From owner-freebsd-questions Wed May 10 18:34:48 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mostgraveconcern.com (mostgraveconcern.com [216.82.145.240]) by hub.freebsd.org (Postfix) with ESMTP id 387E237BAB2 for ; Wed, 10 May 2000 18:34:45 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Received: from danco (danco.mostgraveconcern.com [10.0.0.2]) by mostgraveconcern.com (8.9.3/8.9.3) with SMTP id SAA17947; Wed, 10 May 2000 18:34:42 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Message-ID: <019301bfbae9$1491a9a0$0200000a@danco> Reply-To: "Dan O'Connor" From: "Dan O'Connor" To: "James A Wilde" , "FreeBSD-questions" Subject: Re: Offtopic - DMZ Date: Wed, 10 May 2000 18:32:41 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >Sorry to be off-topic, but I'd like to get the team's opinion of the meaning >of the term DMZ. I've always assumed that this refers to the Internet >Service lan on a triple-homed computer, where the three interfaces are >directed to a) the - hopefully - secure private network, b) the protected >but not fully so IS lan (DMZ) and c) the Internet, where the bad guys are. > >However, I keep seeing references which indicate that people see the >Internet as the DMZ. I can't see that there is anything demilitarized about >the Internet... The definition given on www.whatis.com, "In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a 'neutral zone' between a company's private network and the outside public network...." describes what is more accurately defined as a 'bastion host'... A bastion host is a firewall/proxy server on its own network between two routers. The outside network and the inside network can both talk to the bastion host, but can't talk to each other. And the bastion host cannot *initiate* connections to the inside network. --Dan -- Dan O'Connor On Matters of Most Grave Concern http://www.mostgraveconcern.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message