DMZ and Static NAT
From Wiki of WFilter NG Firewall
1 Introduction
Though "DMZ" and "Static NAT" both can publish local network services, they have differences:
- "DMZ" equals "port forwarding on all ports". Visits to WAN interfaces will be redirected to the DMZ host(except of the excepted ports). Usually, you shall have ONE DMZ host.
- "Static NAT" provides one-to-one NAT for local hosts. When you have multiple static public ip addresses, you can publish different services on every public ip. For example, "3 public ip addresses, IP1 for internet access, IP2 for web server, IP2 for FTP server."
So,
- If you don't have a static public IP, you shall use "port forwarding" or "DMZ" to publish local network services.
- If you have multiple static public IP addresses, you're recommended to add "Static NAT" rules for service publishing.
2 Forwarding and DMZ
- Forwarding: map a WAN port to local host.
- DMZ: port forwarding on all ports.
3 Static NAT
You need to define "Local IP" and choose a public IP.