Re: whether DMZ needs routable IP?

From: XingFei (xing.fei@fujixerox.co.jp)
Date: Tue Apr 24 2001 - 20:02:42 EST


Hi, Martin

Thank you for your kind reply. Your interpretation does help for me, thank
you.
And the idea of putting the dmz in a segment isolated from outside seems to
be able to support external access, according to my further investigation,
by using Port Forwarding and Proxy ARP

Regards

Xing Fei

> Hi,
>
> > I am learning about DMZ, I found that some articles define it
> > as a public zone protected by a firewall, and in order to be
> > accessable from Internet, DMZ needs routable IP (reserved IP
> > such as 192.x.x.x can not be used ), while other articles say
> > that a DMZ just like another internal private
> > network, it just includes all servers such as WWW, FTP, and
> > so on, so it
> > just open for the private network.
>
> The interpretation I run into most often is that it's a seperate segment
on
> a firewall designated to hold servers that should be accessible both from
> the internal network and the internet.
>
> Generaly it's easiest to get this functionality by giving "real" ip
> addresses to devices in the DMZ; it is, howeve, not strictly necessary: a
> solution that uses some kind of NAT on the firewall to map public IP
> addresses to private addresses used on the DMZ can be used as well.
>
> an interpretation where the dmz is just a segment for servers without
access
> from the internet seems unusual to me.
>
> Bye, Martin
>

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org



This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:29 EST