Normally a router protecting a home network will not accept any incoming connection requests. This is a very good thing because it protects your network from potential attacks coming from the internet. However if you actually want a connection from the internet to get through, this becomes a problem. This is where you would setup a port forward which directs the incoming port to a particular device. A port forward only allows some incoming connection requests to get through. A DMZ forwards all incoming connection requests and can be a good troubleshooting or diagnostic tool. In computer networking a router DMZ is, in essence, a way of placing a single device outside your home network. This can be very practical in many different situations, including:
- Gaming - when you want to host a lobby or server
- Security cameras - in order to connect to them from the Internet
- DVRs - so you can watch your recorded shows when you are away from home
Why a DMZ Might Be Necessary
Normally a port forward is your best option when needing to have incoming connections to your network. This opens the fewest number of ports thereby giving you the highest level of security. However there are times when this does not work due to any of the following reasons:
- The application that you want to use does not specify the ports required
- Your router can not handle as many ports as you want to forward
- The application uses a random incoming port that changes often
In these situations a router DMZ might be good for troubleshooting. It can also become a good permanent solution.
Why Do People Say DMZ Is Dangerous
A router DMZ can be dangerous if it is pointing at your computer and your computer is not running a properly configured firewall. Windows 7 and newer have a great firewall built in that actually protect you very well from potentially dangerous incoming connections. Earlier versions of Windows do not. Do not use DMZ on a computer running Windows 98, that would be a bad idea.
When Is a Router DMZ Completely Safe
A router DMZ is no more dangerous than a port forward when used for a device such as a webcam, a DVR, an Xbox, or a Playstation. These devices are designed to be connected to the Internet and have great security setup, they are very difficult to break in to. As long as you use a strong password on your DVR or webcam then there is no actual risk in pointing a DMZ at them. There is absolutely no risk in pointing a router DMZ at at an Xbox or Playstation as these devices are extremely secure.
This is a basic guide that shows you how to set up a DMZ for your network.
Step One: Find the Internal IP Address
First you need to find the Internal IP Address of the device you want your router to point the DMZ at. If you are using Windows, you can use our Router Detector Software. If you want to point the DMZ at game console, then you need to find the internal IP Address through the game console's menu.
Step Two: Login to the Router
To get started configuring your Router DMZ you need to login to the router. You can find your router's login guide from the Home page of our site.
Step Three: Find the DMZ Setting on Your Router
Once you have logged in you begin on your home page. From here find the DMZ section of your router. This can be found by clicking Firewall,Advanced, or possibly Applications and Gaming. Then see if you can locate the DMZ setting.
Step Four: Setup Your Router DMZ
This directs you to a page that looks similar to the image above. Make sure the DMZ is turned on. For this router, click the Enable radio button.
Then, next to DMZ Host IP Address, enter the internal IP Address you found in step one.
That's it, just save your changes before you exit.
Possible Problems When Creating a Router DMZ
- When you create a DMZ and still don't receive incoming connections, check your router's firewall to see if it is blocking the connection attempts.
- If you can't login to your router, you may want to follow our How to Reset Your Router Guide.