In the context of simple NAT routers, these terms both refer to a private address to which all unsolicited traffic will be passed. This means that the protection of NAT is removed from that computer, and external hosts can
initiate conversations with it (on any port). This definition of "DMZ" conflicts with the more general definition as a section of a network between exterior and interior firewalls where publicly accessible servers are usually placed. A "real" DMZ provides separation of the servers placed within it, and the private network, a "NAT box DMZ," does not
This feature is present in almost all NAT devices and is used where inbound connections to a range of ports are required and it is impractical or impossible to accommodate them via port mappings. Note that address translation still takes place, so this feature is not a solution to NAT incompatibilities.
by Nick8 edited by JMGullett
last modified: 2007-06-05 16:43:07