The DMZ (DeMilitarized Zone) is a very specific area of the network where services are provided from in a secure way. In Tomato DMZ has a simplified effect. Essentially when enabled all the unknown ports onthe tomato's WAN are redirected to the defined DMZ host instead of being dealt with. Consider DMZ a “lazy” and potentially dangerous approach to port forwarding.
Enable DMZ: On or Off
Destination Address: Is the actual LAN IP address of the device meant to receive all these requestt
Destination Interfacee: BLAN/bridge where the above host lives
Source Address Restriction: Will limit the DMZ activity to the defined soutce IPs if any. Default is empty and means from anywhere
Leave Remote Access: Is enable will force SSH (TCP/22) and HTTP (TCP/443) to be always answered by the router regardles of the DMZ settings.