Setting a “Public IP” on SM and use the DMZ, i would have the advantage of delivering the client a connection he would have on address 192.168.1.2 (first IP of DHCP) a DMZ and the other only addresses through NAT. With LAN DHCP Server enable.
The same client could redirect your dmz ports if needed.
Is that right?
What disadvantages do you see?
osvaldotcf wrote: Is that right?
Yes, it is.
osvaldotcf wrote: What disadvantages do you see?
No disadvantages. Just note that almost every protocol will work through DMZ, but not all (e.g. some kind of VPN and FTP will fail).
The problem occurs if you install a FTP server or in any way?
Any workaround for ftp?
The FTP/DMZ issue is specifically related to NAT. Early NAT implementations could not do the translation properly since the protocol referenced IP addresses within the data payload (instead of just in the IP packet). I haven’t seen this as an issue anywhere in at least the last 5 years.
salad wrote: The FTP/DMZ issue is specifically related to NAT. Early NAT implementations could not do the translation properly since the protocol referenced IP addresses within the data payload (instead of just in the IP packet). I haven't seen this as an issue anywhere in at least the last 5 years.
What about the costumers who need access FTP servers for upload ou download files, for exemple?
Small webdesigner?
Are you referring to customers who run their own FTP servers or connecting to a third party somewhere on the internet? If you just mean the client, putting their own PC as a DMZ IP would allow them to use Active Mode FTP where the server actually establishes a connection going back to the client. Otherwise Passive Mode FTP (standard these days) works fine with no DMZ or port forwarding.