DMZplus / IP Passthrough
DMZ mode on many home routers and broadband devices bypasses the firewall with an effective any-to-any
filter. Meaning any IP or port can go to any IP or port. The intent being to let the assigned device placed into
the DMZ handle its own security.
DMZ mode is known as DMZplus on the Pace RG’s 3800, 3801, iNID and newer devices.
DMZ mode is known as IP Passthrough on the Motorola RG’s NVG510 and newer. (note – presently IP
Passthrough hands off a /32 subnet which does not include the gateway IP and so you should manually /
statically assign the IP and subnet mask after it hands it off. A fix for this is scheduled for this.)
For AT&T U-verse this is still the general intent but due to some requirements for the U-verse platform even
when in these modes there are some situations where the behavior will not be what you expect.
This mode will work well for a user placing a PC in DMZ mode. It will work in many cases for a customer
placing their own router in DMZ mode and are not using Static IP’s offered by AT&T’s Static IP Service.
It is recommended however for consistency or if you are using Static IP’s or VPN connections that you not use
DMZ mode and instead create firewall rules / pinholes to allow the ports you need for a device. To some
extent this can be an any to any rule. More discussion on doing this is included later in the document.
Page 3
Comments to this Manuals