dmz?
- Thread starter quackers
- Start date
Soldato
- Joined
- 20 Jan 2004
- Posts
- 4,128
- Location
- Fife
On ADSL lines, with a single IP address, then NAT with portmapping is the best way to provide 'servers'.
On an SDSL or a proper E1, T3, OC3 ... etc etc etc network, with multiple 'real' IP's a DMZ can be handy. But that still leaves the servers open to public attack. Generally a better idea to hide them behind a firewall with carefull control of which ports are actually open..
One thing that is often in a DMZ is an ISP's dialup/broadband pools. Afterall they never know what ports their customers might want. So you dont want them to try and firewall your internet connection.
some 'cheap' broadband providers do actually firewall to prevent their customers from running common services.
On an SDSL or a proper E1, T3, OC3 ... etc etc etc network, with multiple 'real' IP's a DMZ can be handy. But that still leaves the servers open to public attack. Generally a better idea to hide them behind a firewall with carefull control of which ports are actually open..
One thing that is often in a DMZ is an ISP's dialup/broadband pools. Afterall they never know what ports their customers might want. So you dont want them to try and firewall your internet connection.
some 'cheap' broadband providers do actually firewall to prevent their customers from running common services.
dovey said:
Actually the DMZ option on a regular home router is quite different to the real firewall definition of a DMZ.
On a home router, whatever you specify as the DMZ will simply have all traffic sent to it regardless.
On a decent firewall, a DMZ is a seperate zone for servers and other kit that need to get, say, access to the Internet without ever having to touch your internal network for security reasons.