Hi, > I am learning about DMZ, I found that some articles define it > as a public zone protected by a firewall, and in order to be > accessable from Internet, DMZ needs routable IP (reserved IP > such as 192.x.x.x can not be used ), while other articles say > that a DMZ just like another internal private > network, it just includes all servers such as WWW, FTP, and > so on, so it > just open for the private network. The interpretation I run into most often is that it's a seperate segment on a firewall designated to hold servers that should be accessible both from the internal network and the internet. Generaly it's easiest to get this functionality by giving "real" ip addresses to devices in the DMZ; it is, howeve, not strictly necessary: a solution that uses some kind of NAT on the firewall to map public IP addresses to private addresses used on the DMZ can be used as well. an interpretation where the dmz is just a segment for servers without access from the internet seems unusual to me. Bye, Martin - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
