Applying and configuring DMZ in a router

Owners of home Wi-Fi routers can sometimes find that some programs or games work with limitations. In some cases, it is advised to use forwarding in the router. There are several methods of forwarding, each with some advantages and disadvantages. One of these is the DMZ. In most models of network devices, this item is present in the parameters, but not everyone knows what it is and what to use it for. If you don’t know either, this information is for you.

DMZ - what is it in the router

What is DMZ

It is a physical or virtual server serving as a buffer between the local network and the Internet. It is used to provide local network users with e-mail services, remote servers, web applications and other programs that require access to the World Wide Web. To access internal resources from the outside, you need to go through the authorization procedure; an attempt to log in for unauthorized users will not be successful. In most cases, this is a router setting.

Organization of access to services of the corporate Internet

The name comes from the English abbreviation for the demilitarized zone as a barrier between warring territories. This technology is used when you create a home server that must be accessed from any computer with an Internet connection. A true demilitarized zone is used in large corporate networks with a high level of internal security. Home models of routers completely open up the computer to access the Internet.

When is the DMZ used?

Given the openness of the computer, the method is considered quite dangerous, so it is worth using it when other redirection methods do not give the desired result.

  1. For running applications that require opening all available ports. There are few of them, but they do occur.
    Viewing open ports with netstat command

    Netstat -a command lets you know which ports (connections) are open

  2. Home server hosting. Sometimes you need to host a shared resource at home, so this setting will be indispensable for separating the server from the local network.
  3. Using game consoles. In most cases, the automatic configuration of router forwarding allows you to use the consoles to play online without additional manipulation. But in some cases, only the DMZ will give the desired effect.

Setting up DMZ in a router

For the DMZ to work successfully on your network, the router must be configured correctly. It is absolutely not difficult. Log in to the settings via the web interface. Usually, the IP address, login and password are indicated on the router itself or in its instructions. The following algorithm and recommendations represent the general principle of operation.

  1. Depending on the manufacturer, this section can be found either in the “Internet Settings” or “Forwarding” tab.
  2. First of all, in the DHCP server settings, you need to assign a static address to the device on which the server will be organized;
  3. After that, in the DMZ tab, activate the “Enable” item and add the assigned IP address, save and reboot the device;
    Activating the DMZ function
  4. Please ensure that all devices on your network have the latest security updates, as they are at added risk while they are convenient.
  5. For external access, you must have a “white” IP address.

White and gray IP addresses

Later in the article, we present a more detailed guide for various models in order to finally dispel any questions about the precise adjustment of this option.


In the old firmware version, this function is located in the “Forwarding” section, which can be opened on the control panel on the left. To activate, check the box next to the corresponding line “Enable”. After that, don’t forget to save your changes.

Enabling DMZ on TP-Link

In the new version, go to the path “Advanced settings” → “NAT forwarding” → “DMZ”. Then turn it on, enter the IP address of the device and save.


The option we need can be found in the Firewall category. In the light version, it is located in the left area of ​​the working window, and for the dark version, you must first go to the “Advanced settings”.

Then we turn on the function, enter the IP-address (or choose from a ready-made list) and click on “Apply”.

How to enable DMZ on D-Link

Important! Owners of some models may see the “NAT Loopback” option, which provides the ability to inspect packets that are sent from the local network to the outside. We do not recommend using it if you have a weak PC, since during its operation there is a significant load on the processor.


On the left, select the “Internet” section, and then the “DMZ” tab. We activate the function, fill in the “IP address of the visible station” and click on “Apply”.

Enabling DMZ on Asus router

Zyxel Keenetic

New firmware. The device must first be registered. To do this, go to the “Device List” and click on the desired device. In the next window, enter a name and confirm the registration. After these manipulations, your device will appear in the list of registered ones, find it again and open the settings. In the dialog that opens, check the box next to the “Permanent IP address” line. Next, go to “Forwarding” and create a new rule with the following parameters:

  • Check the box “Enable Rule”.
  • Description – any.
  • Login – Enter the Internet connection you are currently using.
  • Output – the name of the device added to the DMZ.
  • Protocol – select the item “TCP / UDP (all ports and ICMP)”.
  • Opening Schedule — Set the mode of your choice, but usually the server is “Runs all the time”.

Changing the firewall rule in Zyxel

Old firmware. In the “Home network” menu (the icon of two monitors), open the “Devices” tab and click on your gadget, which will become the host. In this section, you can also add a device if you know its MAC address. When registering, do not forget to enable “Permanent IP-address”, set the value “Allowed” in the line “Internet access” and save the changes. After these steps, go to the “Security” → “Network Address Translation” section and click on “Add Rule”. Here you need to fill in the following points:

  • Description – your choice.
  • Interface – select the connection through which access to the Internet is implemented.
  • Protocol – there can only be a single value “TCP / UDP (all ports and ICMP)”.
  • Redirect to address – register your server.

Setting up a rule on old Zyxel firmware


V1-3: Enter the “Advanced Settings” and find the host configuration. Drag the slider to the On state and write down the last number of the local machine for which absolutely all ports will be available.

DMZ activation on Tenda router

V4: Go to the “Advanced” tab and scroll down to the “DMZ Host” item, then check the box next to “Enable” and enter the host address.


To get to the port opening menu, go to “Application & Gaming”. Then enable the parameter “Enebled”, in the item “Source IP Address” set the list of those addresses for which you want to provide access to the selected device. We advise you to select “Any IP Address”. Enter the IP or MAC address in the “Destination” line. In addition, by clicking on the “DHCP Client Table” button, you can see all connected devices. Complete the setup by saving the “Save Settings”.

Enabling DMZ on LinkSys Router


Now you know what DMZ is and how it is configured. Usually, it is practically not necessary to use it at home.

Do you use this technology on your router? For what purpose? We invite you to leave comments.

Leave a Reply

Your email address will not be published.