From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: Thu, 17 Jun 2004 10:13:44 +0100
"Leythos" <email@example.com> wrote in message
> In article <LBTzc.29$M93.firstname.lastname@example.org>, abuse@
> [127.0.0.1] says...
> > A better argument (based on the assumption that running anything other
> > firewall software on a firewall is A Bad Idea(tm)), is that a generic
> > *nix box can be more versatile, by including things like DMZ routing
> > functions.
> Actually, a lot of firewall appliances have three networks, the public
> side, the trusted side, and the DMZ. Many of the smaller firewall
> appliances (not the cheap routers) are now including this same three
> port design. Some of the cheaper ones give you the ability to direct all
> DMZ traffic to a single IP (not an ideal solution) that you can do
> anything you want with (attach a router/nat and you have another
That's a new one on me (leaving aside Light units running IPcop) - all of
the SoHo routers I've seen have what they call a DMZ, but is really just
default port forwarding.
(Sorry for being picky - for me, a DMZ is a separate, isolated, LAN segment
between the outside world and the private LAN. It's very well firewalled on