Hi, Martin Thank you for your kind reply. Your interpretation does help for me, thank you. And the idea of putting the dmz in a segment isolated from outside seems to be able to support external access, according to my further investigation, by using Port Forwarding and Proxy ARP Regards Xing Fei > Hi, > > > I am learning about DMZ, I found that some articles define it > > as a public zone protected by a firewall, and in order to be > > accessable from Internet, DMZ needs routable IP (reserved IP > > such as 192.x.x.x can not be used ), while other articles say > > that a DMZ just like another internal private > > network, it just includes all servers such as WWW, FTP, and > > so on, so it > > just open for the private network. > > The interpretation I run into most often is that it's a seperate segment on > a firewall designated to hold servers that should be accessible both from > the internal network and the internet. > > Generaly it's easiest to get this functionality by giving "real" ip > addresses to devices in the DMZ; it is, howeve, not strictly necessary: a > solution that uses some kind of NAT on the firewall to map public IP > addresses to private addresses used on the DMZ can be used as well. > > an interpretation where the dmz is just a segment for servers without access > from the internet seems unusual to me. > > Bye, Martin > - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
