1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What's the difference between Static NAT and DMZ configuration?

Discussion in 'Networking Issues' started by SAPo57, Aug 30, 2006.

  1. SAPo57

    SAPo57 Network Guru Member

    I have a router that supports both options and both options seem to work in the same way, but there must be a difference between them since one could only be enabled.

    I know DMZ opens all ports of a device and uses the WAN address of the router.

    Does Static NAT mean the device uses a static IP or is it just like DMZ?

    What are the true advantages and disadvantages of each option, if any?
  2. ifican

    ifican Network Guru Member

    DMZ as you have stated puts a machine somewhat unprotected out on its own. Somewhat because the firewall depending on the device still partial does its thing for limited things. Static NAT again, depending on your equipment works alot more like port forwarding where by it gives you the means to direct limited traffic to particular machines or a single machine. If you have multiple ip's from your ISP static NAT could in essence take on the roll of DMZ because you could tell your router to send all traffic destened for a single outside IP to a single inside IP. In my opinion if your device give you the ability to forward via port forwarding or static nat all the ports you need to do so, i would go that route. But soho devices only give you limited forwarding capabilities. Because if you put a machine in the DMZ and it gets compromised, the only recourse you have is if your router gives you the ability to created vlans and you vlan the DMZ out there by itself. If not your compromised host will be on the same network as your other machines and some can start to get at you from inside your own network which is likely less protected then from the outside trying to get in.

Share This Page