3

It seems like if I set a computer up as a DMZ to host, say, a Minecraft server, then I'd still need to port forward.

Otherwise how will the router know which local computer to send them to when they access my external IP?

David Bandel
  • 141
  • 1
  • 1
  • 3

2 Answers2

6

No, DMZ in essence means "forward ALL ports" to X. You should only DMZ a host that you know is very secure as its attack surface is significantly increased. If you need just one or two services open, best to not use DMZ.

Linef4ult
  • 3,935
  • 17
  • 21
  • I see. I don't think it's possible to port forward with my router so I have to resort to this. Arris TG1672G has no capacity for port forwarding – David Bandel Dec 16 '15 at 07:46
  • (it pretends to, but always gives error messages when you try to create a virtual server) – David Bandel Dec 16 '15 at 07:57
  • @DavidBandel It does, its labelled virtual servers ;) EDIT: we posted at the same time, whats the error? – Linef4ult Dec 16 '15 at 07:58
  • "Table FWVirtSrvTable Full" - and I have no virtual servers created. No port forwarding whatsoever. (also I was able to do it before but now it gives this error and I can't really do anything) – David Bandel Dec 16 '15 at 08:11
  • @DavidBandel Strange. Also you really shouldnt spam the stack network, I can see you've posted at least three different questions about essentially the same topic. Especially not network engineering.. – Linef4ult Dec 16 '15 at 08:14
  • I posted once in network, they said that was the incorrect place and to post in Super User. I posted there and got one small reply. And this is a different question. I gave up trying to port forward and now I'm just trying to DMZ instead. – David Bandel Dec 16 '15 at 08:16
  • @DavidBandel No other mentions of your issue, so I can only assume the table size is zero. That being the case my first guess would be the ISP has made a change. Do you get an IPv4 or an IPv6 WAN address? – Linef4ult Dec 16 '15 at 08:16
  • Not entirely sure. When I go into WAN Setup, I see IPV4 on the "dynamic" page and IPV6 on the "dynamic (ipv6)" page – David Bandel Dec 16 '15 at 08:18
  • What does this page report? http://screenshots.portforward.com/routers/Arris/TG1672G/System_Information.jpg – Linef4ult Dec 16 '15 at 08:22
  • WAN MAC Address D$:05:98:2F:30:64*** connection setup dynamic/dynamic*** IP ADDress: it has the ipv4 / then the ipv6*** subnet mask: 255.255.224.0*** then the regular domain name for my isp*** the primary/secondary dns*** tertiary dns is 0.0.0.0*** gateway: 70.117.96.1 / FE80::217:10FF... etc. – David Bandel Dec 16 '15 at 08:28
  • Doesnt sound like CGN so. Time to give you ISP a call I'd say. – Linef4ult Dec 16 '15 at 08:43
  • Ok. Do you know what I should ask them about? What they may have done? – David Bandel Dec 16 '15 at 08:52
  • Either updated the frimware/CMTS config or enabled some kind of Carrier Grade NAT. – Linef4ult Dec 16 '15 at 09:05
  • Cool. Thanks. I'm going to try to bully my way up to grandmaster super saiyan level tech support early on rather than being upgraded one rank at a time for hours. Will record the conversation too. – David Bandel Dec 16 '15 at 09:21
0

It depends on how many normal* IPs you have.

  • If you only have one IP and use NAT then yes, you will need to forward a port. This is reasonably standard, even on cheap SoHo devices.
  • If you habve multiple IPs then just assign a second IP to the computer running the minecraft server. Frm that point on it is routing as normal.

And if you have IPv6 (still not in use everywhere despite being available for 2 decades) then you probably can use thousands of IP addresses. In which case you should check if there is anyone with a minecraft client which still lacks this ancient access. (In which case you need to fall back to the IPv4 options or tell him/her to get with the times).


*Normal as in public IPs, or sometimes called external IPs. Not RFC1918 range IPs which includes the well known 192.168.0.0/16 range.
Hennes
  • 64,768
  • 7
  • 111
  • 168
  • Not sure what you're talking about with multiple IPs. Multiple external ips? Or local on my network. I just have one external IP, I set up a DMZ, and I also need to port forward to it to run a server you're saying? – David Bandel Dec 16 '15 at 07:54
  • ` just have one external IP,` that is what I meant with on IP. I will edit to clarify that. Sadly only one normal/public IP is common these days, but the Internet was designed with the idea that each device would get its own [public] IP. NAT is aan ugly kludge to work around running out of numbers. – Hennes Dec 16 '15 at 07:57
  • Ok so I absolutely do need to port forward in addition to DMZ? One external IP. One computer among multiple on network. Trying to run Minecraft server – David Bandel Dec 16 '15 at 08:10
  • Yes. One IP (probably on a combination of modem firewall, router and WAP). That means that that one device is the only one you can reach directly from the Internet. If you want to have something reach another device inside the network than this 'swissarmyknife' must forward that. – Hennes Dec 16 '15 at 08:15