What's DMZ used for in a home wireless router?

wireless-networking router dmz

As far as I understand, by using DMZ you expose all of the host computer's ports to the Internet. What's that good for?


The DMZ is good if you want to run a home server that can be accessed from outside of your home network (ie web server, ssh, vnc or other remote access protocol). Typically you would want to run a firewall on the server machine to make sure only the ports that are specifically wanted are allowed access from public computers.

An alternative to using the DMZ is to setup port forwarding. With port forwarding you can allow only specific ports through your router and you can also specify some ports to go to different machines if you have multiple servers running behind your router.


Please be careful. DMZ in a corporate/professional environment (with high-end firewalls) is not the same as for a home wireless router (or other NAT routers for home use). You may have to use a second NAT router to get the expected security (see the article below).

In episode 3 of the Security Now podcast by Leo Laporte and security guru Steve Gibson this subject was talked about. In the transcript see near "really interesting issue because that's the so-called "DMZ," the Demilitarized Zone, as it's called on routers.".

From Steve Gibson, http://www.grc.com/nat/nat.htm:

"As you might imagine, a router's "DMZ" machine, and even a "port forwarded" machine needs to have substantial security or it will be crawling with Internet fungus in no time. That's a BIG problem from a security standpoint. Why? ... a NAT router has a standard Ethernet switch interconnecting ALL of its LAN-side ports. There's nothing "separate" about the port hosting the special "DMZ" machine. It's on the internal LAN! This means that anything that might crawl into it through a forwarded router port, or due to its being the DMZ host, has access to every other machine on the internal private LAN. (That's really bad.)"

In the article there is also a solution to this problem that involves using a second NAT router. There are some really good diagrams to illustrate the problem and the solution.

Related

Is there a Win7 shortcut to position mouse in center of primary screen?
Always show windows CPU monitor graphic in taskbar
How can I type a backslash with no backslash key?
What is this Recovery Partition for on a fresh installation of Windows?
Is it possible to view a page in Firefox using "print" media type?
IP Address vs MAC addresses
What's the meaning of 10.0.0.1/24 address of my computer (from the "ip addr" command)?
How To Resolve IP Addresses To Domain Names?
With tmux on OSX, how can I make command+k clear more gracefully?
Does speed enhancement software actually work? [duplicate]
Difference between locate and which in Linux
Why does searching "0.693" bring me to "0.0.2.181"? [duplicate]