DMZ vs Open Ports and Rules.
Hi Firewallers!
I have a windows server in my house where I run commercial applications (for example: Apache, mySql Server and etc.) and also some applications for entertainment (for example: L4D2 Server, Terraria Server, TeamSpeak Server and etc).
I bought Firewalla Gold because I was receiving a lot of attacks mainly coming from within TeamSpeak where once logged in, the client would dump a large amount of packages making the internet inoperable. The vast majority of times this attack came from Scandinavian countries and some regions in Africa.
With the policy of blocking countries via the Rules menu, I was able to mitigate all attacks, as the client could only exploit the flaw once logged in to the server, and as his country was blocked by Firewall, he could no longer even enter to make the attack.
However, I only managed to get my clients and friends to be able to access the server, when I added it to the DMZ (with the "Allow on Firewall" option enabled). Before placing the server in the DMZ, I tried to add the program ports via rules or even following the Open Ports and UPnP menu (unsuccessfully), I was only able to actually access the applications from outside when the server was placed in the DMZ.
The question is: As I am using with Firewall ON even in the DMZ and I managed to mitigate the attacks in this way, am I at any risk of leaving the server like this?
Thx again!
-
Okay, I'll check. But the strange thing is that before having the Firewalla Gold, everything was already configured on the TP-Link Archer C6 that it used as a router, now with Gold in place and exactly with the same settings, they only get access from the outside with the DMZ on . I deactivated all the NAT services of Tp-Link to not have conflict with Gold's but without results, anyway, as it is working, I will leave it this way.
Is there any risk of leaving the server in the DMZ (with the Firewall on, as it is)?
Thank`s
-
Leaving the server in DMZ is like connecting your server directly to the internet. Highly do not recommend this, unless you know what you are doing.
As of the DMZ works and port forward not working, you need to check your old configurations and see if there is anything that's missed.
Please sign in to leave a comment.
Comments
10 comments