On Sat, 03 Jul 2004, Michael W. Cocke <(E-Mail Removed)> wrote:
> On Fri, 02 Jul 2004 18:47:49 -0700, Chris Carlen
><crobc@BOGUS_FIELD.earthlink.net> wrote:
>
>>Travis Casey wrote:
>>> Let's put it this way: Linksys is misusing the term "DMZ" here. Their
>>> "DMZ" is simply a machine to which any incoming connections are allowed.
>>> It does no further filtering, and the "DMZ" machine is not restricted from
>>> contacting other machines on the internal network.
>>
>>Thanks for the reply.
>>
>>I think "false advertizing" might not be too strong a word. I'm rather
>>pissed about Linksys misrepresenting like this.
DMZ as used by SuSEfirewall2 refers to public IPs, and inexpensive
broadband routers cannot even handle more than 1 public IP (and usually
not more than 1 LAN subnet). So broadband routers in general use DMZ to
refer to a LAN IP that gets any ports not forwarded elsewhere and it is up
to the user to secure things from there.
> Wait until you find out that it doesn't even work properly as
> implemented! Running, for exaple, apache w/ namevirtualserver doesn't
> work behind a linksys - even in the dmz. That indicates that some
> level of filtering/munging is happening even in the so-called dmz.
Some routers that can do loopback (LAN2LAN via public IP) will also start
showing IP of router instead of actual client once you have used the
loopback (even subsequent access from internet clients). Not sure if that
affects Linksys, since my only Linksys devices are WAP11, WET11 and 10/100
pc card.
I had no trouble doing NameVirtualHost on a now obsolete Dlink DI-704 by
simply forwarding port 80 (no-ip.com names), and it did proper loopback.
Although, when I did incoming smtp to LAN box, I had to set Linux smtp
server LAN nic to mtu 1492 (same as PPPoE mtu on router) for that to work.
But I now use Linux as pppoe/router and for testing apache and smtp. The
only uninitiated ports I let in are 22, 25 and 80.
--
David Efflandt - All spam ignored
http://www.de-srv.com/
Similar Threads
Linear Mode
