DMZ. i just don't get it

[poseyjmac]

ive read many definitions of what a DMZ is pertaining to routers by googling. but these definitions don't actually explain a typical situation concerning one for me to really understand it.

when you're in a DMZ on your router, how is it useful? does this mean that you are open on all incoming ports, or is every incoming port forwarded to you? why is DMZ necessary if you can just forward ports to a safer place? and how is it beneficial to a gamer? me is confused.

 

[Asus]

ive read many definitions of what a DMZ is pertaining to routers by googling. but these definitions don't actually explain a typical situation concerning one for me to really understand it.

when you're in a DMZ on your router, how is it useful? does this mean that you are open on all incoming ports, or is every incoming port forwarded to you? why is DMZ necessary if you can just forward ports to a safer place? and how is it beneficial to a gamer? me is confused.

If you don't know how to forward ports, DMZ. Some routers can actually be pretty confusing about how to get them to forward ports and types. Of course then you don't have Firewall protection from your router...

 

[Bobcat]

DMZ, De-Militarized Zone, is basically just a direct connection to the internet, it would be as if there was no router in the first place. The router doesn't monitor or regulate any traffic coming through there, and basically, doesn't care.

 

[Asus]

Yeah, if you have many ports forwarding to a PC or server then a lot of ppl use DMZ in that case as well.

 

[poseyjmac]

hmmm, im almost understanding

lets say theres a LAN behind a router. Client A has port 80 forwarded to his machine through the router because he hosts a web server. now what if Client B becomes the DMZ guy and he also has a web server listening on 80. where does the incoming request from the net go to now? does having someone in DMZ coincidentally make other port forwards defined obsolete, and the DMZ guy is basically a magnet for all incoming requests?

or, does every incoming request check with DMZ guy first, if he doesn't accept, then it moves on to who is defined in port forwarding?

(id test this if i could, but i don't have a router to test at the moment)

 

[Asus]

I think the rest will have to be behind the firewall without any ports open if DMZ is enabled on another PC. I could be wrong.

 

[psyno]

why is DMZ necessary if you can just forward ports to a safer place?

Bingo. If you know what ports you need, forward them and don't use the DMZ.

As far as which takes precedence: I don't think there's a standard on how to implement a DMZ, but the only way I've ever seen it done is that manually specified port forwarding takes precedence over the DMZ. In your example, the first web server would get the traffic, not the DMZ one.

DMZ can be useful if you're having trouble figuring out exactly which ports you need for an application, but shouldn't be considered a long-term solution.

 

[bliink]

DMZ can be useful if you're having trouble figuring out exactly which ports you need for an application, but shouldn't be considered a long-term solution.

DMZ is useful if the router is not an internet gateway, just internal LAN and you don't need lots of security. Also, if you have: [internet]---[router]---[proxy servers]---[workstations], then you may have more complicated instructions on your servers, and don't need the router in the way; thus putting the servers in the DMZ will save time and confusion.

 

[jonbob]

It's also very useful for troubleshooting. I was having trouble connecting to XBox Live the other day; it's quicker to add the XBox to the DMZ than to set up 3 port forwardings.