How to enable or configure the DMZ on any router to open ports

2022-03-10 08:03:39 By : Mr. James Wang

Today most Internet connections use IPv4, and therefore, our router NATs against this public IP provided by the operator.If we need to open all ports to a specific IP address, we must use the DMZ function that is built into all routers.Today at RedesZone we are going to explain what the DMZ is, and how we can activate it on one of the computers on the local home network.However, before starting, it is necessary to know that opening the DMZ to a computer that does not have firewall protection is very dangerous, because we will be forwarding all the ports and we will not have any type of filtering.Normally, a home user does not worry about the different configurations and options that he has in his router, which has been provided by the operator, but he has also been able to buy it himself to replace the one of the operator that normally does not work correctly.In case we need to set up different servers in our home, we will have to open individual ports (port forwarding), or open the DMZ to forward all ports to a certain computer and that it does not have access problems from the Exterior.There are different reasons for a user to want to open the DMZ to a specific local private IP, from performing firewall tests on a computer to because in the case that we find the most, it is wanting to change the router provided by the company.In the case of having a fiber optic connection, many times these routers are so limited or short on resources, that with the passing of days or depending on the use we make, they are blocked or do not provide us with Wi-Fi coverage and speed. adequate.In these cases, many users opt to change the router directly for one purchased by them with better internal resources, better software and freedom when configuring it.The main problem is that many times it is so limited by software, the company directly does not provide us with the ONT codes to be able to configure a new router with an external or integrated ONT, or the operator's router does not allow us to configure the «bridge» mode. so that the router that we connect is the one with the public IP.For this reason, the only solution left to us is to connect another router to that router, assign it a fixed IP and open the DMZ to that router.This is done because we will have double NAT, and in the event that we want to open a port to a specific device, we will have to open a port on the main router "pointing" to the second router, and later on this second router "pointing" to the private IP address of the PC in question.Thanks to the DMZ of the main router, we will only have to open the ports in this second router.Another reason to activate the DMZ is to avoid problems when playing with consoles, on many occasions we need this functionality precisely to play online correctly and not have moderate NAT problems.The first thing we have to be clear about is knowing what model of router our ISP has provided us, or what model of router we have in our home.Normally turning the router around, we will see a label that puts the access data to the router such as IP address to enter its administration, user and access password.In case you do not have this information, you will have to find out the default gateway and access with the typical "admin / admin" or similar credentials.Once you have found out the access data, it is as simple as accessing your browser and entering the access data that you have under the router, or you have found out thanks to some other user who made a guide.Once inside the router configuration, you should look for a section that is usually found in the “advanced port configuration” area, if you cannot find it, we advise you to look for a guide for your router.Once there, it is as simple as activating the DMZ box, entering the IP for which we want the traffic to pass directly with all the ports open, and hit apply.The DMZ menu looks like this:Once we have activated the DMZ and set the IP, simply click on “Apply” and we will have all the available ports.You have to have one thing clear, and that is that if you had activated a port for a specific IP in port-forwarding (it is normally called that in routers), that configuration prevails over the DMZ, that is, the ports that we have Specifically opened takes precedence over ports that are not specifically open, so traffic from these specific ports will not be forwarded to the DMZ.Internally, most routers incorporate a Linux-based operating system, and these use the iptables firewall, which is also responsible for doing NAT.If we have previously opened ports, the DMZ rule will be placed right at the end of the chain.Our advice is that, if you are thinking of activating the DMZ and you don't know where the menu is, look for a specific guide for your router where they can help you more specifically to reach this interesting functionality.It is very necessary that if you open the DMZ to a certain computer, it has a well-configured firewall to filter all incoming traffic, since we will be opening all ports (except those that we have specifically open in the router), so we could be vulnerable to port scans and exploitation of different vulnerabilities if our software is not updated.