#科普# 路由器DMZ主机是什么意思?DMZ功能要不要开启?
不少用户发现路由器管理设置后台有一个DMZ主机功能,那么路由器DMZ主机是什么意思呢?DMZ功能要不要开启?本文为你一一解答。
#science# What does router DMZ host mean? Should the DMZ function be enabled?
Many users find that there is a DMZ host function in the background of router management settings, so what does router DMZ host mean? Should the DMZ function be enabled? This article answers you one by one.
What does router DMZ host mean?
DMZ is the abbreviation of "demilitarized zone" in English, and the Chinese name is "demilitarized zone", also known as "demilitarized zone".
It is to solve the problem that users who access the external network cannot access the internal network server after installing the firewall. When the DMZ host is enabled, the computer set up as a DMZ host can be accessed directly from the Internet.
You can build a corporate Web server, FTP server and forum on this computer, and you can access the server you built by accessing the router's IP from the Internet. In this way, while providing services to the Internet, the security of other computers in the family can also be ensured.
DMZ principle
Generally, the network is divided into an internal network and an external network, that is, LAN and WAN
Then, when you have 1 server in 1 physical location that needs to be accessed by the external network, and also accessed by the internal network,
Well, there are 2 ways:
One is to put it in the LAN
One is to put it in the DMZ
By default, the firewall is to protect the internal network, so the general policy is to prohibit the external network from accessing the internal network, and allow the internal network to access the external network. But if the server can be accessed by the external network, it means that the server is already in an untrusted state, then the server cannot (actively) access the internal network. Therefore, if the server is placed on the internal network (through port redirection to allow access from the external network), once the server is attacked, the internal network will be in a very insecure state.
But the DMZ is to allow the external network to access internal resources, that is, this server, and the internal network can also access this server, but the server cannot actively access the internal network. The DMZ is one such area. In order to make the physical location in the intranet, and hope to be accessible by the extranet such an area.
Should the DMZ host function of the router be enabled?
The DMZ host function is enabled, and the computer set as the DMZ host can be completely re-enabled to the Internet. For example, when building a server, you can set the computer that needs to provide services to the outside world as a DMZ host to ensure the security of other computers in the family while providing services to the Internet.
After the DMZ host function is enabled, the external network can access the internal network through the router DMZ function, so it depends on your needs. If there is no need to access the internal network from the external network, it is recommended not to enable the DMZ host function.
路由器DMZ主机是什么意思?
DMZ 是英文“demilitarized zone”的缩写,中文名称为“隔离区”,也称“非军事化区”。
它是为了解决安装防火墙后外部网络的访问用户不能访问内部网络服务器的问题。启用 DMZ 主机后,可以直接从因特网访问设置为 DMZ 主机的计算机。
您可以在这台计算机上搭建企业 Web 服务器、FTP 服务器和论坛等,从因特网通过访问路由器的 IP,即可访问您搭建的服务器。这样在实现对因特网提供服务的同时,还能确保家庭内其它计算机的安全。
DMZ 原理
一般网络分成内网和外网,也就是LAN和WAN
那么,当你有1台物理位置上的1台服务器,需要被外网访问,并且,也被内网访问的时候,
那么,有2种方法:
一种是放在LAN中
一种是放在DMZ
因为防火墙默认情况下,是为了保护内网的,所以,一般的策略是禁止外网访问内网,许可内网访问外网。但如果这个服务器能被外网所访问,那么,就意味着这个服务器已经处于不可信任的状态,那么,这个服务器就不能(主动)访问内网。所以,如果服务器放在内网(通过端口重定向让外网访问),一旦这个服务器被攻击,则内网将会处于非常不安全的状态。
但DMZ就是为了让外网能访问内部的资源,也就是这个服务器,而内网呢,也能访问这个服务器,但这个服务器是不能主动访问内网的。DMZ就是这样的一个区域。为了让物理位置在内网的,并且,希望能被外网所访问的这样的一个区域。
路由器DMZ主机功能要不要开启?
启用DMZ主机功能,可将设置为DMZ主机的计算机完全易重给因特网。比如搭建服务器时,您可以将需要对外提供服务的计算机设置为DMZ主机,以实现在对因特网提供服务的同时,确保家庭内其它计算机的安全。
开启DMZ主机功能后,外网可通过路由器DMZ功能访问内网,所以看你的需求,如果没有外网访问内网需求建议不要开启DMZ主机功能。
