0

A Dlink DSL 2750u Router allows or blocks FTP & other Services on the wan side ie. from a ATM PVC Service. I have a Gajshield Firewall whoes wan port is connected to a Dlink's lan port. The Dlink router has DMZ enabled with a DMZ ip, this IP being the WAN IP of the Firewall.
This firewall has inward ftp services opened to the Internet, On the contrary the Dlink Router currently has ftp service not enabled on the wan side i.e. at the Wan Interface ATM PVC. I would like to know as to why ftp connnections yet get permitted when they are disabled on the Dlink's Wan Interface...

Regards

Sydney

Improve this question
11
  • DMZ means, forward everything, FTP included.
    – LPChip
    Commented Mar 15, 2017 at 7:04
  • so even if the service in not enabled on the PVC ATM Wan Interface, it would still forward the same... Like it would mean dmz would override any inbound settings on the Wan interface
    – CrazyFirewall
    Commented Mar 15, 2017 at 7:10
  • Yes. In fact DMZ means: bypass and just forward everything. DMZ is used in case port forwarding still can't forward the protocol or port and you need to debug to see if this is really the case. You don't want to disable your entire firewall, so DMZ is used to forward everything to a specific ip address. DMZ stands for De-Militarized Zone. DMZ is also used if there are 2 or more routers in place, and you don't want to duplicate the router rules from one router to the other. DMZ on the first router forwards all traffic to the second router.
    – LPChip
    Commented Mar 15, 2017 at 7:19
  • You said about two routers is it that one router should be connected to the wan port of the other one
    – CrazyFirewall
    Commented Mar 15, 2017 at 7:32
  • sorry for my late reply. Got disconnected from the internet due to a technical problem. If you have a router that is forwarded to another router, then the first router would DMZ to the second router so you don't have to mirror the portforwarding on the first router to the second router.
    – LPChip
    Commented Mar 16, 2017 at 17:38

1 Answer 1

Reset to default
1

DMZ means, forward everything, FTP included.

In fact DMZ means: bypass and just forward everything. DMZ is used in case port forwarding still can't forward the protocol or port and you need to debug to see if this is really the case. You don't want to disable your entire firewall, so DMZ is used to forward everything to a specific ip address. DMZ stands for De-Militarized Zone. DMZ is also used if there are 2 or more routers in place, and you don't want to duplicate the router rules from one router to the other. DMZ on the first router forwards all traffic to the second router.

Basically the router works like this:

If traffic is incoming to a certain port, if there is a portforwarding rule, that rule is followed. If there isn't, the request is ignored. By enabling DMZ, this changes to: first do portforwarding rules, if there is no match, just forward the request to the DMZ.

A third option is called bridging. In case a router is set to bridge mode, it will disable the NAT translating all together. No portforwarding rules, no firewall, nothing. Everything gets forwarded directly to whatever is on the first lan port. This usually also means, that the other lan ports and wifi are disabled. This is useful if it is a modem/router combo and you only want to use the modem.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .