dslreports logo

In the context of simple NAT routers, these terms both refer to a private address to which all unsolicited traffic will be passed. This means that the protection of NAT is removed from that computer, and external hosts can initiate conversations with it (on any port). This definition of "DMZ" conflicts with the more general definition as a section of a network between exterior and interior firewalls where publicly accessible servers are usually placed. A "real" DMZ provides separation of the servers placed within it, and the private network, a "NAT box DMZ," does not.

This feature is present in almost all NAT devices and is used where inbound connections to a range of ports are required and it is impractical or impossible to accommodate them via port mappings. Note that address translation still takes place, so this feature is not a solution to NAT incompatibilities.


Expand got feedback?

by Nick8 See Profile edited by JMGullett See Profile
last modified: 2007-06-05 16:43:07