[Hambuga]

hi, i previously posted a thread on how to disable the firewall in my router. I did as told by going to security when accessing my router then to firewall. I disabled the "SPI Firewall Protection" and unticked any filters. I also unticked the "Block anonymous internet requests". I understand the risks but its okay since i have a good firewall. At first this method worked and nothing was blocked, but later my bitcomet and other stuff became blocked again! So the only method that works for me is DMZ even when the firewall is off. wat does this mean! I dont want to forward ports all the time and do the usual routine. I want this whole firewall thing to be gone!
Wat do i do ?

thanks.

[Hambuga]

forgot to mention, my router is LINKSYS WAG54G2 Wireless ADSL2+ Gateway

[JohnWill]

If you remove the NAT layer, you also remove the routing function. Since the DMZ works, what's the exact problem?

[Hambuga]

well since the dmz only works for one pc. i got 3 pcs at home and i want them NAT free.

[JohnWill]

You need three public IP addresses if you want to run three machines. Open the wallet, because the ISP is going to charge you for that capability.

[Hambuga]

ok but why doesnt turning off the spi firewall do anything???

[zx10guy]

There are a couple of concepts you're not understanding here. First the SPI functions and firewall are all related to network security. The firewall has set rules under which it will allow traffic to go in and out of your private network.

The NAT function or network address translation is used primarily to allow people to run multiple private devices all with unique IP addresses behind a single or pool of public IPs. In a typical home user situation, home users will only get one public dynamic IP. The NAT function of many routers is to allow a range of internal private addresses to hang off of this single IP. NAT is a confusing subject for those who get into higher level networking. In the Cisco environment, the NAT commonly used is really a PAT or port address translation. Routers keep track of sessions by keeping a port table. Because by the very nature of TCP traffic, the client initiating a session is going to grab a random high port. This port is then kept in the session table which allows the router to direct the return response back to the appropriate internal IP address. When you have multiple internal IPs sharing a single public IP, this is called NAT overloading.

So really, when you turn off SPI, you're not doing anything to how the router is routing traffic. As John has indicated, if you want to front multiple devices directly to the internet, you're going to have to purchase multiple public IPs from your ISP...if this is even an option.

[Hambuga]

pfft... ok.. so my only method is just dmz right ? damn... this is breaking my ballz

[Soundy]

If your router, PCs and software all support UPnP (Universal Plug'n'Play), it can help in some port-forwarding situations by essentially allowing the computers to create their own routing tunnels. You mention Bitcomet, for example - it supports UPnP, if you're running it on XP or later versions of Windows. From the Bitcomet site: "Auto Config UPNP port mapping in router (UPnP support is required in router, Windows XP is required)."

[Hambuga]

ya they all do support upnp now how do i get this done

[Soundy]

Make sure it's enabled in your router; make sure the UPnP service is running in Windows (for XP, right-click My Computer, go to Manage, then to Services, and check that the service is Started and set to Automatic), and make sure the option is enabled in Bitcomet. Other torrent clients I've used (Shareaza, utorrent) will test for UPnP operation and let you know if it is or isn't working.

[JohnWill]

It would help to know specifics of why the DMZ access is required here.