C6300 v2, port 22 blocked while in DMZ

Question

Cable modem with wifi router model C6300 v2 firmware v1.03.06. IP version 6 firewall disabled.

Tested from outside that port forwarding of 22 and 80 works OK when set up through port forwarding.

Remove all port forwarding and put machine into DMZ. Port 80 is still accessible and port 22 can not be accessed.

Netgear tech support told me this is a known issue that a device inside DMZ has some ports blocked. This is a fake DMZ if it is not wide-open! What is the list of ports blocked while in DMZ, and is this list in some product documentation?

Also, is there a IP version 4 firewall and where can it be found in the (slow) router web interface? There is a IP version 6 setting and it can be disabled.

FURRYe38 · Answer

Something to ask NG to see if there going to fix. If not, then you might want to configure the modem for modem mode only and then connect a external wifi router that has a better DMZ feature.&nbsp;
&nbsp;
Review the user manual for modem features that are included on the modem. Most firewalls are automatic and no seen. Using Port Forwarding or Triggering will configure ports when need thru the firewall.&nbsp;
&nbsp;
Good Luck.&nbsp;

hklo · Answer

Tech support now says ports 22 and 23 are blocked while in DMZ. They claim all other ports are open. From my standpoint, this blocking was done on purpose so I suspect it will not be fixed.

This should at least be in the product documentation, as people make the assumption that DMZ opens all ports. Somewhere is a Netgear product manager who should be doing some 'splaining.

I suppose I will remap ssh to a different port. This is non-standard, so it will cause doc and usage hassles for me and my friends.

FURRYe38 · Answer

I recommened changing the modem to modem mode and finding a external router that you can use and has better DMZ support.&nbsp;
&nbsp;
Good Luck.
hklo&nbsp;wrote:
Tech support now says ports 22 and 23 are blocked while in DMZ. They claim all other ports are open. From my standpoint, this blocking was done on purpose so I suspect it will not be fixed.
&nbsp;
This should at least be in the product documentation, as people make the assumption that DMZ opens all ports. Somewhere is a Netgear product manager who should be doing some 'splaining.
&nbsp;
I suppose I will remap ssh to a different port. This is non-standard, so it will cause doc and usage hassles for me and my friends.

&nbsp;

hklo · Answer

I had thought I was going to save a slot on the power strip by combining functions, but I just learned the hard way that the combined modem + router is not worth the hassles. Separate devices makes it easier to upgrade/swap each function independently.&nbsp;I expect Netgear should publish these gotchas so a purchaser can have an idea of non-typical DMZ implementation (purposeful block of ports 22 and 23). I am to the point of it being worthwhile to purchase low-end commercial gear for residences. The debug hours on the consumer grade gear quickly tears through any savings on the purchase price.

FURRYe38 · Answer

Well I presume the DMZ issue is a flaw on there code and was never addressed since nobody complained about it as we haven't see anyone else post about this issue. The modem is going on 7 years old and NG probably decided that there wasn't alot of traction on this one problem that probably not going to fix it.&nbsp;
&nbsp;
Ya these combo units are ok but do bring out odd problems, especially when ISPs are responsible for FW updates that user dont have access to, so theres a big hassel there if something goes wrong there. Personally I prefer separate units that way I can control what happens on the external router side. As long as the modem unit is working and the ISP is keeping that going, found thats the best way to run modem and external routers.&nbsp;
&nbsp;
Good luck.&nbsp;

Forum Discussion

C6300 v2, port 22 blocked while in DMZ

5 Replies