Welcome to the MacNN Forums.

badtz · Jun 2, 2004, 05:19 PM

If I'm the only computer using the router's wireless connection [or wired for that matter] ....

is there any way to have ALL internet traffic directed to me?

or do I still have to manually have all the ports forwarded to me in the settings [ie. when using timbuktu, bit torrent, etc. etc.] ??

Applefreak01 · Jun 2, 2004, 06:06 PM

You can setup a DMZ server from your router. But DMZ opens all ports making the router's firewall useless. I guess on a Mac it isn't that big of deal because most hackers don't know or want to hack a Mac and Mac OS X has a fairly good built-in software firewall as well.

If your worried about protection from hackers and what not then just route the ports you need to your one computer as you need them and leave the rest off.

badtz · Jun 2, 2004, 07:19 PM

even if I open the DMZ, will I still need to manually have the ports forwarded to me?

Applefreak01 · Jun 2, 2004, 07:41 PM

No. Setting your computer as the DMZ server allows all ports to be open and instead of your IP being 192.168.0.x it will be what your router gets from your ISP. DMZ basically bypasses the firewall of a router and makes the computer you set it up to be seem like one computer connected directly to a cable modem with no router.

The router will route information (that's its job) to the computer that requested the information no matter how many computers are on your router.

You should only need to manually have all the ports go to the one computer if you have more than one computer and don't have that computer set as the DMZ server.

badtz · Jun 3, 2004, 02:55 AM

if you have that computer as the DMZ does that mean that any other computer that might be on the network would not be able to go on the 'net?

Applefreak01 · Jun 3, 2004, 05:41 AM

It won't affect the other computers. I was meaning that it looks like your router's IP in that if you for example started a multiplayer network game on your DMZ computer, other gamers would connect to your game using the IP address of your router. Your router will then forword the connection to the computer that made the request or your computer that is runing the game which is the DMZ computer. Your DMZ server will still have an internal IP address but DMZ forwards makes the IP address look like it isn't. It gets kinda confusing doesn't it.

Think of it like this if you setup a ftp server on a computer on your network without setting that computer with either port forwarding or as the DMZ server then nobody outside your network will be able to connect to you. They can't type in ftp://192.168.0.x and connect, not going to happen. If you have port forwarding set for FTP to the IP address of the computer with the FTP server on your network then they could connect but will need the IP address of the router not your computer. Your router will then say hey ok he's got me setup to forward this request to this computer on his network and it does it. The same happens with a DMZ server only you don't have to manually open the port because all ports are open.

Other computers on the network will have a internal IP address of 192.168.0.x for example and can get on the net. DMZ just enables all ports to be open to a particular computer on your network, the rest are behind the router's NAT (Network Address Translation) firewall.

I hope that clears things up. Like I said it can get a little confusing. But once you get the hang of it DMZ servers are nice to have if you have a lot of ports that need to be open and forwarded to a single computer.

badtz · Jun 3, 2004, 01:33 PM

Thanks for the write-up!

What would happen in this situation then ........ ? ....

you have multiple computers on the network, they ALL open up timbuktu for instance, but one of the computers is in the DMZ.

Would the DMZ computer get 1st pick on the incoming internet traffic then? And the other computers wouldn't get anything?

ghporter · Jun 3, 2004, 02:13 PM

You may be trying to make things more complex than they need to be. With almost all routers, unless you change something, all ports will go to all computers. If you only have one computer behind the router, then it will certainly be able to send and receive traffic to/from all ports. The DMZ function simply turns off Network Address Translation for a single, LAN-side IP address. You need that with a lot of applications (like Timbuktu) that want to access the computer from the Internet.

If you have made changes to the setup of the router, that can change a lot of things. Fortunately, most routers make it simple to reset everything to original default settings.

What router are you using? Maybe there's something odd about it that you may need help with.

badtz · Jun 3, 2004, 03:32 PM

Usually NATs work well, but in situations let's say ....

multiple computers are using the same port number for a program [any program really] .... how would the NAT know to forward the incoming traffic properly? [which I assume is when you would use port forwarding]

but if you have one of those computers on the DMZ, does that mean the incoming traffic is now ALL directed to it? [how would the other computers on the network now be able to use the incoming ports that the DMZ is using?]

the router can be anything really [though mine is specifically a D-Link 713P]

winwintoo · Jun 3, 2004, 04:19 PM

Can I jump in here and ask a question. I had an AEBS but it was flakey so i ditched it and got a Linksys Wireless-G 2.4 Ghz - which is working fine.

My Sis and I use Timbuktu to keep Mom's computer running. Both Mom and Sis are hardwired to the internet and Timbuktu works fine for them, and I can get to them wirelessly using the AEBS but they can't get to me unless I physically attached a wire.

This discussion seems to suggest that there might be a setting to change so they could get to me using Timbuktu even when I'm wireless.

I'll be sticking with the Linksys, but I'd like to know if it can be done with the AEBS too.

Can you explain what we need to do? I'd sure appreciate it. If that explanation is beyond the scope of this forum, point me in the right direction. I don't mind doing the research, but I did look and couldn't find anything before - but then I didn't really know what I was looking for.

Thanks a lot, M

Applefreak01 · 04:43 PM

You can't set port fowarding for ftp for example on two computers in your routers setup. It will allow only one. Because when people go to connect to your server they'll be connecting from the internet and will need the IP address of your router. Your router will then say ok I'm set up to fordward this incoming connection from the outside to this LAN IP address and it does it.

DMZ bypasses the NAT of the router. So when people want to connect to a ftp server you have on the DMZ computer they will type in ftp://68.100.100.100 and not ftp://192.168.0.2 for example. Using the 192.168.0.2 IP address will not allow them to connect to you. Only other computers connected directly to your router on your network can use the 192.168.0.2 LAN (Local Area Network) IP address. Or you can set port fowarding for ftp port 21 to the 192.168.0.2 LAN IP address. So when people go to connect to you they type in ftp://68.100.100.100 and your router will forward that connection to the computer with the ftp server running with the LAN IP of 192.168.0.2.

Haivng a DMZ server is nice if you have a lot or want all the ports open for the computer on your network. And like GHPorter said some applications need it on to work correctly.

I don't know how you connect to the internet. But I'll use cable broadband as an example. Say you want to run the same P2P (Peer to Peer) server program like Limewire on two different computers and be able to have other people connect to either or both of them. One computer on the router gets one IP address and your router gets one IP address. So one computer can be set as the DMZ server or have port forwarding setup for the port that Limewire uses. Now other people will open up their Limewire client programs and type in the IP address of the router to connect to that one computer set as either the DMZ server or have port forwarding on for the port. Now lets say someone else is trying to connect to your other server but the router blocks this connection because that computer is not set as the DMZ or for port forwarding because you can only have one computer be the DMZ and only one computer can be setup to use port forwarding on your router as well. Now since you have cable broadband in this example you can call your ISP and have them assign you another IP address, but you'll need another cable modem and outlet to do so. Once you get another IP address assigned for your and another cable modem and outlet you can hook the cable modem to the outlet and the second computer you want to be a server and that computer would get the other IP address and be able to take incoming connections. But note that you'll be charged extra for having another IP address and cable modem most likely.

Server programs like to have their own IP address and can't share a single IP address either.

Now lets say you have AIM (America Online Instant Messenger) open and connected as two different users on those two computers that are connected to your router. AIM uses a single port to transfer data. Your router knows the internal LAN IP addreses of the two computers. Say user A send a chat to a buddy. The router will look at the LAN IP address of the computer that sent the data (the chat) and route the incoming data (buddies repsonse) back to that computer with the match LAN IP address. Now say user B starts a chat with a buddy while user A is still chatting. The router will look at the two different computers LAN IP addresses and keep track as to which one gets which incoming data from the internet. What the router does is flag the incoming and outgoing data to mark it so it knows which computer sent the data and which computer wants the data. Each little piece of data coming from the internet is in the form of a packet. So again say user A sends a packet in the form of a chat. The packet is sent to the router with where it needs to go once it's on the outside internet. Now the buddy user A is chatting with gets the packet and sends it back to user A as a response to the chat. The packet now has new information added to it that tells it where to go. Now the router will get that same packet and read where it came from and send it back to the computer that it came from when user A started the chat.

Another example. Say you have your two computers connected to your router both with Internet Explorer open. On computer A you type in http://www.apple.com. Does the Apple web page load on computer B, No. The router say ok computer A made the request for this data so I'll send it to computer A and not computer B.

I hope that clears up how the router works now. I think your best of just having one server on one computer running at any one time or you'll run into problems unless you get another IP address from your ISP and connection to go with it.

Applefreak01 · Jun 3, 2004, 04:51 PM

Originally posted by winwintoo:
Can I jump in here and ask a question. I had an AEBS but it was flakey so i ditched it and got a Linksys Wireless-G 2.4 Ghz - which is working fine.

My Sis and I use Timbuktu to keep Mom's computer running. Both Mom and Sis are hardwired to the internet and Timbuktu works fine for them, and I can get to them wirelessly using the AEBS but they can't get to me unless I physically attached a wire.

This discussion seems to suggest that there might be a setting to change so they could get to me using Timbuktu even when I'm wireless.

I'll be sticking with the Linksys, but I'd like to know if it can be done with the AEBS too.

Can you explain what we need to do? I'd sure appreciate it. If that explanation is beyond the scope of this forum, point me in the right direction. I don't mind doing the research, but I did look and couldn't find anything before - but then I didn't really know what I was looking for.

Thanks a lot, M

Your sister and mothers computers must not be connected to a router like you. You'll need to open the Airport Base Station utlitly and set the DMZ server to your LAN (Local Area Network) IP address that your computer gets off the Airport which would be something like 10.0.0.2. Or using your Linksys wireless router login to the router with the admin name and password and set the IP address you get off the wireless Linksys like 192.168.0.2 as the default DMZ host. Programs like Timbuktu like a computer using a DMZ server better than having that port that it uses forwarded. For the AEBS make sure yoy have version 5.5 or later of the firmware installed. Version 5.5 or later works best with DMZ hosting. You can go to http://www.macupdate.com or http://www.versiontracker.com and search for Airport Extreme Base Station or something like that to find the latest firmware update for your base station and download the file so you can install it.

badtz · Jun 3, 2004, 04:59 PM

Thanks for the write-up AppleFreak!

Got it

Applefreak01 · Jun 3, 2004, 05:05 PM

Originally posted by badtz:
Thanks for the write-up AppleFreak!

Got it

Cool. I guess all those networking classes and my A+ certification are finally starting to be useful.

Up next getting Apple certified