DMZ (DeMilitarised Zone)

A DMZ (demilitarised zone) is a “neutral zone” between a private network (LAN) and the outside public network (Internet). You are recommended to put your externally accessible servers (e.g. web servers) on a DMZ, to isolate them from your LAN in case they get attacked.


Machines on the DMZ are protected from the Internet by the firewall, using the same firewall rules as other interfaces. There is no protection / restriction of outgoing traffic, though. PC-s on the DMZ have local IP addresses, but on a different subnet than LAN.

Machines on your LAN (and all interfaces set as “used as: inside”) can access machines on the DMZ. But machines on the DMZ cannot access your LAN! Thus even if they get attacked, your LAN is still secure.

You select DMZ for a subnet on the Network page.

Read more: DMZ

network/dmz.txt · Last modified: 2010/11/15 13:59 by mats
CC Attribution-Noncommercial-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0