A. Terminology
A-2
April
2005
6382-A2-GB20-00
Your machine isn't really directly connected to the Internet, and it really has an
internal local network address. When you provide the server's network address to
others, you actually provide the address of the router. The router fakes the
connection to your machine.
You should use the DMZ when you want to run a server that others will access
from the Internet. Internal programs and servers (like print servers) should not be
connected to the DMZ.
What is a Router?
The Internet is so large that a single network cannot handle all of the traffic and
still deliver a reasonable level of service. To overcome this limitation, the network is
broken down into smaller segments or subnets that can deliver good performance
for the stations attached to that segment. This segmentation solves the problem of
supporting a large number of stations, but introduces the problem of getting traffic
from one subnet to another.
To accomplish this, devices called routers are placed between segments. If a
machine wishes to contact another device on the same segment, it transmits to
that station directly using a simple discovery technique. If the target station does
not exist on the same segment as the source station, then the source actually has
no idea how to get to the target.
One of the configuration parameters transmitted to each network device is its
default gateway. This address is configured by the network administrators and it
informs each personal computer or other network device where to send data if the
target station does not reside on the same subnet as the source. If your machine
can reach all stations on the same subnet (usually a building or a sector within a
building), but cannot communicate outside of this area, it is usually because of an
incorrectly configured default gateway.