Helping people with computers... one answer at a time.
On a NAT router any unrequested outside connection is blocked. Using the DMZ is a good workaround.
It's a few months ago that I fell in love with Voice Over IP and IP phones. My old but solid Polycom 301 phone does not have a "Keep NAT Alive" option like regular ones do and after some time it seems like my router's NAT blocks ports. Phone rings or calls but no voice either way, just air. Then I need to restart the phone to punch another hole in the NAT for awhile. I was wondering if putting my Polycom 301 IP (I made it static then it does not change by each restart) in the routers DMZ can eliminate this problem and keep all the ports open for it forever. I know that you may have security issues but as much it is only about a phone and not my whole home network, I don't care. They can hack the phone and I can reconfigure it again. There's no credit on my VOIP account.
In this excerpt from Answercast #66, I look at the possibilities of using a router's DMZ to allow outbound VOIP calls through.
Actually I think that's a pretty interesting and innovative solution to the problem.
To clarify for folks who are reading or listening to this, DMZ is an acronym for, "Demilitarized Zone." So, normally what happens on a NAT router is any unrequested, or unexpected, outside connection is blocked by the router. So if a server tries to connect to a computer in your home, and there's a NAT router in the way, it can't get through. The NAT router stops it cold from being able to get to any of the machines on your side of the network.
That's why I keep calling it such a great firewall because it prevents random access from outside agents. If you actually establish a connection from the computer to the server, then the connection can occur, because it was started by someone on your side of the router.
The DMZ is essentially an exception to that rule. What the DMZ is... is the router allows you to specify an IP address of a computer on your local network.
Your local network might be 192.168.0.1 through 25. You may have 25 different computers and they all have these 192.168 addresses. You can then assign, manually, an IP address. Maybe you'll do 192.168.0.254 so it's not something that's gonna ever really, reasonably, be approached by all the machines on your side of the network.
You can configure your device (in this case, the phone) to respond to only that IP address. You're basically giving it a static IP address of .254.
In the router... you then configure the router by saying, "You know what? All these connections, these connection attempts that you've been blocking? The unrequested, unsolicited connection attempts that you've been blocking... don't. Instead, send them over to this IP address: 192.168.0.254 - whatever device is there, it will handle it, or it will know not to."
In a case like this when you've got Voice over IP, it's actually not that uncommon for some protocols to want to initiate a call from outside of your network. If someone using Voice over IP is somewhere else and tries to call you, that, by definition, may be an outside server trying to initiate a contact through your router: from the internet to the inside.
Rather than blocking it, we send it to the DMZ, or whatever's configured for the DMZ.
So, I think it's a fairly innovative solution. I like it.
Like you said, the only real concern is that, you know, maybe someone could hack your phone, but you can reconfigure it. It depends on how smart the phone is, I suppose.
I actually don't see many downsides. The only downside I can think of (and it's a pretty small one) is if you ever actually, later, needed the DMZ for something else. In reality, as many years as I've been doing this, I've never once used a DMZ. I actually have no reason to propose it as a solution for anyone's problem - other than in a case like this where you've got a specific IP based device that wants to be able to receive outbound or incoming connections from the outside.
So, I say, "Go for it!" I say it's a pretty good solution. I don't really
see a downside.
Next from Answercast 66- Shockwave keeps crashing, what can I do to fix it?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.