Forward-dmz: Difference between revisions

From Tomato64
(Created page with "<span id="dmz"></span> == DMZ == On a more sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in FreshTomato, DMZ has a more simple effect. When enabled, all unknown ports on FreshTomato's WAN are forwarded to the defined DMZ host IP, instead of each being dealt with individually. Consider DMZ a "lazy" and potentially dangerous approach to port forwarding, due to the large...")
 
m (Text replacement - "FreshTomato" to "Tomato64")
Line 2: Line 2:
== DMZ ==
== DMZ ==


On a more sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in FreshTomato, DMZ has a more simple effect. When enabled, all unknown ports on FreshTomato's WAN are forwarded to the defined DMZ host IP, instead of each being dealt with individually. Consider DMZ a &quot;lazy&quot; and potentially dangerous approach to port forwarding, due to the large security hole it opens. You are advised to use other port forwarding methods before resorting to DMZ.<br />
On a more sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in Tomato64, DMZ has a more simple effect. When enabled, all unknown ports on Tomato64's WAN are forwarded to the defined DMZ host IP, instead of each being dealt with individually. Consider DMZ a &quot;lazy&quot; and potentially dangerous approach to port forwarding, due to the large security hole it opens. You are advised to use other port forwarding methods before resorting to DMZ.<br />
<br />
<br />
'''Enable DMZ''': This turns the DMZ function on or off.
'''Enable DMZ''': This turns the DMZ function on or off.
Line 16: Line 16:
'''Source Address Restriction''': If specified, this will limit DMZ activity to the defined source IP address range. The Default is empty, which means ports from any address or range will be forwarded.
'''Source Address Restriction''': If specified, this will limit DMZ activity to the defined source IP address range. The Default is empty, which means ports from any address or range will be forwarded.


'''Leave Remote Access''': If enabled, this will force SSH (TCP port 22) and HTTP (TCP port 443) traffic to always be answered by the FreshTomato router, regardless of DMZ settings.
'''Leave Remote Access''': If enabled, this will force SSH (TCP port 22) and HTTP (TCP port 443) traffic to always be answered by the Tomato64 router, regardless of DMZ settings.


<br />
<br />
<br />
<br />

Revision as of 17:43, 26 September 2023

DMZ

On a more sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in Tomato64, DMZ has a more simple effect. When enabled, all unknown ports on Tomato64's WAN are forwarded to the defined DMZ host IP, instead of each being dealt with individually. Consider DMZ a "lazy" and potentially dangerous approach to port forwarding, due to the large security hole it opens. You are advised to use other port forwarding methods before resorting to DMZ.

Enable DMZ: This turns the DMZ function on or off.

Destination Address: This is the LAN IP address of the device meant to receive all these forwarded ports.


c3eb8300c295e4230ec42a93d23e3aeb.png


Destination Interface: This is the VLAN/bridge where the above host can be found.

Source Address Restriction: If specified, this will limit DMZ activity to the defined source IP address range. The Default is empty, which means ports from any address or range will be forwarded.

Leave Remote Access: If enabled, this will force SSH (TCP port 22) and HTTP (TCP port 443) traffic to always be answered by the Tomato64 router, regardless of DMZ settings.