Re: whether DMZ needs routable IP?

From: XingFei (
Date: Tue Apr 24 2001 - 20:02:42 EST

Hi, Martin

Thank you for your kind reply. Your interpretation does help for me, thank
And the idea of putting the dmz in a segment isolated from outside seems to
be able to support external access, according to my further investigation,
by using Port Forwarding and Proxy ARP


Xing Fei

> Hi,
> > I am learning about DMZ, I found that some articles define it
> > as a public zone protected by a firewall, and in order to be
> > accessable from Internet, DMZ needs routable IP (reserved IP
> > such as 192.x.x.x can not be used ), while other articles say
> > that a DMZ just like another internal private
> > network, it just includes all servers such as WWW, FTP, and
> > so on, so it
> > just open for the private network.
> The interpretation I run into most often is that it's a seperate segment
> a firewall designated to hold servers that should be accessible both from
> the internal network and the internet.
> Generaly it's easiest to get this functionality by giving "real" ip
> addresses to devices in the DMZ; it is, howeve, not strictly necessary: a
> solution that uses some kind of NAT on the firewall to map public IP
> addresses to private addresses used on the DMZ can be used as well.
> an interpretation where the dmz is just a segment for servers without
> from the internet seems unusual to me.
> Bye, Martin

To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to

This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:29 EST