DMZ how safe?

Discussion in 'macOS' started by zalves, Feb 13, 2009.

  1. zalves macrumors member

    Dec 23, 2008
    If I leave my mac set on DMZ on my router am I safe?

    I have that belkin router with the little (and crapy) lcd screen

    and I'm using little snitch
  2. antibact1 macrumors 6502

    Jun 1, 2006
    Is there a reason you are doing this? It's not that you are unsafe, but if a worm is uncovered for OS X you are going to be exposed immediately. Leaving a computer directly connected to the Internet without a firewall is not a great idea. If you are trying to access particular services on your computer, set up port forwarding in your router.
  3. SDAVE macrumors 68040


    Jun 16, 2007
    Yeah just open the particular port you need and use port forwarding as mentioned. Don't use DMZ. DMZ is used on rare occasions. If you enable it, it kind of defeats the purpose of having a hardware firewall.

    Let's say you need ports 12,000 to 2,100

    Just open 000 to 100 and you'll be ok.

    I recommend opening one or two ports though, not that many.
  4. lostngone macrumors 65816


    Aug 11, 2003
    Yes you are safe, obviously the more layers for protection you have the better but if the Mac OS X firewall is on you really have very little to worry about.
  5. ppc750fx macrumors 65816

    Aug 20, 2008
    In theory, yes, if your software firewall is properly configured.

    Still, why? There's not much point (IMHO) in exposing yourself to more risk than is necessary, and this seems like a pretty good example of doing just that.
  6. brand macrumors 601


    Oct 3, 2006
    Correction it should read...

    Just open 12,000 to 12,100 and you'll be ok.
  7. higgalls macrumors regular

    Mar 20, 2008
    DMZ is NOT safe at all.
    What DMZ does is when it is turned on, ALL data that is sent to the router is then forwarded on to that computer regardless of whether it is meant for it or not (the data does go to the computer it is meant to go to also). That computer that is the DMZ'd computer, then can use that data however it is set up to use it (so servers can be set up for this if you don't want to play with port-forwarding on the router).

    Now, yes you can use software firewalls then on the computer, but the problem is that a router uses NAT to address the computers within the local network. Now, NAT provides a huge security advantage as you cannot easily connect to a computer past the router from within the Internet (read how NAT works).
    With a DMZ, it means that someone can easily gain access to the DMZ'd computer as there is no need to worry about NAT as all traffic goes directly to that computer.

    So it is generally advisable NOT to put a computer in the DMZ. Always use port-forwards instead, as that way you choose which traffic goes where, rather than completely opening up the security on your router.

    Anyway, thats the basics of it. Yes it is a huge risk.

Share This Page