====== DMZ (DeMilitarised Zone) ======

A DMZ (demilitarised zone) is a "neutral zone" between a private network (LAN) and the outside public network (Internet). You are recommended to put your externally accessible servers (e.g. web servers) on a DMZ, to isolate them from your LAN in case they get attacked.

{{:network:dmz1.jpg}}

Machines on the DMZ are protected from the Internet by the firewall, using the same firewall rules as other interfaces. There is no protection / restriction of outgoing traffic, though. PC-s on the DMZ have local IP addresses, but on a different subnet than LAN.

Machines on your LAN (and all interfaces set as “used as: inside") can access machines on the DMZ. **But machines on the DMZ cannot access your LAN!** Thus even if they get attacked, your LAN is still secure.

You select DMZ for a subnet on the [[:web GUI:Network page]].

Read more: [[wp>Demilitarized_zone_(computing)|DMZ]]