TUX.RE Forum

Posted: **Sun Apr 26, 2026 4:08 am**

What Is a DMZ (Demilitarized Zone)?

A DMZ (Demilitarized Zone) is a separate network segment used to host systems that must be accessible from the internet while keeping the internal network secure.

It is commonly used in server environments and network infrastructure to isolate public services.

---

1. Why Use a DMZ?

If you run services like a web server or mail server, they need to be reachable from the internet.

Without a DMZ:

Servers are placed directly in the internal network
If compromised → attackers may access internal systems

With a DMZ:

Public services are isolated
Internal network stays protected

---

2. How a DMZ Works

A DMZ sits between the internet and the internal network.

Typical structure:

Internet → Firewall → DMZ → Firewall → Internal Network

or in simpler setups:

Internet → Router/Firewall → DMZ + LAN (separated by rules)

---

3. What Goes Into a DMZ?

Systems that must be publicly accessible:

Web servers (HTTP/HTTPS)
Mail servers (SMTP)
DNS servers
FTP servers
Reverse proxies

---

4. What Should NOT Be in a DMZ?

Databases
Internal services
Sensitive systems
Admin workstations

Sensitive systems should always stay inside the internal network.

---

5. Security Concept

The idea is simple:

Internet can access DMZ
DMZ has limited access to internal network
Internal network is strongly protected

If a server in the DMZ is compromised, the attacker still cannot easily reach internal systems.

---

6. Example Setup

Web server → DMZ (192.168.10.10)
Database → Internal network (192.168.1.20)
Firewall allows web server → database only on required port

---

7. DMZ vs Port Forwarding

Port forwarding → exposes one service to the internet
DMZ → creates a separate network zone for public services

DMZ is more secure and scalable.

---

8. Advantages of a DMZ

Improved security
Network isolation
Controlled access
Better structure for servers

---

9. Disadvantages

More complex setup
Requires firewall configuration
Needs proper planning