It seems like if I set a computer up as a DMZ to host, say, a Minecraft server, then I'd still need to port forward.
Otherwise how will the router know which local computer to send them to when they access my external IP?
Asked
Active
Viewed 2.0k times
2 Answers
6
No, DMZ in essence means "forward ALL ports" to X. You should only DMZ a host that you know is very secure as its attack surface is significantly increased. If you need just one or two services open, best to not use DMZ.
Linef4ult
- 3,993
- 19
- 21
0
It depends on how many normal* IPs you have.
- If you only have one IP and use NAT then yes, you will need to forward a port. This is reasonably standard, even on cheap SoHo devices.
- If you habve multiple IPs then just assign a second IP to the computer running the minecraft server. Frm that point on it is routing as normal.
And if you have IPv6 (still not in use everywhere despite being available for 2 decades) then you probably can use thousands of IP addresses. In which case you should check if there is anyone with a minecraft client which still lacks this ancient access. (In which case you need to fall back to the IPv4 options or tell him/her to get with the times).
*Normal as in public IPs, or sometimes called external IPs. Not RFC1918 range IPs which includes the well known 192.168.0.0/16 range.
Hennes
- 65,804
- 7
- 115
- 169