Fresh-Networks

Hey, Just a Fresh question.

I have been experiencing uber slow downloads on My P2P programs and torrent clients on my lean mean p3 downloading machine . And one of them said something about NAT/Firewall settings. So i had a fiddle in my wireless routers control panel (bt voyager 2000) and came across DMZ host, stating:

DMZ Host

A DMZ host is a computer on your network that can be accessed from the Internet regardless of NAT, virtual server and firewall settings.

Setting-up a DMZ host has implication on the security of your network. Only set-up DMZ if you understand the consequences.

Since it said ' Regardless of NAT ' i went ahead

So now i have slightly faster downloads, just dont want my 6 month on the trot non-stop p3 system windows installation dying because of some ex-customer who hate me or something hacking me. :<

(ps only has windows firewall and AVG free)


Kind Regards, Lee.

markcastle

Wow.. are you serious?

__________________
••• Mark Castle ••• Secura Hosting Ltd •••
••• Managed Hosting •••
••• AS29452 • UK Company Reg No: 04330657 • VAT Number: 789 2703 81 • Sales: 0845 123 2632 •••
My views are my own and not those of my company.

Fresh-Networks

Yes I never really bothered studying wireless, just there because i dont want to drill holes all around my house for cables :<

JamesSykes

On most routers you set the private IP address as "DMZ" so it will just forward ALL traffic to you, essentially negating the protection you get from NAT.

It wont MAKE your computer insecure but its not a great idea unless you keep ontop of all your patches/updates to stop yourself getting hacked.

__________________
Mooharr
E-Mail Hosting Services
These are not my views and i cannot be held accountable for anything he says.

JSamuel

DMZ - DeMilitarised Zone (sp..)
In short - no defenses, pure exposure.

__________________
Joel Samuel ACSA 10.5
WHC Mod

Real Hosts Limited | Colocation | VP/Dedicated Servers | Monitoring | Backup | Virtual Hosting
[e] j.samuel@real-hosts.co.uk | [p] 0845 890 5480 | [f] 0845 890 5481

Planet Audio Group | MacUniverse - Apple MacBook MacBook Pro MacPro & X-Serve | Planet Audio | Planet Video
[e] sales@planetaudiosystems.co.uk | [p] 0208 950 1485 | [f] 0208 950 1294 | 0% Finance.

I represent my own views and not those of my companies or the forum(s) on which I moderate.

PaulC

The faster downloads will more than likely be related to the ports all being forwarded to the download machine by means of the DMZ. The best idea is to remove the DMZ and setup port forwarding for the associated ports to the internal IP of this machine.

__________________
Paul Carter
eHosting Limited

Fresh-Networks

Ok, Thanks Paul . I just checked and it lets me do a range as my p2p programs vary port to port, some choose random of say: 6453-6568.

Regards, Lee

Joe

It's a silly name for 1:1 nat, and its quite possibly the silliest idea ever, either give the machine a routable ip or don't.

__________________
Internet!

JamesSykes

It works well for me when i want to play xbox live on my 360

__________________
Mooharr
E-Mail Hosting Services
These are not my views and i cannot be held accountable for anything he says.

markcastle

If you are going to implement Demilitarized Zones then you really ought to understand what they are
http://searchwebservices.techtarget....213891,00.html

If your firewall is soooo poor that you can't get good speeds through it, i'd suggest that you need to invest in a better firewall rather than rather than make your systems less secure. Consider it similar to putting your TV outside on your driveway... you might pick up a slightly better picture outside but someone is going to steal it sooner or later.

__________________
••• Mark Castle ••• Secura Hosting Ltd •••
••• Managed Hosting •••
••• AS29452 • UK Company Reg No: 04330657 • VAT Number: 789 2703 81 • Sales: 0845 123 2632 •••
My views are my own and not those of my company.

SynergyWorks

Can we not just put the aerial outside and leave the TV indoors?


... anyway, back on topic.
A DMZ although better if you can live without it, isn't a problem with a windows machine fully patched with a basic firewall. At the office we have an ADSL line with 5 public IPs assigned directly to windows machines running nothing but Windows XP SP2 with the latest patches and windows firewall - never been hacked. *touch wood*


Just my two pence....

__________________
Robert Bentley

SynergyWorks.co.uk - AS41659
Dedicated Servers - Virtual Servers - South East / Kent Colocation & Rackspace - IP Transit
T: +44 (0)1622 808 420 / F: +44 (0)1622 808 422 / E: r.bentley [at] synergyworks.co.uk
VAT #: GB 913 4306 53

Cyberprog

I use my routers with what I call and DMZ, except the routers are setup with public addresses on the DMZ, but filter what IP traffic actually gets through to them. Then the LAN side is private only (other than specified NAT translations) and the WAN is the connection to the ADSL network or upstream. Found that works best for us as the firewall centralises everything and you can throw a machine up publicly easily while it being secured by the firewall.

__________________
Alex Threlfall
Cyberprog New Media
www.cyberprog.net
Of course my bull-bar is safe, it sits so high the old people and the children go underneath.

markcastle

This is the sort of mentality that i just can't understand though.. it's not like a reasonable hardware firewall will break the bank, strewth you could even use an old PIII 500MHz running ipcop or m0n0wall if you are really skint, then use the software firewalls as last line of defence.

I also can't understand why on earth a hosting company would want to highlight their wide open security policy on a public forum; you must be mad. I hope you don't have any customer data / personal information or passwords on those machines. You'd likely be in breach of the data protection laws if nothing else.

__________________
••• Mark Castle ••• Secura Hosting Ltd •••
••• Managed Hosting •••
••• AS29452 • UK Company Reg No: 04330657 • VAT Number: 789 2703 81 • Sales: 0845 123 2632 •••
My views are my own and not those of my company.

SynergyWorks

No customer data, and i'd be interested to hear of any known security flaws in the windows firewall & windows file sharing.

__________________
Robert Bentley

SynergyWorks.co.uk - AS41659
Dedicated Servers - Virtual Servers - South East / Kent Colocation & Rackspace - IP Transit
T: +44 (0)1622 808 420 / F: +44 (0)1622 808 422 / E: r.bentley [at] synergyworks.co.uk
VAT #: GB 913 4306 53

OliverMargetts

Wow, I don't use NAT, but I've got a FireBrick hardware firewall sat between the internet and everything else. I wouldn't dream of allowing Windows PC's on the network with a public IP without it.

The Windows firewall is one of the most useless bits of junk I've ever seen, too - it's so easy to bypass it's laughable. Perhaps if you used a firewall not built in to the OS, it'd be slightly more secure...

__________________
[size="1"][b]Regards, Oliver Margetts - Managing Director, (url-removed: need 20 posts)