When we configure a server or a network device that needs to access the Internet without a firewall and without filters, we normally proceed by accessing the modem settings and opening the required ports towards the IP of the device to be unlocked. On many latest generation modems we can speed up the configuration of the ports for the device using the DMZ, or the Demilitarized Zone, a special area of the modem where the control systems provided for other devices do not apply.
In this guide we will try to understand what is the DMZ and how to configure it on our home modem or router, so as to speed up access to a personal server or overcome connection problems with some common devices such as consoles, Smart TVs or TV Boxes.
READ ALSO -> How to open the router ports
Before placing any device in the DMZ, make sure you understand the risks involved in this operation, so that you can use the DMZ only in some particular scenarios in the home, avoiding placing all the devices on the network there (very unsafe and risky choice. , which effectively exposes devices to hacker and malware attacks).
The DMZ (abbreviation for DeMilitarized Zone, or Demilitarized Zone) is a specific area of modems and routers in which the control systems, normally provided for all devices connected to the network, are not applied, thus being completely isolated from the connected devices.
In the professional sphere, the DMZ can have its own customized rules and is usually less restrictive than the standard rules imposed on other devices placed on the network (hence the term demilitarized, ie without control by the router). In the home, the devices positioned in the DMZ will be visible in "transparent" mode to the external network (to the Internet) and it will not be necessary to configure any port to divert access to dedicated services; however, the devices placed in the DMZ will not be able to see the devices present in the "military" zone of the router, even if they respond to the same class of IP addresses. The lack of any kind of control pays off the DMZ is dangerous, which must therefore be used only in certain circumstances (as we will see in a dedicated chapter later).
Not all modems or routers have a DMZ: to check for this feature we access the control panel of the modem or router and check if, among the advanced settings, there is an entry named DMZ, DMZ Host o Demilitarized Zone.
On home modems or routers we can usually set up only one device in the DMZ, as an additional security system. If we want to take advantage of the DMZ, all we have to do is enter the IP address of the device to be unlocked in the appropriate field and confirm on OK or on Save / Apply, so as to allow transparent access to the device (firewall and NAT will be disabled, making the router or modem completely transparent to incoming and outgoing connections). On some corporate and business routers we can configure an entire network of devices in DMZ, so as to have a separate network accessible from the outside without too much difficulty; in this case we will obviously have to have adequate defense tools to mitigate the risk of a cyber attack.
If we do not know how to retrieve the IP address of the device to be "demilitarized" we advise you to read our guides Find another computer's IP address and spy on what it does e IP and network scanners to find connected computers.
But is the DMZ really that useful or can we safely ignore it? If we are able to open the router ports it is better to ignore it and proceed normally, but in some scenarios it may be particularly useful to configure the DMZ for a device:
- Test a web or FTP server for the first time: we can use the DMZ to test a personal web server or an FTP server, without having to manually configure the ports to access the services.
- Specific connection problems: if the console, the Smart TV or other devices do not connect to the network or some specific services (because we do not know how to open the doors), we can use the DMZ to quickly solve the problem.
- Increase the download speed of torrents: if we notice that the router or modem specifically blocks the ports of the BitTorrent or eMule services, we can use the DMZ to finish the download.
- Create a separate network: the devices included in the DMZ cannot see each other with the other devices, so as to create a completely separate environment in which it can carry out tests (even dangerous) without compromising all the computers present in the LAN.
- Connect two routers together: By connecting two routers together we risk having two NATs and two firewalls stamping on their toes. To solve this, we place one of the two routers / modems in the DMZ of the other, so as to make one of the two modems transparent and configure all ports and forwards only once (in the modem / router inserted in the DMZ).
To learn more about this last scenario, we recommend that you read our guide Connect two wireless routers to increase WiFi range.
The DMZ is a fairly dangerous area of the modem or router, to be used sparingly: if we place a device in this area only for testing or to check if the problem is the badly configured ports we always try to remove it at the end of the testing operations, since a DMZ can be easily attacked by hackers and malicious people, who will find a computer discovered and easily accessible from the network. This does not mean ignoring the DMZ altogether: it can present itself as one valuable resource if we have difficulty playing online with the console or accessing some online streaming services, in particular those that require the configuration of the access doors.
If we still have problems browsing the Internet we can read our guides on how Troubleshoot Internet and network connection problems on the PC e Not connected or no internet connection: how to fix on PC.
If, on the other hand, our need is to secure the network to which we connect, we suggest you read the articles on how Simulate hacker attacks on the wifi network e Safe surfing on a public, free or unsecured wifi network.
How to configure DMZ on the home modem