FreshTomato Wiki

User Tools

Site Tools

Trace:
forward-dmz

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
forward-dmz [2023/06/24 15:51] – -clarity, formatting hogwildforward-dmz [2023/06/24 18:16] – -add advise to try other methods first before DMZ hogwild
Line 1: Line 1:
 ===== DMZ ===== ===== DMZ =====
  
-On a more sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in FreshTomato, DMZ has a more simple effect. When enabled, all unknown ports on FreshTomato's WAN are forwarded to the defined DMZ host IP, instead of each being dealt with individually. Consider DMZ a "lazy" and potentially dangerous approach to port forwarding, due to the large security hole it opens. +On a more sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in FreshTomato, DMZ has a more simple effect. When enabled, all unknown ports on FreshTomato's WAN are forwarded to the defined DMZ host IP, instead of each being dealt with individually. Consider DMZ a "lazy" and potentially dangerous approach to port forwarding, due to the large security hole it opens. You are advised to use other port forwarding methods before resorting to DMZ
 + \\  
 + \\ 
 **Enable DMZ**: This turns the DMZ function on or off. **Enable DMZ**: This turns the DMZ function on or off.
  
 **Destination Address**: This is the LAN IP address of the device meant to receive all these forwarded ports. **Destination Address**: This is the LAN IP address of the device meant to receive all these forwarded ports.
- 
-**Destination Interface**: This is the VLAN/bridge where the above host can be found. 
- 
-**Source Address Restriction**: If specified, this will limit DMZ activity to the defined source IP address range. The Default is empty, which means ports from any address or range will be forwarded. 
- 
-**Leave Remote Access**: If enabled, this will force SSH (TCP port 22) and HTTP (TCP port 443) traffic to always be answered by the FreshTomato router, regardless of DMZ settings. 
  
  \\  \\
Line 19: Line 14:
  \\  \\
  
- \\+**Destination Interface**: This is the VLAN/bridge where the above host can be found. 
 + 
 +**Source Address Restriction**: If specified, this will limit DMZ activity to the defined source IP address range. The Default is empty, which means ports from any address or range will be forwarded. 
 + 
 +**Leave Remote Access**: If enabled, this will force SSH (TCP port 22) and HTTP (TCP port 443) traffic to always be answered by the FreshTomato router, regardless of DMZ settings.  
 + 
 +\\
  
  \\  \\
  
  
forward-dmz.txt · Last modified: 2023/06/24 18:53 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki