Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

zalves

macrumors member
Original poster
If I leave my mac set on DMZ on my router am I safe?

I have that belkin router with the little (and crapy) lcd screen

and I'm using little snitch
 
Is there a reason you are doing this? It's not that you are unsafe, but if a worm is uncovered for OS X you are going to be exposed immediately. Leaving a computer directly connected to the Internet without a firewall is not a great idea. If you are trying to access particular services on your computer, set up port forwarding in your router.
 
If I leave my mac set on DMZ on my router am I safe?

I have that belkin router with the little (and crapy) lcd screen

and I'm using little snitch

Yeah just open the particular port you need and use port forwarding as mentioned. Don't use DMZ. DMZ is used on rare occasions. If you enable it, it kind of defeats the purpose of having a hardware firewall.

Let's say you need ports 12,000 to 2,100

Just open 000 to 100 and you'll be ok.

I recommend opening one or two ports though, not that many.
 
If I leave my mac set on DMZ on my router am I safe?

I have that belkin router with the little (and crapy) lcd screen

and I'm using little snitch

Yes you are safe, obviously the more layers for protection you have the better but if the Mac OS X firewall is on you really have very little to worry about.
 
In theory, yes, if your software firewall is properly configured.

Still, why? There's not much point (IMHO) in exposing yourself to more risk than is necessary, and this seems like a pretty good example of doing just that.
 
DMZ is NOT safe at all.
What DMZ does is when it is turned on, ALL data that is sent to the router is then forwarded on to that computer regardless of whether it is meant for it or not (the data does go to the computer it is meant to go to also). That computer that is the DMZ'd computer, then can use that data however it is set up to use it (so servers can be set up for this if you don't want to play with port-forwarding on the router).

Now, yes you can use software firewalls then on the computer, but the problem is that a router uses NAT to address the computers within the local network. Now, NAT provides a huge security advantage as you cannot easily connect to a computer past the router from within the Internet (read how NAT works).
With a DMZ, it means that someone can easily gain access to the DMZ'd computer as there is no need to worry about NAT as all traffic goes directly to that computer.

So it is generally advisable NOT to put a computer in the DMZ. Always use port-forwards instead, as that way you choose which traffic goes where, rather than completely opening up the security on your router.

Anyway, thats the basics of it. Yes it is a huge risk.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.