Forwarding all ports to the local host (DMZ host)

Sometimes there is a task in the Keenetic's local network to organize a DMZ-host (it can be a web-server, a network video recorder, IP-camera or other device) at which all ports are opened and thus to provide full remote access to it from the Internet. A DMZ host is not a DMZ segment, because a host with open ports is not isolated from the internal network and is not protected by built-in security features (firewall and NAT).

NOTE: Important!

1. Port forwarding will only work if the router uses a public IP address to access the Internet. You will find more information in the article 'What is the difference between a public and private IP address?'

2. The example discussed in this article is a special case and not the best option from the point of view of connection security. Use this option only if you do not know which ports and protocols are used on the server or network device. In this case, security should be performed directly by means of a device where all ports are open. We recommend that you only open certain ports and protocols in port forwarding that are necessary for the server or network device to function.

Before setting up the port forwarding rule, register the device in the Keenetic on the 'Device lists' page and enable the 'Static IP' option by specifying the local IP address for this host.

Then, on the 'Port forwarding' page, create a forwarding rule for all ports.

dmz01-en.png

Enable the port forwarding rule.

In the 'Input' field you should correctly specify the value. Select the connection or interface through which the Keenetic router accesses the Internet and uses the public IP address (in our example it is 'Provider'). In most cases, you should select the 'Provider' interface. If you are connected to the Internet via a PPPoE, PPTP or L2TP, you should select the appropriate connection.

In the 'Output' field, select the device, connection or interface to which the appropriate traffic will be forwarded (in our example it is a computer named 'Server' that is registered in the home network).

In the 'Protocol' field, select the value 'TCP/UDP (all ports and ICMP)' from the predefined list (this value is the first in the list).

In the 'Work schedule' field you can add a schedule, according to which this rule will work.

NOTE: Important! You don't need to configure the firewall as the router opens access to the specified ports and protocols by itself when using the forwarding rule.

If port forwarding does not work for some reason, please refer to the article 'What to do if port forwarding does not work'.

 

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.