[OT] router ports & DMZ

Karl Auer kauer at biplane.com.au
Tue Feb 17 05:41:53 UTC 2015

On Tue, 2015-02-17 at 04:56 +0000, thufir wrote:
> I have a netgear N-150 router and have tried to open ports on it.  
> However, it keeps showing as closed:
> thufir at doge:~$ 
> thufir at doge:~$ nmap -p 5060

You are scanning from inside your network, but I'm guessing you want to
enable connections from the outside world. It might actually be
working :-)

>From a system outside your network and with access to the internet, scan
your router's outside (public) address.

> With consumer grade routers, in general, and this router, specifically, 
> how do you go about opening ports?  Do they even have that capability?  I 
> tried disabling the SPI firewall, also.

Look in the manual for "port forwarding". You can fimd the manual
online. Don't use the DMZ feature unless you absolutely have to, because
it's a free pass for anything into your network, albeit to one address
in your network.

> I want *all* devices on the network to be DMZ servers -- just disable all 
> security!  Because I'm in a double-NAT situation, with this router 
> connecting to another router via wifi there's still the firewall/etc for 
> the first, outer, router.

It doesn't work that way. You have ONE outside address. The router can
discriminate between incoming connection attempts based on destination
port and send particular connections to a particular inside address
("port forwarding") OR it can just send all incoming connection attempts
to ONE inside address ("DMZ"). The N150 supports both modes.

But I don't understand what you are actually trying to do. Why do you
need two routers?

Regards, K.

Karl Auer (kauer at biplane.com.au)

GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882

More information about the ubuntu-users mailing list