(Re:) DMZ su USRObotics 9003 help

From: alexp (banha_at_sapo.pt)
Date: 08/30/03 

Date: 30 Aug 2003 08:58:42 -0700

paolol wrote:

Hi i just had to replace my old router with this new USR, but this
don't
have the DMZ setting , any one know how to set this router to enable
my web
server to be see from outside ??
Thanks,
Paolo

........

Hi Duane,
yes this model have IP Filtering , IGMP Proxy, NAT , Proxies, ACL, and
a lot
more .... but for me it's still a black hole .. no light :))
Did you know how to use the IP Filtering ??
Thanks,
Paolo L.

__________________________________________________________________________

Answer:

You can have a DMZ in USR 9003, but you won't be able to have IP
Filtering, NAT and everything simultaneously else with DMZ.
For one ISP you can configure a DMZ (no router or firewall) or
firewall/routing facilities.

If you want to have a public IP in your PC box, you have to configure
the USR 9003 as "RFC1483 Bridging" and it will become a transparent
device, giving you an Ethernet access to the Internet. You'll need to
get, then, a PPPoE (PPP over Ethernet) client. If you are using Linux,
You cen get the Roaring Penguin utility from
http://www.roaringpenguin.com/pppoe/, or perhaps you already have it
on your machine.
With "RFC1483 Bridging" you'll have to do routing and firewalling in
your PC. In Linux you can use "iptables" ("ipchains" in kernel 2.2.X)
and "route" or "ip".

If you want to go the easier way, you give up the DMZ stuff and do
forwardind to your web and mail servers (and others). Here is a resume
of a message of mine about USR forwarding:

--> Read the all thread at:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=Xns93D94839CA4notmenotmecom%40216.148.227.77&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dbanha%2540sapo.pt%26btnG%3DGoogle%2BSearch%26meta%3Dgroup%253Dcomp.security.firewalls

To configure the FW on the USR 9003 do the following:

- Open the WUI in the browser.
- Open the Firewall tab.
- Choose the NAT option.
- In "Static WAN Addresses" put your public IP.
- In "Static NAT Mapping" insert the IP of the local machine that
should answer to the public IP above.
- In "Port Range Mapping" insert the private ip/port that should match
the public ip/port.

That's all concerning FW.

But you'll need more than FW. You'll need to allow the outside
requests to enter your private LAN:

- Under the Firewall tab, choose IP Filtering.
- Add an entry like this:
30000 ppp0 In 0.0.0.0/32 YourPublicIP/32 =0 =80 TCP
 None Allow

The 80 above is the port for HTTP, if you want some other service
insert the corresponding port number.

Good luck

AP