Originally posted by: bighurtx82
Go into your router setting and set the DMZ Hosting to your computer's IP. This will remove the firewall from your computer. This somtimes helps me with sending/receiving files through AIM but not always. Open to any other suggestions.
Are you positive this is how DMZ host works in many/most SOHO routers? I know that's many people's perception of how it works, but I don't recall that experience bears it out.Originally posted by: n0cmonkey
Originally posted by: bighurtx82
Go into your router setting and set the DMZ Hosting to your computer's IP. This will remove the firewall from your computer. This somtimes helps me with sending/receiving files through AIM but not always. Open to any other suggestions.
That wont remove the firewall from his machine. In fact, he never said he was using a firewall :Q
All that will do is forward all ports to his machine cutting out any possible security benefit that NAT would normally provide him. Definitely a hackish fix for a silly problem
Originally posted by: manly
Are you positive this is how DMZ host works in many/most SOHO routers? I know that's many people's perception of how it works, but I don't recall that experience bears it out.Originally posted by: n0cmonkey
Originally posted by: bighurtx82
Go into your router setting and set the DMZ Hosting to your computer's IP. This will remove the firewall from your computer. This somtimes helps me with sending/receiving files through AIM but not always. Open to any other suggestions.
That wont remove the firewall from his machine. In fact, he never said he was using a firewall :Q
All that will do is forward all ports to his machine cutting out any possible security benefit that NAT would normally provide him. Definitely a hackish fix for a silly problem
(I'm not a network guru)
but traditionally, DMZ host means that the firewall does not do any packet filtering for packets destined for the DMZ host.
Hence by bighurtx82 mentioned "disabling" of the router's firewall. Nowadays, ther terms router & firewall are somewhat (inaccurately) interchanged because SOHO routers in effect serve as a (dumb) firewall.
However, transparently forwarding all ports to a NAT'd host is actually quite a different thing altogether. For one thing, unless explicit port forwarding rules have precedence, such a feature would prevent any other listening ports from being forwarded to other NAT'd hosts (to be clear this does not preclude NAT of outbound packets or inbound responses). Furthermore, if DMZ host works the way you described, it should work all the time for virtually any network application. However, I read frequently how DMZ host doesn't work as people expect it to with application X. Hence I believe it is misunderstood or or least implementations vary (standard SOHO routers' documention on DMZ host isn't very descriptive).
Umm, actually I simplified the statement so we don't really disagree here. What I meant is to differentiate between internal hosts behind the firewall and DMZ hosts that physically sit behind the first firewall (on the public interface) but actually receive network packets from the outside world due to policy. You're right that in corporate settings DMZ hosts are filtered as much as possible; if I'm not mistaken typical services allowed (i.e. ports forwarded/packets NOT filtered) would be DNS, SMTP and HTTP.Originally posted by: n0cmonkey
but traditionally, DMZ host means that the firewall does not do any packet filtering for packets destined for the DMZ host.
I disagree. I think firewalls do more filtering for DMZ located hosts than non-DMZ located hosts. Hosts in a DMZ should be as restricted as humanly possible. Maybe this is a misunderstanding on my part though.
Originally posted by: manly
Umm, actually I simplified the statement so we don't really disagree here. What I meant is to differentiate between internal hosts behind the firewall and DMZ hosts that physically sit behind the first firewall (on the public interface) but actually receive network packets from the outside world due to policy. You're right that in corporate settings DMZ hosts are filtered as much as possible; if I'm not mistaken typical services allowed (i.e. ports forwarded/packets NOT filtered) would be DNS, SMTP and HTTP.Originally posted by: n0cmonkey
but traditionally, DMZ host means that the firewall does not do any packet filtering for packets destined for the DMZ host.
I disagree. I think firewalls do more filtering for DMZ located hosts than non-DMZ located hosts. Hosts in a DMZ should be as restricted as humanly possible. Maybe this is a misunderstanding on my part though.
But what I meant is that in the SOHO setting, the router essentially blocks all incoming packets (except for port forwarding rules). DMZ Host would mean that such blocking rules are ignored. Since the typical SOHO router is pretty dumb/limited, DMZ Host is an all or nothing proposition (as you pointed out).
I'm still reluctant to believe DMZ Host transparently forwards all listening ports to a NAT'd host because from what I've seen and read, there are many users with applications that don't magically work when they turn on DMZ Host. And really, such an implementation should work for probably 95% of all network applications.
Personally I think DMZ Host in SOHO routers is not a good idea for most users; explicit port forwarding rules are the way to go. Unfortunately some routers have a small fixed limit on how many port forwarding rules you can use; others (like my Compaq router) don't do port ranging which is a nice optimization for some applications (i.e. Mickeysoft games that use the DirectPlay API for IP gaming use a whole range of ports chosen somewhat dynamically).
Originally posted by: andrewjm
Back to the main question... Ports in aim...
I have tried port forwarding for 5190 and it does not work. I have tried setting it on a diff port and it still does not work. From what I can see, when you do a direct connect, in netstat -an it shows a random port. If you do it again, it's a different, and different everytime. So unless AIM sets it to be behind a firewall, which they MAJORLY need to do, then I don't think it'll ever work. And setting yourself to DMZ isn't safe if you just wanna use AIM. Why have EVERY port go to your pc when you just want to direct connect?