As Broadband Usage Caps Expand, Nobody Is Checking Whether Usage Meters Are Reliable
from the what-could-possibly-go-wrong dept
Despite the hype surrounding Google Fiber and gigabit connections, vast swaths of the U.S. broadband industry are actually becoming less competitive than ever. As large telcos like Windstream, Frontier, CenturyLink, and Verizon refuse to upgrade aging DSL lines at any scale, they're effectively giving cable providers a growing monopoly over broadband in countless markets. And these companies are quickly rushing to take advantage of this dwindling competition by imposing entirely arbitrary, confusing and unnecessary usage caps and overage fees in these captive markets.
The benefits of these pricey limitations are two fold: they allow cable providers to not only jack up the price of service, but they're an incredible weapon against the looming threat of streaming video competition. Caps and overage fees make using streaming alternatives notably more expensive, helping to protect legacy TV revenues. But cable operators are also exempting their own streaming services from these caps (as Comcast did with the launch of its own, new streaming platform this week), while still penalizing competitors. This kind of behavior is just one of several reasons why net neutrality rules are kind of important.
Oddly though, you'd be hard pressed to find politicians or regulators from either party that give much of a damn that this massive distortion of the level internet playing field is occurring. Which is why, unlike in other sectors, nobody anywhere is verifying whether ISP usage meters are accurate. As a result, there have been countless instances where users say they've been billed for bandwidth despite their modem being off or the power being out. And numerous studies have indicated ISPs routinely abuse this lack of oversight by overcharging for service.
Comcast has, of course, been at the forefront of imposing these usage limitations and overage fees. And unsurprisingly, consumers pretty consistently state that the cable giant -- already world renowned for historically-abysmal customer service -- isn't tracking usage or billing these customers accurately. Users who were billed for usage while away on vacation have had no real ability to challenge Comcast's meter readings. And Ars Technica documented another user this week who says he battled with Comcast for months over errant meter readings before cancelling fixed-line broadband service entirely:
"At one point, Weaver says he left town for three days and had left his wireless router unplugged, though the modem itself was plugged in. After his trip, Comcast's meter showed that he "used 500GB in three days of not even being home and not having a Wi-Fi network running," Weaver said. He then tried disconnecting the modem for three days and found that Comcast's meter finally stopped counting data usage, he said.
"I have been told no less than eight times that I can rest easy if I would just buy the $50 unlimited data plan," he said. "This whole thing reeks of scam."
In short it goes something like this: lobby to keep the broadband industry uncompetitive, use that lack of competition to impose arbitrary and unnecessary limits that hinder competitors, then charge users $50 more per month if they want to enjoy the same, unlimited connection they used to enjoy. It is a scam, but again, you'd be hard pressed to find absolutely anybody in government that gives much of a damn, despite the ploy's negative impact on competition and the health of the internet. What a wonderful time to dismantle some of the only rules we have protecting consumers from this kind of behavior, don't you think?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: accuracy, broadband, broadband caps, competition, data caps, meters
Companies: comcast
Reader Comments
Subscribe: RSS
View by: Time | Thread
Caps
It will never happen to them since the cable people don't want scrutiny of their behavior.
Must be nice living in a bubble where you are better treated then those you are suppose to represent.
[ link to this | view in thread ]
Is it because the FCC is a toothless bunch of bought and paid for wonks who only consider whats good for the carriers & consumers be damned?
They talk about how the corps are spending so much on upgrading, while delivering speeds less than some African nations.
They lower the speeds we should be getting, so the corps can keep profits high.
They refuse to make them honor agreements where they got paid for promises that they broke, and broke, and broke, and broke.
If there is another carrier within 150 miles of you, even if they won't service your area, you have competition.
Pendulums are supposed to swing back, and considering how far they pushed it this time the carriers are going to scream.
[ link to this | view in thread ]
That is a lot of pings, no wonder there are bandwidth issues.
[ link to this | view in thread ]
[ link to this | view in thread ]
Difference between cable and Internet
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Difference between cable and Internet
[ link to this | view in thread ]
Re: Re: Difference between cable and Internet
[ link to this | view in thread ]
Re: Re: Re: Difference between cable and Internet
Also, note that with cable, the number of streams is decided by the number of channels on the fattest cable package available. With the Internet, the number of streams equals the number of users demanding a stream at that time, and this can easily exceed the number of cable channels, even if all of those streams are for the same program.
[ link to this | view in thread ]
Data discrepancy origin
In my case, there are only two ways to stop it: (1) Get their router a big enough ARP cache that it can remember the same host for more than a few seconds or (2) Get rid of enough other customers on that router that the existing cache is big enough. (1) is an ISP infrastructure upgrade. (2) is either an ISP infrastructure upgrade or a campaign for mass cancellations. Neither is remotely feasible.
[Markdown off because it gets confused by math.]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Difference between cable and Internet
Look at it as the difference between getting your news from listening to the radio (broadcast - the sender doesn't even know you exist, nor whether your radio receiver will be powered on, nor whether you'll be in the room when the radio emits the sound of their transmission) versus reading the newspaper (you get a private paper to read, at your leisure, and you don't need to worry that someone else reading the same article reads faster or slower than you, because they're not using the same paper; they're using a distinct copy of the paper printed with the same contents).
We regulate broadcasts primarily because the transmission technology imposes a cap on how many broadcasts can usefully be sent through a given area before they start disrupting each other. We don't meter them because the design model assumes they're always sending (ignore stations that close down at night).
Internet meters make sense if, and only if, the network is so overburdened that it's impossible to adequately serve all consumers at the level they demand. While the ISPs have done an impressive job at neglecting their networks, demand still hasn't reached the point that the network is sufficiently overburdened that meters are the right solution. Even if they were right, the implementation most ISPs are using is grossly unfair for two reasons. First, as discussed in this article, there's no reason to believe the meter's analysis matches reality. Second, the overage fees are invariably vastly in excess of reason. Considering the nature of typical Internet usage, deprioritizing (not artificially slowing, just moving to the back of a crowded line) burdensome users would be far more fair than any of the things the ISPs have actually imposed (overage fees or, in some cases (particularly wireless), punitively slowing the customer's traffic far more than is strictly needed to ensure other customers get a fair allocation).
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Difference between cable and Internet
Fiber is a completely different beast. It is straight up better than copper for internet access (copper can dual as both internet and phone infrastructure and since phone lines are already installed it saves on installation costs!). Fiber has a much better capacity and has a more upload friendly capacity ratio, is more reliable and is straight up better than copper on almost all parameters. The problem has historically been the cost of installation which was significantly higher than copper per meter once upon a time. However, if you have a choice, fiber is often a no-brainer over copper if you want a better internet connection.
The reason the fiber roll-out has stalled, is the much less infrastructure costly wireless connections. But 4G wireless suffers from capacity issues and less reliability than pure fiber cable. 5G will be a significant upgrade to capacity, but several reliability issues are unlikely to ever be addressed by wireless, unless the tower density is significantly increased or terrain is changed to accomodate the connectivity!
[ link to this | view in thread ]
Re:
Really? When was the last time your water meter was checked for accuracy? I've never known it to happen.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Difference between cable and Internet
[ link to this | view in thread ]
Re: Re: Difference between cable and Internet
I use my Ethernet network to supply the Internet to my various devices, so the differentiation can become blurred to a non-technical dweeb like me.
[ link to this | view in thread ]
One more time.
Disconnect your wireless blocks nothing. It simply disconnects your wireless from the Comcast cable modem. The modem is still connected to the internet, free to hammer with DDoS, telnet port connect (DPT 23), massive old-style W* net-bios looking out there for everybody and anybody to talk net-bios with.
Comcast counts everything. Regardless of whether it goes past the cable modem or not. If you are out of town, the only safe bet is to turn off the modem.
[ link to this | view in thread ]
It's not hard to configure any router that does DD-WRT or OpenWRT to give you a detailed breakdown of traffic. The hard part was always setting up the filter chains to count the right traffic for what you wanted to monitor, and a lot of that was because I wanted to monitor more than just gross traffic for various protocols.
[ link to this | view in thread ]
Re: One more time.
Sounds like fraud to me.
Funny, these same people probably get all worked up about ad blockers.
[ link to this | view in thread ]
If NOT checking them, then how do you know AREN'T reliable?
Rest is just anecdotal fitting your bias against Comcast.
[ link to this | view in thread ]
Re: Re: Difference between cable and Internet
Except that it uses datagrams, not "streams". Usually, those datagrams are part of a stream initiated by the subscriber, but nothing requires it: anyone can send you data whether you want it or not, and if you're billed based on "usage" that's going to count against you. Which means that the guy who "used 500GB in three days of not even being home and not having a Wi-Fi network running" might have been metered correctly—the usage did stop, after all, when he turned the modem off.
[ link to this | view in thread ]
Re: Data discrepancy origin
Junk traffic varies wildly by IP range: "The most extreme case we've observed so far is the address 1.1.1.1, which attracts up to 1Gbps of unsolicited incoming traffic to just that address. But that’s not the only address that stands out from the background. Other addresses also attract large quantities of traffic, But precisely which address and how much traffic is not possible to predict. It appears that the best way to find out just how big or small the problem may be for each addresses is to test them, to see precisely how much traffic it attracts, and whether it can be stopped.
In terms of acting as an unsolicited traffic attractor all IP addresses are not the same."
(Ignore the bit about "whether it can be stopped", because with a consumer ISP's tech support you won't get anywhere near a person who can do that.)
[ link to this | view in thread ]
Re: One more time.
And yet I don't get billed when someone aims a firehose at my house. (And it's rather hard to do that from across the world. For now.)
It's generous of them to not count traffic directed at the modem, when the modem is off. It already used up their bandwidth after all.
[ link to this | view in thread ]
Re:
Do we know how/where they do this? Last time I had a cable modem, I had SNMP-write access to its admin interface (I had to spoof their headend's IP range but the modem was happy to accept those IPs from the "wrong" interface, and everyone had the same password)... and it was easy to reset the traffic counters.
[ link to this | view in thread ]
Re: Re: Re: Difference between cable and Internet
A lot of people don't understand that point.
[ link to this | view in thread ]
Re: Re: One more time.
It's like a cell phone. You pay for incoming calls and text messages whether you wanted them or not. It sucks but that's the way it is.
[ link to this | view in thread ]
Re: If NOT checking them, then how do you know AREN'T reliable?
Oh, right. The only corporations you can't stand are Google and Facebook. You'd suck the left nut off the rest if it meant they get to avoid scrutiny.
[ link to this | view in thread ]
Solution: [Some learning and trial-and-error involved.]
[You'll find instructions for bridging most modems online.]
Now it's strictly a modem without an internet-facing address
of it's own but you can still connect to it's local address.
Your PC will negotiate a public IP address every time it
connects and will be directly connected to the internet
through that modem from now on.
To maintain control of the modem on the same wire you can
have your PC's TCP/IP driver use a local and an internet
address at the same time. Look up "multi-homing" for
instructions on that simple little trick.
Traceroute anywhere and note the IP address of the first hop.
Block that address in your PC, which is now your [infinitely
more powerful] router/firewall. If that suspect IP address
is in the same local subnet as your modem be sure to add
that address to your modem's own little firewall. This ends
the hidden waste of bandwidth. If that breaks things block
only the pings and anything else you see from the suspect
AFTER your PC gets access to the internet. Your PC will
probably resist other abusive ISP traffic by simply not
responding like the expected custom-linux-based modem.
If you want WiFi and/or wired access for more users get a
cheap router and connect any of it's LAN ports into your PC.
[Add an Ethernet card if the PC only had one port.]
Leave the router's WAN or "upstream" port unused and
disable it's weak firewall. Now it's just a simplified,
crashproof high-speed hub between your users and your PC.
Other PCs and laptops in your house can hook up through
your cheap in-house hub and everything's protected by your
PC's stronger firewalls and defenses instead of a mere
company-supplied (always-underpowered) router/modem.
Each user will also have a public IP address and seem to be
directly connected to the internet even though connected to
and protected by your PC. No more port-forwarding needed! ;]
The above isn't exactly simple for a beginner but your PC's
vastly greater processing power makes your connection that
much more reliable. It puts control of your firewalls
and other defenses into your hands with better PC-based
tools you are familiar with and effectively stops the abuse.
[ link to this | view in thread ]
Re: Data discrepancy origin
Also the usage meter in question may lag by 24 hours (or some value in time).
In Australia, 4G mobile data can lag by 2-3 days(!! Thanks Optus!)
[ link to this | view in thread ]
waaaaaaa
We consumers get what we settle for. Instead of biting each other's ankles like crabs in a bucket, we could unite and demand that one ISP at a time stop stealing from us, but NOOOOO. "That's too hard, that's impossible, that's unrealistic." So we settle, and pay increasingly higher ISP bills, while the ISPs sell our personal data (browsing and purchasing stats).
-Make 1 website: ComcastSucks.com
-Have a petition on the site demanding an end to data caps
-Threaten to boycott Christmas shopping online this year
-Boycott every Monday (don't use Comcast at home every Monday) until the data caps are removed.
boycott or bend over
[ link to this | view in thread ]
Re: Re: Re: One more time.
You don't "pay for incoming calls", you pay for talk-time. If you don't answer the call (usually you have caller ID) you pay nothing, and if you do, you're not paying any more than if you'd placed the call yourself (less because there's no distinction between long-distance and local).
So I don't count that as unfair, just undesirable. Charges for incoming texts are unfair.
[ link to this | view in thread ]
Re: Solution: [Some learning and trial-and-error involved.]
Cable modems, and some fiber devices, always have management-addresses of their own. They're not supposed to be internet-accessible, but the large providers ran out of private (rfc1918) IP space years ago, so don't count on that.
This only helps if it's the ISP sending lots of garbage traffic. What ISP does that, and will they actually stop if you block the traffic? After all, you can only block traffic after you've already received it and been billed for it. And it would only work if they send the garbage from "the IP address of the first hop", which is very unlikely. That's probably a router or PPP endpoint; anything but a tiny ISP is going to have a centralized administration network several hops away.
Protected from what? What problem is this the "solution" to? Not metering.
If you want a public IP for each PC on DSL, they'd each have to have the login credentials and your ISP would have to allow multiple logins. (And then your PC's firewall wouldn't be helping, because they rarely look inside PPPoE streams.) For cable, the ISP would have to allow multiple customer devices (usually they'll allow 1-3, but to get the DHCP responses, your PC would have to be bridging, not routing).
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Data discrepancy origin
You say this as though it were acceptable to include such traffic in the capped usage number used to determine billing amounts. One would think it to be more of an overhead category and be included in the base rate rather than pretend it to be actually driven by usage and therefore subject to charge.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: One more time.
Wired internet service is not the same as wireless service.
So, no ... it is not like that at all.
They have a base rate and add over cap charges. Including all traffic in those numbers is fraud. For example, much of the background traffic that occurs regardless of whether you are "online" or not is received by everyone and gets added to everyone's accumulated usage and billed is then accordingly. This is ok with you? What about the incorrect meters that charge incorrect amounts .. is that ok too?
[ link to this | view in thread ]
Re: Solution: [Some learning and trial-and-error involved.]
This is not something to do if you do not have a DMZ set up with a good firewall as it disables NAT (network address translation).
How does this stop the isp from charging you for packets you had nothing to do with?
[ link to this | view in thread ]
Re: waaaaaaa
Those are some really good suggestions you have there - have you done any of those things yourself? That will certainly put an end to all their nefarious activities won't it? I'm sure they are quaking in their boots right now.
Your exuberant use of the word "we" is quite entertaining.
[ link to this | view in thread ]
It's the same thing as a DMZ but opens up access for all
your users instead of just one. Your PC becomes your vastly
more powerful firewall working transparently between your users
and the internet. The best part is it gives you total control
over a far stronger firewall than the weak, company-supplied router.
It also gives you the ability to stop background shenanigans
between modem and CO equipment that was inflating bandwidth
counters and wasting bandwidth you had already paid for.
Now you can see and stop it with your PC's firewall and can
disable services on your PC you aren't using [and they were
exploiting on the modem to pad bandwidth counts.]
You get all your bandwidth back and total control to boot. ;]
[ link to this | view in thread ]
Re: Re: Re: Re: Difference between cable and Internet
A lot of people believe that it is wrong to charge customers based upon that rather questionable method of measurement, these people do in fact understand that ... quite thoroughly. What is to stop an ISP from blasting all its customers with crap packets just to jack up the charges? Nothing. What do they do when called out on it? They pay trolls to post silly rationalizations on various blogs attempting to gloss over the huge bullshit mountain they have created.
[ link to this | view in thread ]
Re: Difference between cable and Internet
Are you trying to be funny? Because this is funny.
[ link to this | view in thread ]
Re: Re: waaaaaaa
Thanks for your support.
[ link to this | view in thread ]
Re:
Where do the ISPs accumulate your usage? You think it is in your "router"? What would they do if they no longer have access to said accumulator?
[ link to this | view in thread ]
Re: Re: Re: waaaaaaa
My suggestion (you missed it apparently) is to stop blaming the victims.
[ link to this | view in thread ]
Re: Re: Re: Re: waaaaaaa
so you'd rather shoot (or bite) the revolutionary, than stand for change--AND--you have no suggestions to end the arbitrarily higher ISP billing rates. You, sir, are 0 for 2.
kiss your knees while you're bent over
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Difference between cable and Internet
[ link to this | view in thread ]
Re: Re: Re: Data discrepancy origin
Most ISP's require that you accept their terms in order to use the service. So, yeah, you probably accepted it.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: One more time.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Difference between cable and Internet
[ link to this | view in thread ]
Re: Re: Re: Re: One more time.
So does my cell phone.
Nothing in comment said it was OK. Why is it OK with you for phone companies to do it?
[ link to this | view in thread ]
Re: Re: Re: Re: Data discrepancy origin
[ link to this | view in thread ]
Re: waaaaaaa
Go ahead. Oh, wait, you just like to tell other people what to do, eh Chip?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: One more time.
So they are the same then ... exactly the same - lol
[ link to this | view in thread ]
Re: Re: Re: Re: Re: waaaaaaa
"You chose to be a victim"
No I didn't, perhaps you could explain how that works
Same old tripe huh. you must be the life of the party
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Data discrepancy origin
[ link to this | view in thread ]
Re: Re: waaaaaaa
[ link to this | view in thread ]
Re: Data discrepancy origin
Then, out of the blue, one day, it just stopped. For now.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Data discrepancy origin
Why do you make excuses?
Yeah, I was dishonest ... are you that silly?
Yes, it is all my fault - I see the light.
[ link to this | view in thread ]
Re: Re: Data discrepancy origin
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Data discrepancy origin
[ link to this | view in thread ]
inbound traffic to a particular IP address. It is generally
used by knowledgeable users who wish to use P2P and other
online-intensive apps without having to constantly babysit
the router by adding port-forwarding rules in order for
those apps to function properly. What I outlined above
does away with all that by shifting all the router
functions away from the company-controlled modem and into
the PC connected between it and all your users. Essentially
you designate your whole network a DMZ while simultaneously
giving you [presumably the most advanced user] total
control over all of it. From there, you can easily protect
everyone simultaneously by simply protecting your PC
because it has replaced that modem as your main gateway.
You could optionally put some users behind NAT but it's
much easier on everyone to just manage one firewall.
ISP bandwidth counters always reside on the ISP Central
Office Equipment, not the Customer Premises Equipment.
[Their modem, not yours, so nobody can deny them access.]
What you are taking away from them is the ability to abuse
the Customer Premises Equipment to conceal nonessential
internet traffic waste to deliberately [or "accidentally"]
inflate your bandwidth usage count on their Central Office
Equipment counters without letting you use all the bandwidth
you already paid for.
They can't complain because you did nothing to equipment
under their legal custody and it's legal for you to configure
equipment in your custody as long as it doesn't knock
anybody else offline. They can't complain of "stealing"
access either because you didn't generate an entirely new
internet account or connection. All they lose is a low
level bandwidth service fraud scam, which they don't dare
complain about because never stopped paying your bill. ;]
[ link to this | view in thread ]
own IP address disappears, leaving only your PC visible on
the net. They can't even ping it because it functionally
is nothing more than a peripheral of your PC at that point.
Now that it's literally out of the way all the previously
hidden garbage traffic becomes visible to your PC and, in
addition to blocking it your PC doesn't have to respond to
it, thus ending all the back-and-forth traffic which was
inflating the bandwidth count. Once your end stops
responding with these various nonessential services and
protocols, their end also slows down to just the occasional
ping or probe. That's how the problem is easily solved.
Note that this does nothing at all to impair their metering,
which in itself is a lawful and acceptable practice, but what
it does do is effectively eliminate all that [surely "unintentional"]
traffic from wasting your bandwidth and padding the counts. ;]
As for IP addresses, your PC was bridging to begin with.
If you have more users than automatically provided IP
addresses it is easy to enable the built-in router service
on your PC to act as a NAT for additional users, and the
users wouldn't have to do a thing because, to them, it
would just work as usual.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Data discrepancy origin
[ link to this | view in thread ]
Re:
inbound traffic to a particular IP address. "
A DMZ is more than just a setting on your "router", perhaps you should investigate.
Most security experts (I am not an expert) recommend keeping NAT in place. If one needs additional capabilities, the creation of a DMZ is recommended while keeping the NAT in place. A well constructed firewall placed within the DMZ will provide security over and above that of the ISP provided router/modem - whatever they like to call it.
I'm curious, what is a bandwidth counter?
Many ISPs claim to have methods of usage measurement, but I do not think the units of measure would be in bandwidth (MB/s) - usage would be represented by a simple quantity like MB.
What you describe would be easily hacked and certainly susceptible to all sorts of worms.
[ link to this | view in thread ]
Re: Re: Re: waaaaaaa
[ link to this | view in thread ]
My dad was a plant tech when DSL rolled out and I signed up.
What I described above is doing precisely that by applying
a DMZ over your whole home network and using a designated
PC as a gateway/firewall with far superior capacity than
those typically underpowered ISP-supplied routers.
I started doing it because they can't handle my traffic.
The modems are fine but all cheap routers are too weak. ;]
You are right that ISP bandwidth meters are simple counters.
They are unhackable as they are on the CO side, available
to plant techs or specific, whitelisted proprietary consoles.
Worms and most any internet malware on your own computers
and devices would certainly waste your bandwidth but are
less likely to affect the proprietary equipment of an ISP.
That's another good feature of bridging through your own
gateway. Such malware can't waste much of your bandwidth
without you being able to detect it.
[ link to this | view in thread ]
Re:
No - the host(s) you are protecting do not go in the dmz, as that sorta defeats the whole purpose of the dmz.
[ link to this | view in thread ]
NAT in effect even though you are also protecting everything
transparently with more powerful firewalling through your PC.
Think of as getting the best of both situations, much higher
performance by getting a weak router out of the way and
improved protection of more powerful firewall software.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
There are more than one type. This simply moves the LAN
from the inside, NAT zone to the DMZ which is still firewalled
but has full internet access with public addresses. It is very
useful when everyone uses P2P or has a lot of traffic.
That makes it a simplified type of single-firewall DMZ with
the whole LAN included and your PC is both gateway/router
and firewall. It also is much easier to manage, being a
single zone.
If you want to add a zone of users behind NAT you can add
another router and plug it's WAN port into the hub you
built your DMZ around, resulting in a single-firewall DMZ
with two zones. By activating the second router's firewall
you get a typical double-firewall DMZ. I would use the
second zone only for light users and simple devices because
such routers can't handle heavy traffic
[ link to this | view in thread ]
Article
[ link to this | view in thread ]