P2P-Zone - View Single Post

Drakonix · 21-08-03, 08:32 PM

Unless the DMZ computer has it's own dedicated internet connection, computers on the private LAN are probably networked to the DMZ machine.

Sharing an internet connection (DSL, cable, etc.) to the DMZ machine and other computers via a router, switch, or hub creates a network path between the computers.

As Malk pointed out, there is security risk in networking other computers to a DMZ host.

Having a sacrificial computer is a good idea, but you have to be very careful about designating a computer in a DMZ.

Usually, designating a computer in the DMZ means you have a router and intend to configure this option to pass all ports to the DMZ machine. It would probably be better to configure the router to pass only the ports needed by applications running on the server machine(s).

Manufacturers often include the DMZ option in routers as a stopgap measure to support applications with unusual port requirements.

It can be frustrating at times to get some applications to work behind firewalls, but the added safety (IMO) is worth the effort.

Normally, only ports which require capability for incoming connections need to be configured to pass through a firewall. I have some concerns about ES5 needing all those ports opened.

Edited: Typo

21-08-03, 08:32 PM	#35
Drakonix Just Draggin' Along Join Date: Apr 2000 Posts: 1,210	Unless the DMZ computer has it's own dedicated internet connection, computers on the private LAN are probably networked to the DMZ machine. Sharing an internet connection (DSL, cable, etc.) to the DMZ machine and other computers via a router, switch, or hub creates a network path between the computers. As Malk pointed out, there is security risk in networking other computers to a DMZ host. Having a sacrificial computer is a good idea, but you have to be very careful about designating a computer in a DMZ. Usually, designating a computer in the DMZ means you have a router and intend to configure this option to pass all ports to the DMZ machine. It would probably be better to configure the router to pass only the ports needed by applications running on the server machine(s). Manufacturers often include the DMZ option in routers as a stopgap measure to support applications with unusual port requirements. It can be frustrating at times to get some applications to work behind firewalls, but the added safety (IMO) is worth the effort. Normally, only ports which require capability for incoming connections need to be configured to pass through a firewall. I have some concerns about ES5 needing all those ports opened. Edited: Typo __________________ Copyright means the copy of the CD/DVD burned with no errors. I will never spend a another dime on content that I can’t use the way I please. If I can’t copy it to my hard drive and play it using the devices I want, when and where I want, I won’t be buying it. Period. They can all take their DRM, broadcast flags, rootkits, and Compact Discs that aren’t really compact discs and shove them up their bottom-lines. Last edited by Drakonix : 22-08-03 at 03:37 PM.