Originally Posted by
christcorp
You have to realize, that UPnP, DHCP, etc... was all designed because more and more people are having crude home networks. It's designed so the average person who doesn't know the difference between DSL and cable; or the difference between a router, switch, and hub are able to connect more than one computer or device on their home network. But UPnP and DHCP are never "Better". It's always better to use static IP addresses (Or at least DHCP reservation). It's always better to reserve ports and forward them as needed. DMZ only allows one device to be put into the DMZ. (Which means you have to use a static IP address for that device). It opens all the ports for that one device. Some think the DMZ actually puts the device in the DMZ outside of the firewall. That isn't completely true. It mainly forwards ALL ports to that one item. So yes, if you have items like IP cameras, servers, or other devices that need to be talked to from the outside, then the DMZ can and most likely will cause a conflict.
"Real" networks; such as corporate, businesses, etc... do separate configurations whenever possible. Some with a lot of devices will use DHCP, but they have "Separate" firewalls and networking than what you are doing at home. Technically; there is absolutely no difference between your home network with 3-4 PC's, a printer, a voip adapter, and some sharing; than with a large corporate network. "Technically". Where the difference comes in, is that the larger networks are using separate firewalls, subnets, etc... Therefor, they have more flexibility. But the concept is the same.
The right answer, is for individuals to be willing to learn a little bit about networking. They don't need a degree in computer science. If all you want is for a few computers to share the internet and possibly share a printer, then you will have no problem living in the world of "Plug and Pray" without any port forwarding, DMZ, etc... But if you want to add servers; (Voip counts as a server; so do IP cameras, etc...); basically anything that the outside world talks to inside your network; then the best way to do it, is to learn how to assign static IP addresses; port/port range forward; use a router just for routing/NAT; use firewalls separately (Either separate hardware or individually configured software); etc... It is not difficult. And then, as you add more devices like your PS3 or Roku box to stream netflix, IP camera for home security, a network printer or hard drive that everyone can share without a PC having to be on, etc... you will find that there are less issues and it works much better. Remember; making a network "Simpler" wasn't designed because it's "BETTER". It was designed to sell more to consumers. When PC's first came out, you learned to do most things yourself, or you had to hire a computer geek. Manufacturers sell all in one router/switch/firewall/wireless to sell to the average person and make them believe they can do everything. You can't. But for 90+% of home PC owners, it works perfectly fine. But then again; 90+% of home PC users don't have VOIP as part of their home computer network; they don't have IP cameras; and they don't have servers. And NO, "Digital Voice" phone service from your Cable Company is NOT the SAME THING as voip (As we are using it).
Re: Port Forwarding vs. DMZ & UPnP
Reply With Quote
Bookmarks