Public x.x.x.x
Local 192.168.0.1/24
server 192.168.0.2
PC 192.168.0.3
If I want to access server through public IP from PC in local network will it work if I only put server in DMZ? For example HTTP connection. Or should I do NAT translation?
http://wiki.mikrotik.com/wiki/Hairpin_NAT
But introducing a separate DMZ network is much cleaner if you can do that.
DMZ is less secure as you need to strongly secure the whole server you put in the DMZ. Is better to just NAT the ports you need to access from the Internet.
DMZ is significantly more secure as the device that is most likely to get compromised (the server accessible from the public Internet) won’t be on the same subnet as all other hosts secured by benefit of not being accessible at all.
Unless we’re having a definition problem: I’m not talking about a SOHO router DMZ where ALL ports are forwarded to a device on the local network, like D-Link or Netgear routers etc. do. I’m talking about a true DMZ where you have three separate IP networks: WAN, LAN, and DMZ. The LAN can access the DMZ and WAN, the DMZ can access the WAN, and the WAN can access only specific services by merit of an explicit NAT port forward (if you’re doing NAT), and a hole poked explicitly in the firewall. You get the same host protection for the DMZ host as if it was on the LAN, but the LAN is additionally protected from the DMZ host, which is the host most likely to be attacked.
Thanks for the clarification, my mistake
I’m asking about this because I port forwarded (NAT) port x.x.x.x:2022 to 192.168.0.2:22 and I can access server from outside (Internet) but when I try to access server from 192.168.0.3 by public IP (x.x.x.x:2022) it doesn’t work. My question is why?
Read the link I posted as an immediate reply higher up.