In some ISP(s) new routers the DMZ option is absent
In this cases I sometimes solve the problem
Redirecting all ports (1-65535) as VirtualPorts
to the intended DMZ machine (Port-Forwarding)
What problems can this promote (DMZ-vs-PortRedirection)
Why do you think ISP(s) are removing the DMZ feature...
it is clearly a most valuable feature for gamers
network administrators and power users
- PS: I put first this question in "Network Engineering" and opted to post also here just to prevent some dude there claiming this is not about network engineering
1 Answer
Using DMZ is a big security risk unless you have a router behind your modem/router.
Usually when this is the case, the modem/router is placed in bridged mode and DMZ is not necessary.
However, opening every single port is only a good thing if all ports forward to a router. If they forward to your pc, then you basically invite hackers to install virusses on your computer and it won't take long before a crypto virus is installed.
ISP's usually don't remove DMZ, but switch to hardware where DMZ simply doesn't exist. DMZ is a good way to test a port forwarding problem, but it is really bad to just work around not being able to open the correct ports.
In the past, people who don't know what DMZ really do and how bad it is to use in a live environment for a longer period of time (unless all DMZ does is forward the modem/router's traffic to a second router) manufacturers have started to disable DMZ because misuse basically causes people who don't know what they're doing to open their ports, which then causes their name to go down because people say: that brand is bad because you get hacked easily with them.
Sometimes it is done to be able to provide a cheaper alternative.
Do note, DMZ is only present in a router. So if an ISP ships a device, the device itself will have to be a modem/router, and not just a modem. A plain modem will do this already, forward everything from the WAN port to the LAN port.
1