Skip to main content

Documentation Index

Fetch the complete documentation index at: https://otoyinc.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

What is a DMZ?

A demilitarized zone (DMZ) is similar to a perimeter security to securely connect untrusted public-facing nodes to trusted internal network components. It is a standard network architecture feature rather than a service from a single provider. To establishing a DMZ, you must create distinct network segments that separate your private internal data from public-facing services. This is primarily achieved through hardware or software firewalls that manage traffic between three zones:
  1. The Internet (untrusted)
  2. The DMZ (public services)
  3. The LAN (private/internal)
Determine your platform, what brand and model of router or firewall you are using and then refer to their official documentation to establish your DMZ correctly. Examples of major networking and firewall vendors providing instructions on how to segment traffic between Untrusted (WAN), DMZ, and Trusted (LAN) zones:
  • DMZ Host Settings (simple) on RV110W by Cisco for small business routers and enterprise firewalls
  • Cisco’s Subnet DMZ (secure) setups
  • The FortiGate Administration Guide by Fortinet for creating DMZ interfaces and configuring “Virtual IPs” (port forwarding) to map public traffic to your isolated servers
  • Palo Alto Network’s Zone-Based Security documentation for defining a “DMZ Zone” and applying specific security profiles to incoming traffic
If you are using custom firmware or software-based routing:
  • pfSense/OPNsense: These platforms use “Interfaces” and “Firewall Rules” to create a DMZ. Their official documentation (available via pfSense Docs) details how to isolate the DMZ from your LAN.
  • OpenWrt: The OpenWrt Wiki provides a technical breakdown of using VLANs to create a DMZ on consumer-grade hardware.
If you are using a standard router provided by your internet service provider (ISP), they often have simplified “DMZ Host” guides.
Most home routers offer a feature called “DMZ Host.” Note that this is not a true isolated DMZ. It simply forwards all unsolicited internet traffic to one specific device on your main network. For true isolation, use a device that supports VLANs or has a dedicated physical DMZ port.
There are also community forum discussions which offer practical advice on setting up isolated networks and DMZs for self-hosted services.