RE: whether DMZ needs routable IP?

From: Bene, Martin (Martin.Bene@KPNQwest.com)
Date: Tue Apr 24 2001 - 04:51:58 EST


Hi,

> I am learning about DMZ, I found that some articles define it
> as a public zone protected by a firewall, and in order to be
> accessable from Internet, DMZ needs routable IP (reserved IP
> such as 192.x.x.x can not be used ), while other articles say
> that a DMZ just like another internal private
> network, it just includes all servers such as WWW, FTP, and
> so on, so it
> just open for the private network.

The interpretation I run into most often is that it's a seperate segment on
a firewall designated to hold servers that should be accessible both from
the internal network and the internet.

Generaly it's easiest to get this functionality by giving "real" ip
addresses to devices in the DMZ; it is, howeve, not strictly necessary: a
solution that uses some kind of NAT on the firewall to map public IP
addresses to private addresses used on the DMZ can be used as well.

an interpretation where the dmz is just a segment for servers without access
from the internet seems unusual to me.

Bye, Martin
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org



This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:29 EST