Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

DMZ question

  • 14-07-2011 2:56pm
    #1
    Closed Accounts Posts: 354 ✭✭


    You have a router /modem and lan and 3 pcs. PC A has RealVNC and is blocked from PC B and PC C by a software firewall.

    Is A in a DMZ and safe to connect to from a vpn without being able to connect to B and C. If not what is needed to make A in a DMZ ?


Comments

  • Registered Users, Registered Users 2 Posts: 2,320 ✭✭✭roast


    Your post is very unclear.

    Do you want to set up PC A as the only PC in a DMZ?
    If so, Set a static IP on PC A, and set that IP in the DMZ mode in your router config.


  • Closed Accounts Posts: 354 ✭✭MapForJ


    roast wrote: »
    Your post is very unclear.
    sorry

    Do you want to set up PC A as the only PC in a DMZ?
    If so, Set a static IP on PC A, and set that IP in the DMZ mode in your router config.
    yes the only one that can be connected to over vpn

    How do i set a static ip on PC A. my router is a zyxel P660HW T1 v3


  • Registered Users, Registered Users 2 Posts: 2,320 ✭✭✭roast


    MapForJ wrote: »
    roast wrote: »
    Your post is very unclear.yes the only one that can be connected to over vpn

    How do i set a static ip on PC A. my router is a zyxel P660HW T1 v3


    http://portforward.com/networking/staticip.htm


  • Closed Accounts Posts: 354 ✭✭MapForJ


    roast wrote: »
    MapForJ wrote: »
    you would do that only on the pc you want to vpn to in this case PC A?

    Thanks


  • Registered Users, Registered Users 2 Posts: 2,320 ✭✭✭roast


    MapForJ wrote: »
    roast wrote: »
    you would do that only on the pc you want to vpn to in this case PC A?

    Thanks

    Yes.


  • Advertisement
  • Closed Accounts Posts: 354 ✭✭MapForJ


    Thanks everyone for the help;)


  • Closed Accounts Posts: 16,713 ✭✭✭✭jor el


    Putting PC A in the DMZ of the router will expose it to the Internet, unfiltered. This can be quite a security risk, as PC A is no longer protected, and all ports are wide open to the Internet. This makes attacks on PC A much easier from the outside.

    If you want to VPN to this computer, then all you need to do is open a port for it on the router, and only open it for PC A. The other computers can still be protected.

    A true DMZ will isolate and computer in the DMZ from the internal network, which makes it quite safe (except for the computer in the DMZ, which is exposed). A home router, like you have, does not do this. PC A will be fully exposed to the Internet, and have complete access to your LAN too. Not a very secure thing to do. The software firewall is the only protection you have.


  • Closed Accounts Posts: 354 ✭✭MapForJ


    jor el wrote: »
    Putting PC A in the DMZ of the router will expose it to the Internet, unfiltered. This can be quite a security risk, as PC A is no longer protected, and all ports are wide open to the Internet. This makes attacks on PC A much easier from the outside.

    If you want to VPN to this computer, then all you need to do is open a port for it on the router, and only open it for PC A. The other computers can still be protected.

    A true DMZ will isolate and computer in the DMZ from the internal network, which makes it quite safe (except for the computer in the DMZ, which is exposed). A home router, like you have, does not do this. PC A will be fully exposed to the Internet, and have complete access to your LAN too. Not a very secure thing to do. The software firewall is the only protection you have.
    how wil it have complete access to the lan as it is blocked from others by firewall? Can you tell me what i need and how to create a true DMZ


  • Closed Accounts Posts: 16,713 ✭✭✭✭jor el


    Depends on your software firewall, but setting it up like this is a risk. Where is the software firewall that protects B and C? I don't know what you would need to set up true DMZ, best to Google it.


  • Closed Accounts Posts: 354 ✭✭MapForJ


    jor el wrote: »
    Depends on your software firewall, but setting it up like this is a risk. Where is the software firewall that protects B and C? I don't know what you would need to set up true DMZ, best to Google it.

    All 3 pcs have comodo firewall

    B and C can exchange files in shared folders etc

    Comodo firewall on B and C is configured to block all access to A

    A is also blocked from communication with B and C by Comodo

    A can connect to internet through router
    I don't know what you would need to set up true DMZ
    Ok thanks thought by your post you did


  • Advertisement
  • Closed Accounts Posts: 16,713 ✭✭✭✭jor el


    Have a read of this:
    http://www.linklogger.com/dmz_danger.htm

    There really should be no need to use the DMZ feature of your home router. Having one computer on your LAN that is completely exposed to the Internet is a huge risk, and makes it a lot easier for unscrupulous types to hack the other computers on the LAN, because they can get past your router and hardware firewall without even trying.

    The only thing you should put in a DMZ is another router (for running a dual router system). This could be a computer that is configured to run as a router, or a simple home router.


Advertisement