ranges that i orifinally forwarded to this ip? What i mean is... if i put my ip into the dmz hosting area, will i still see the ports/ranges that i had typed in before, or do they get deleted?
    -I know where there's a good party. They've got liquor in the front and poker in the rear-

  4. #4
    SG Enthusiast
    Join Date
    Jan 2001
    Location
    DC
    Posts
    4,726
    but there are something like 64,000 ports out there.
    65535, but who's counting...




    if i put my ip into the dmz hosting area, will i still see the ports/ranges that i had typed in before, or do they get deleted
    Not sure what you mean by "my ip" - public or the private ip of the server host. DMZ could be thought of as the forwarding of all ports. I do not know if your router's firmware will delete your entries or not, but if a machine is in the DMZ, all requests from external sources should hit the DMZ host. Again, this can depend on your hardware manufacturer.

    Unless you have a specific need to allow multiple ports (lik PASV ftp or the like) then using selective port forwarding probably makes more sense.

    <PARANOID>Make sure that the box is well secured, and that you secure other machines on your LAN against the DMZ host! Best practice is to assume that any machine that is exposed directly to the internet is owned. I would make sure that someone who had control of your DMZ host (or any server, really) could not attack the rest of your LAN - remove common user accounts, remove services and protocols that are not needed, etc. I would also run a FW on each other machine on the LAN and specifically block the internal IP address of the server/DMZ host. </PARANOID>

    Skye
    anything is possible - nothing is free


    Quote Originally Posted by Blisster
    It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)

  5. #5
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,431
    Originally posted by Fudgemaker
    if i put my ip in that to the computer i'm on, will that take away all the other ports/ranges that i orifinally forwarded to this ip? What i mean is... if i put my ip into the dmz hosting area, will i still see the ports/ranges that i had typed in before, or do they get deleted?
    If you put your LAN IP in the DMZ....it will open up all ports...so they will ALL be forwarded to that IP effectively. Another way of looking at it...it kind of "ghosts" your WAN IP to the LAN IP box in the DMZ. It will not overwrite or delete the ports you already have forwarded to that same LAN IP....but you will have problems if you forward ports to another IP...then DMZ a different IP....a port cannot go to two different LAN IP's at the same time...it's one or the either, not both. Port 80 is going to an IP one way or another, either DMZ or the proper way of port forwarding. If you mistakingly do it twice...no harm done...except when someone hacks your computer cuz you DMZ'd it.

    Save DMZ only for brief testing.....turn it off when you're done...it's not a good long term approach.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  6. #6
    Regular Member Fudgemaker's Avatar
    Join Date
    Mar 2002
    Location
    Wellesley, Massachusetts
    Posts
    117
    aight thanx. i think i get it all now! But if i am opening ports on different comps in the lan, i can do it from different comps and it will open only those certain ports for those certain computers and some can be dmz'd as well.. is that what you are saying? that was a little confusing. But it doesn't really matter anyways,, cause i only plan on dmz hosting one computer, and only for little at a time, not for long time spans! to be safE!
    -I know where there's a good party. They've got liquor in the front and poker in the rear-

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •