I want to split my digital modem output to 4 different PCs.

I need a 4 node router that will allow me to DMZ ALL 4 nodes.
Most I find only allow you to DMZ ONE node. (yes I will be
using software firewalls on each PC).

Can someone recommend a Router that will allow this?
Or what about a router without any firewall?

TIA
Tony

In article <7hcr03do0bqm9ndtd7qq4qcksh4r4dd76t@4ax.com>,
Tony Martin <garyachangel@ofnospam.org> wrote:

> I want to split my digital modem output to 4 different PCs.
>
> I need a 4 node router that will allow me to DMZ ALL 4 nodes.
> Most I find only allow you to DMZ ONE node. (yes I will be
> using software firewalls on each PC).
>
> Can someone recommend a Router that will allow this?
> Or what about a router without any firewall?

I don't understand what you're trying to do. In the context of home
broadband routers, "DMZ" is a machine that all packets to the modem's
WAN address are automatically forwarded, with no firewalling. So how
would you DMZ all the nodes? You don't really expect it to turn one
incoming connection into 4 connections, do you?

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Sorry I was not very clear. Essentially I want to totally disable the
firewall portion of the router. This should open up each PC on
the router to the Internet eliminating the need to port forward /
trigger etc for the game needs of each PC. As I understand it, then
none of the PC's can be running "servers" on the same port. And, as
long as each PC has a good software firewall, there is no threat.

With the router communicating to four non routable IP addresses
and handeling the addressing I don't see the problem. And yes,
the router would then allow each PC to share the one connection.

In a typical router (like a USR8003) you can DMZ only one node
(turn off any firewalling on it). Then you can effectively port
forward EVERY port (1-65535) on each of the remaining nodes.
It would be easier to just disable the entire firewall in the
router.

I was just told a USR5461 has just such a feature, to disable
the entire firewall portion of the device.

My question is now, does anyone else know of other routers,
perhaps cheaper and without the wireless feature?

TIA
Tony

On Fri, 30 Mar 2007 21:40:47 -0400, Barry Margolin
<barmar@alum.mit.edu> wrote:

>In article <7hcr03do0bqm9ndtd7qq4qcksh4r4dd76t@4ax.com>,
> Tony Martin <garyachangel@ofnospam.org> wrote:
>
>> I want to split my digital modem output to 4 different PCs.
>>
>> I need a 4 node router that will allow me to DMZ ALL 4 nodes.
>> Most I find only allow you to DMZ ONE node. (yes I will be
>> using software firewalls on each PC).
>>
>> Can someone recommend a Router that will allow this?
>> Or what about a router without any firewall?
>
>I don't understand what you're trying to do. In the context of home
>broadband routers, "DMZ" is a machine that all packets to the modem's
>WAN address are automatically forwarded, with no firewalling. So how
>would you DMZ all the nodes? You don't really expect it to turn one
>incoming connection into 4 connections, do you?

Hello,

Tony Martin a écrit :
> Sorry I was not very clear. Essentially I want to totally disable the
> firewall portion of the router. This should open up each PC on
> the router to the Internet eliminating the need to port forward /
> trigger etc for the game needs of each PC.

You're wrong. In the context of SOHO NAT routers, the so-called "DMZ"
feature is mostly associated with the destination NAT (e.g. port
forwarding) feature, not the firewall. Even though you disable all
filtering, a private IP address is only reachable (at least from most
places) thanks to destination NAT. Basically, "DMZ this IP address"
means "redirect all unexpected incoming trafic to that IP address". And
obviously, as Barry stated, you cannot redirect a single unicast packet
to multiple destinations.

On Sat, 31 Mar 2007 12:42:47 +0200, Pascal Hambourg
<boite-a-spam@plouf.fr.eu.org> wrote:

>Hello,
>
>Tony Martin a écrit :
>> Sorry I was not very clear. Essentially I want to totally disable the
>> firewall portion of the router. This should open up each PC on
>> the router to the Internet eliminating the need to port forward /
>> trigger etc for the game needs of each PC.
>
>You're wrong. In the context of SOHO NAT routers, the so-called "DMZ"
>feature is mostly associated with the destination NAT (e.g. port
>forwarding) feature, not the firewall. Even though you disable all
>filtering, a private IP address is only reachable (at least from most
>places) thanks to destination NAT. Basically, "DMZ this IP address"
>means "redirect all unexpected incoming trafic to that IP address". And
>obviously, as Barry stated, you cannot redirect a single unicast packet
>to multiple destinations.

Thanks for the feedback. Ok, I think I understand.

My goal is to be able to use the same client/server software on each
PC in the LAN but not at the same time.

Ok, what about a Router with Port Triggering? Would not that cause the
NAT to redirect to whatever node instigated the connection? Or am
I mis interpreting things I read again? This stuff is not very clear
for a poor layman

BTW, Thanks for you and Barry's patience!

Tony

In article <gojs039kdmlrhcidd6n9qumbdr49746hei@4ax.com>,
Tony Martin <garyachangel@ofnospam.org> wrote:

> My goal is to be able to use the same client/server software on each
> PC in the LAN but not at the same time.
>
> Ok, what about a Router with Port Triggering? Would not that cause the
> NAT to redirect to whatever node instigated the connection? Or am
> I mis interpreting things I read again? This stuff is not very clear
> for a poor layman

Yes, I think that's what Port Triggering is supposed to do, although in
my few attempts a few years ago (with an old Belkin router) I wasn't
very successful in getting it to work as I expected. But maybe newer
routers get it right.

If you say what router you have and what applications you're trying to
get to work, we might be able to give more specific advice. You might
also look for forums and FAQs devoted to the particular applications, as
the users will probably have figured out how to make them work behind
routers.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Ok, I have a Linksys WRT54G Router. I want to use CQPhone
(www.cqphone.com) on all four of my LAN PC's depending on
which PC Im on at the moment. This client/server software
uses UDP Ports 24960,24961 and 24962.

Everything I have researched so far only covers using one PC
on a router (using Port Forwarding).

Any and all input appreciated!
Tony

On Sat, 31 Mar 2007 10:34:59 -0400, Barry Margolin
<barmar@alum.mit.edu> wrote:

>In article <gojs039kdmlrhcidd6n9qumbdr49746hei@4ax.com>,
> Tony Martin <garyachangel@ofnospam.org> wrote:
>
>> My goal is to be able to use the same client/server software on each
>> PC in the LAN but not at the same time.
>>
>> Ok, what about a Router with Port Triggering? Would not that cause the
>> NAT to redirect to whatever node instigated the connection? Or am
>> I mis interpreting things I read again? This stuff is not very clear
>> for a poor layman
>
>Yes, I think that's what Port Triggering is supposed to do, although in
>my few attempts a few years ago (with an old Belkin router) I wasn't
>very successful in getting it to work as I expected. But maybe newer
>routers get it right.
>
>If you say what router you have and what applications you're trying to
>get to work, we might be able to give more specific advice. You might
>also look for forums and FAQs devoted to the particular applications, as
>the users will probably have figured out how to make them work behind
>routers.

Tony Martin a écrit :
> Ok, I have a Linksys WRT54G Router. I want to use CQPhone
> (www.cqphone.com) on all four of my LAN PC's depending on
> which PC Im on at the moment. This client/server software
> uses UDP Ports 24960,24961 and 24962.
>
> Everything I have researched so far only covers using one PC
> on a router (using Port Forwarding).

Hmm... Quoted from CQPhone site <http://www.cqphone.com/problems.html> :

"Tests with popular home type routers (LinkSys, Netgear, Belkin) show
there is no need to configure ports for these routers. It is a common
mistake that people will set up the router port fowarding to the wrong
internal address, so CQPhone cannot work at all. We recommend the port
forwarding be attempted only as a last resort. If you have previously
set the CQPhone ports in your router and still have a problem, try
deleting these ports and run the router totally closed to CQPhone."

From what I understood, CQPhone uses some NAT traversal techniques to
dynmaically open pinholes in NAT devices.

First, I want to express my thanks for the .

Next I want to tell you what is now working perfectly
on my 4 machines on the router previously mentioned.

One machine (.100) has its node set to DMZ in the LyncSys
router. Each of the other three nodes (.101 - .102 and .103) are
all set to Port Forward the required CQPhone ports.

I can now run CQPHONE on any of the 4 PCs and receive or
make calls with voice and video. The only limitation is being sure
only ONE machines is running the software.

My thinking is this should also work with any similar
client server software. I hope this s others.

Cheers,
Tony

On Sun, 01 Apr 2007 11:19:36 +0200, Pascal Hambourg
<boite-a-spam@plouf.fr.eu.org> wrote:

>Tony Martin a écrit :
>> Ok, I have a Linksys WRT54G Router. I want to use CQPhone
>> (www.cqphone.com) on all four of my LAN PC's depending on
>> which PC Im on at the moment. This client/server software
>> uses UDP Ports 24960,24961 and 24962.
>>
>> Everything I have researched so far only covers using one PC
>> on a router (using Port Forwarding).
>
>Hmm... Quoted from CQPhone site <http://www.cqphone.com/problems.html> :
>
>"Tests with popular home type routers (LinkSys, Netgear, Belkin) show
>there is no need to configure ports for these routers. It is a common
>mistake that people will set up the router port fowarding to the wrong
>internal address, so CQPhone cannot work at all. We recommend the port
>forwarding be attempted only as a last resort. If you have previously
>set the CQPhone ports in your router and still have a problem, try
>deleting these ports and run the router totally closed to CQPhone."
>
> From what I understood, CQPhone uses some NAT traversal techniques to
>dynmaically open pinholes in NAT devices.

Tony Martin a écrit :
>
> Next I want to tell you what is now working perfectly
> on my 4 machines on the router previously mentioned.
>
> One machine (.100) has its node set to DMZ in the LyncSys
> router. Each of the other three nodes (.101 - .102 and .103) are
> all set to Port Forward the required CQPhone ports.

Glad it works for you. However I just wonder how several redirections of
the same ports to multiple addresses can be active at the same time.

> I can now run CQPHONE on any of the 4 PCs and receive or
> make calls with voice and video. The only limitation is being sure
> only ONE machines is running the software.
>
> My thinking is this should also work with any similar
> client server software. I hope this s others.

My opinion is that it works because of the NAT traversal feature
embedded in CQPhone, not because of the explicit port forwarding. You
may have less luck with other applications that do not embed such a
feature and require explicit port forwarding (or are just broken by NAT
without specific handling, such as FTP).