Hi to all...my internet provider does not allow me to connect more than 5 devices at the same time...so I bought a Linksys WRT 1900 ACS v2 but I can not configure it. I had thought to connect the Linksys router to the provider's modem (LAN-WAN connection), put the router in DMZ on the provider modem, then connect all the devices to the Linksys router...in this way the provider modem would only see ONE connected DEVICE (the Linksys router), it's right? Second problem: I have to connect to the Linksys router two devices that could use the same ports (they are two asic for crypto mining), do I have to buy a switch too? Or can the Linksys router do this function? Excuse me, I'm networking newbie
Basic idea Sounds fine so far, if you mean both asic devices need to be available for incoming connections on the same public IP address and port combo then yes you have a problem. But if you can have one registered to a different port then it's no problem.
The router has an internal switch with 4 Ethernet ports. If you have more than 4 wired Ethernet clients, then you would need another switch to be able to network them all.
Do these devices really need incoming connections? Opening a port to the Internet is not something to do unless you really have to, since it's a security risk.
In order to send incoming connections to two different but similar devices, you would need to define two ports on the Internet. You only have one public IP address so you have to use different ports on the public side to select a device.
When you forward a port through the firewall, you can translate the port number. So you can have the two devices using the same port number (but different IP address) on the LAN, and the same IP address (but different port number) on the Internet side.
Reserve DHCP addresses for the two devices in the router, since the firewall has to be configured by IP address not by names.
A WAN facing router should never be placed in DMZ, as that defeats the purpose of the router (i.e. to firewall WAN from LAN), exposing any and all traffic directly to WAN. Modems only come with a basic DHCP server, not a firewall.
I'm a bit perplexed by your setup, as the whole point of masquerading the WAN port is to ensure only 1 device is seen WAN side by the modem: the router.
I think the point here is that he's bypassing the functions of the ISP modem, often there is no bridge mode and a DMZ is the only thing you can do to give the router a close to "real" WAN connection
1 Like
How configure the connection internet on router Linksys? As DHCP?
Yes, both asic devices need to be available for incoming connections on the same public IP address and port...how can I solve?
@hollywood_jack : If you really need to expose 2 devices on same public facing IP + Port pair (like for example web servers), you need something like a load balancer to round robin the requests to each backing server. Otherwise, as @mk24 says you would have to use NAT (network address translation) to map each device's IP + Port to a separate WAN facing Port to listen for requests from the internet.
However, from a security standpoint it sounds like a really bad idea to expose ASIC miners on public WAN interface at all.
What service runs on these that really needs to be accessible from the public internet? My guess is: nothing, therefore don't bother exposing anything.
I think the port they use is only out because it's a port on the address they're going to mine, that is something like this: sumokoin.miner.rocks:5555
Not if you're referring to the TTL of packets entering/exiting the router. If you mean - as in the ISP only seeing one device connected to the ISP's interface, then yes.
1 Like
Outbound connections to the same address and port are already handled by usual NAT that requires no additional configuration. Only inbound connections require configuration.
1 Like
But will my ISP see only one connected device or all the devices? Because my ISP does not allow me to connect, at the same time, more than five devices to the internet
That limitation is probably being imposed by their provided modem / router refusing to serve more than LAN 5 IP addresses. Your router counts as only one device to it.
NAT makes it look like all of your Internet access is coming from one device running many different applications, and/or several instances of the same application. Even though internally on the LAN, several devices may be involved.
2 Likes
Ok...thanks 
@hollywood_jack Out of curiosity, have you asked your ISP to disable the router functionality in the modem/router combo (as most ISPs will do so if asked)?
What do you mean by "router functionality"? The functionality that allows max 5 devices connected at the same time? If is this, yes I asked but they told me it's not possible...in Italy ISP are really bad 
I'm confused... do you have a modem/router combo from your ISP?
- If not, I'm confused as to why you believe you need a DMZ, since the point of masquerading the WAN port is to allow the modem to only see the router and no downstream devices.
- If you do, and they will not disable the router functionality, a double NAT setup would be required and preferred over a DMZ, selectively forwarding ports for the small amount of devices that need ports forwarded (i.e. you would need to forward the ports from the ISP router's WAN interface to the RFC1918 IP assigned to the OpenWrt router's WAN interface).
- Placing the router into a DMZ essentially makes it a smart switch with no firewall between WAN <-> LAN
1 Like
I have a modem from my ISP with 4 LAN cable and wifi...this modem is locked in almost all its features (but on ISP modem I can disable the NAT and firewall)...I bought a router, a Linksys WRT1900ACS for connect more than 5 devices at the same time
Placing the openwrt router (WAN) port into the modem DMZ doesn't disable the openwrt firewall, nor make it a smart switch. It just forwards all the ports to the router so that the router can be in charge of the routing. It essentially turns a double NAT situation into a pseudo single NAT since the ISP device won't alter port numbers just address.
2 Likes
My understanding is that "DMZ" is a simplified configuration that forwards all 65,000 external ports toward one IP on the LAN. The port numbers are not changed.
If you truly disable NAT on the modem you should get the public IP directly via DHCP to your router, and you can accept incoming connections directly on that.
1 Like