Completely Open DMZ?

Question

Normally on our router, we would just specify an IP address and voila, all the ports are completely 
 open to the internet.. This helps us in testing the device and actually we want it exposed to the internet 
 completely.. (think honeypot) or just hardening testing.. 
 
 1 static IP IP (WAN)46.x.x.x eth0 (pppoe) 
 1 local net (LAN) 192.168.1.x/24 behind it.. eth1 
 
 I just want whatever arrives (all ports) @ 46.x.x.x.x wan to be forward to 192.168.1.88 without being molested or touched.. 
 
 Suggestions Welcome 
 Thanks

Emile Belcourt · Answer

Hi K L, 
 There are two ways to do this, one complex but what this system is designed to do and the other is quick fix: 
 
 Bridge an unused interface to your WAN interface and remove the applicable WAN IPs then provide one of those IPs to your server that you want to have direct unfettered access to the internet. There's a teensy bit more but that's the general gist 
 Set up a DNAT in Network Protection > NAT > NAT Tab with the settings of
 
 Source: Internet IPV4 
 Services: Any 
 Destination: Additional Address you want to forward 
 Change Destination to: Internal IP Address of "DMZ" Server 
 Leave Destination port as blank 
 Automatic Firewall rule

What the the second option will do is just forward all traffic to that internal IP address and is the quick fix. I prefer doing the first option as it's much more efficient but is much more complex. 
 One thing to note is that on other appliances that have a "DMZ" setting for devices is just a fancy name for the DNAT option explained in option 2 above :) 
 Emile