3 dmz host – AirLive IGR-2500 User Manual

3.11.3 DMZ Host

The Demilitarized Zone (DMZ) function provides a way for public servers (Web, e-mail, FTP, etc.) to be

visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN

flooding and Ping of Death). These public servers can still be accessed from the secure LAN.

By default the firewall allows traffic between the WAN and the DMZ, and from the LAN to the DMZ, but traffic

from the DMZ to the LAN is denied. Internet users can access to host servers configured in DMZ Host list, but

can not access to the LAN, unless special filter rules were configured to permit the access by the

administrator or the user who is an authorized remote user.

It is highly recommended that you keep all sensitive information off of the public servers, and store sensitive

information in computers on LAN.

If you would like to grant remote users the right to access one of your computers on LAN to perform some

actions such as Internet games, you must enable the function of DMZ. When remote users access your legal

IP(s), IGR-2500 will transmit these packets to the corresponding virtual IP(s).

(Figure 3-47)

Figure 3-47 Dynamic IP DMZ

46