Closed GoogleCodeExporter closed 8 years ago
idea is quite clear, but many users use some client in LAN for simplifying
port-forwards. suggested changes will break that configs.
Original comment by themiron.ru
on 23 Nov 2012 at 1:05
themiron.ru,
You are right - breaking existing configs is bad.
I am suggesting then add a setting under "Virtual DMZ" - "Create real DMZ"
which will block unneeded access to LAN.
What do you think? Would you change the status?
Original comment by golomi...@gmail.com
on 24 Nov 2012 at 4:34
probably it makes sense, please suggest all the traffic rules from/to WAN & LAN
from DMZ host view
Original comment by themiron.ru
on 24 Nov 2012 at 8:29
Suggested rules:
1. DMZ host is allowed to access Internet
2. incoming traffic on all ports and protocols, except those which are set up
in "Virtual Server", is routed to DMZ host
3. Outgoing connections from DMZ host to LAN is PROHIBITED
First two rules are realized in current firmware, the third one isn't. So the
main thing is to allow users configure "Real DMZ" prohibiting all outgoing
connections from DMZ to LAN.
Original comment by golomi...@gmail.com
on 26 Nov 2012 at 2:12
Up?
Original comment by golomi...@gmail.com
on 22 Jan 2013 at 11:01
Original issue reported on code.google.com by
golomi...@gmail.com
on 22 Nov 2012 at 8:35