In some scenarios, it is necessary to place a server or other box, such as a game console, on the public Internet so all inbound connections on any port can reach it.
This configuration is known as a De-Militarized Zone or DMZ, as there is no firewall protection afforded by the router to the selected IP. It will get all inbound traffic.
In general it is best to create case by case port-forwards, but if the server or console has a wide set of ports that need external access, then a DMZ might be the right thing.
Another scenario where a DMZ config is appropriate is if the target is itself a router with a firewall. So maybe you bought one of the cool mesh wifi solutions, but the Bufferbloat is horrible (and in most cases it is), so an IQrouter placed in front of the main ‘router’ unit and managing traffic solves the BufferBloat, but the other routing, security and convenience features require their main unit to be in ‘router’ mode. By configuring the IQrouter to forward all inbound traffic to it, you achieve the goal.
Regardless of why you want a DMZ configuration, here at the steps:
First, you want to ensure the target device has a fixed IP. You can either configure a static IP for it by configuring it with an address in the static range (by default the IQrouter has 192.168.7.2 through 192.168.7.99 as available static addresses); Or you can reserve the current DHCP-managed address by issuing a static lease as follows:
Log into the IQrouter, then Select Advanced->Advanced
Go to the Network->DCHP and DNS page
Note current IP and MAC address of server your are targeting in the Active DHCP leases list
Click ‘add’ static lease to create new blank entry
Fill in a name (e.g. DMZtarget) then pick the MAC address of the server and for IPv4, pick the IP of the server
Click ‘Save & Apply’ button.
To set the DMZ forward:
Once in the Advanced menu, select Network->Firewall
Click ‘Port Forwards’ tab
Scroll down to the section labeled 'New port Forward' and fill in the fields;
Name = Name of the Port forwarding (e.g : DMZ)
Protocol = TCP, UDP, or TCP and UDP (you want both)
External Zone = The interface which shares your public IP (WAN)
External Port = LEAVE BLANK (or if required, enter: 1024-65535 or a suitable range)
Internal Zone = The interface for your Local Area Network (LAN)
IP Address = The IP address of the device being forwarded to (e.g. 192.168.7.2)
Internal Port = LEAVE BLANK
Click the 'Add' button next the filled out row to add it to the config
Click ‘Save & Apply’ button to commit this change.
When done, it will look like this: