nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

DMZ query

rockstar81

I am trying to get my head around something and don't know if I have over thought it or had a brain freeze.

If you have one public IP for your network and then multiple services in your DMZ all with private IPs how could people outside on the Internet connect to them? Is it port forwarding that allows this?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

RouteMyPacket

rockstar81 wrote: »

I am trying to get my head around something and don't know if I have over thought it or had a brain freeze.

If you have one public IP for your network and then multiple services in your DMZ all with private IPs how could people outside on the Internet connect to them? Is it port forwarding that allows this?

Think about that for a moment, regardless of it's location (Inside/DMZ) what is required for something to be reachable from the Internet? If I want to present a service/server to the Internet for public access, what do I need? You've already mentioned it

rockstar81

Public IP.

So if you had just one public IP but wanted multiple services to be available all through that 1 address is it possible?

Priston

Network address translation - Wikipedia, the free encyclopedia

Port forwarding - Wikipedia, the free encyclopedia

apr911

Picture it like this... You live in an apartment. The protocol is your Mailman, Your IP address is your street address, Your Port Number is your apartment number.

You need all 3 to have mail delivered to you. If you have no mailman than traffic never leaves the post office. If you have no IP than the mailman doesnt know where to bring the traffic to. If you have no port, the traffic gets to the right building (your router/firewall) but it never reaches you (your specific internal node), unless you tell your firewall/router to send all traffic of a specific protocol type to you such as in a static NAT with multiple public IPs.