Thread: Virgin SuperHub2 and DMZ setting
View Single Post
  #2   Report Post  
Posted to uk.comp.homebuilt,uk.d-i-y
Adrian C Adrian C is offline
external usenet poster
  
Posts: 2,040
Default Virgin SuperHub2 and DMZ setting
On 15/02/2014 11:09, David.WE.Roberts wrote:
I now have my Virgin SuperHub2 set to accept incoming calls to a DMZ (RPi
running a VPN server).

I used 'shields up' to check what the ports were doing.

Now without DMZ turned on everything is stealthed.

With DMZ turned on Port 22 (ssh) and Post 1723 (pptpd for VPN) are both
opened automatically.

The rest go to 'closed' instead of 'stealthed'.

The opening of the two ports seems reasonable for an instant DMZ, but I am
puzzled why the other ports now show as 'closed'.
AFAIK a 'closed' port will show up on a port scan by 'bad people' whereas
a 'stealthed' one will not.

OTOH is I have 22 and 1723 open the router must be standing out like a
sore thumb anyway.


Don't put SSH in DMZ, use port forwarding with some other chosen number
instead, disable password authentication in SSH (or they'll be brute
forcing that) and enforce the use of private key certificates instead.

DMZ is a bit of a wildcard for web facing services where you don't want
those users also trawling through your local network (hence closed).

Best services of your LAN stays stealthed, and get a bit devious about
the use of 'standard' port numbers.

--
Adrian C

Reply With QuoteReply With Quote