On a sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in FreshTomato, DMZ has a simpler effect. When enabled, all unknown ports on FreshTomato's WAN are forwarded to the defined DMZ host IP address, instead of each being dealt with individually.
Since it opens a large security hole, consider DMZ a “lazy” and potentially dangerous approach to port forwarding. You are advised to use other port forwarding methods before resorting to DMZ.
Enable DMZ: turns on or off the DMZ function.
Destination Address: the LAN IP address of the device to receive all these forwarded ports.
Destination Interface: this is the VLAN/bridge where the above host can be found.
Source Address Restriction: if entered, limits DMZ activity to the defined source IP address range.
The Default is empty, which means ports from any address/range will be forwarded.
Leave Remote Access: if enabled, forces FreshTomato to always answer SSH (TCP/22) and HTTP (TCP/443) traffic, regardless of DMZ settings.