1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Definition of DMZ

Discussion in 'Networking Issues' started by techmanblues, Feb 2, 2006.

  1. techmanblues

    techmanblues Network Guru Member

    First of all I would like to apologize for this post because it involves a Netgear router. :whip:

    Does the word DMZ have a fixed and standardized definition?

    Correct me if I am wrong, but this is my take on the word DMZ.

    When I configure my router (any router) to put a particular computer in the DMZ, I should not be able to access any computers that are part of the LAN but not in the DMZ zone. Is this correct?

    Ok, now how about the reverse traffic: can I connect to the DMZ computer(s) from the PCs in the non-DMZ zone? I should because a typical computer in the DMZ zone is a webserver. Therefore, I should be allowed to transfer files from a non-DMZ PC to this server as part of the maintenance process.

    I ask this because I have a Netgear 8 port router where I put a Linksys NSLU in the DMZ zone. I have no problem accessing files on the NSLU from any of the Windows computers that are in the non-DMZ using IE. I can put in files and take out files via FTP. However, the problem arises when I try to the same file transfer using Windows network browsing through XP's Network Places. Basically, there is an error even though I can see the NSLU "computer" icon in Network Places. I simply cannot open it.

    Perhaps I should post this in the NSLU forum, but I just want you people in the General Networking forum here a stab at this before I do so because I want to confirm the definition of the DMZ feature. The router in question is Netgear FVS318 Prosafe router with the latest firmware.
  2. chesko

    chesko Network Guru Member

    I think is normal that you cannot access throug XP's network places since the DMZ must be another network separated of the internal one.

    The DMZ is the area where you tipically put your public computers to be accesible from the outside world. I.E: webserver, mailserver...

    The simplest and most tipical configuration allows any inside computer to reach the DMZ and the outside world. The outside world can access your DMZ but not your internal network. And the DMZ can access the outside world but not your internal network.

    Is like your internal network has a 100 security level, DMZ a 50 security level, and the outside has a 0 security level. You can always go from a more secure area to a less secure one. In the reverse way is not possible unless you configure it: you let the outside world access some ports of your DMZ (i.e. 80 for your webservers), and maybe you let the outside reach your internal netword for some reason (i.e. you permit ssh connections to your internal network to access your computer from anywhere). DMZ should NEVER access to your internal network. So if someone compromises your public computers (the ones in the dmz) he cannot go inside your internal net.

    I hope this helps you and sorry for my bad english.

    Edit: more info about DMZ at http://en.wikipedia.org/wiki/Demilitarized_zone_(computing)
  3. howardp6

    howardp6 Network Guru Member

    DMZ is a an ip address were all ports are open and accessible from the internet. You asssign a fixed address to the NICof the DMZ computer, the DNS servers on the TCP/IP protocol, the subnet mask and the gateway ip address and save you your settings. On your router under gaming you enable the DMZ setting with the ip address of your DMZ computer and save your setting.

    This is done so the computer has full access to the Internet for gaming or anyother application, and all transmission to and from the computer are not monitored by the firewall.

    You should have up to date security and antivirus software installed on your DMZ computer,
  4. SAPo57

    SAPo57 Network Guru Member


    HOLD UP.....so what's the point (in my case) of using a gateway router to enable DMZ on a network router, whre all devices connect to the network router.

    would the DMZ open all application ports to all devices hooked up to the router?

Share This Page