===== DMZ =====

On a sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in FreshTomato, DMZ has a simpler effect. When enabled, all unknown ports on FreshTomato's WAN are forwarded to the defined DMZ host IP address, instead of each being dealt with individually.

Since it opens a large security hole, consider DMZ a "lazy" and potentially dangerous approach to port forwarding. You are advised to use other port forwarding methods before resorting to DMZ.\\   \\ **Enable DMZ**: This turns the DMZ function on or off.

 \\

**Destination Address**: The LAN IP address of the device to receive all these forwarded ports.

 \\

[[https://wiki.freshtomato.org/lib/exe/detail.php?id=dmz&media=c3eb8300c295e4230ec42a93d23e3aeb.png|{{:c3eb8300c295e4230ec42a93d23e3aeb.png?621}}]]

 \\

**Destination Interface**: This is the VLAN/bridge where the above host can be found.

 \\

**Source Address Restriction**: If entered, this limits DMZ activity to the defined source IP address range.

The Default is empty, which means ports from any address/range will be forwarded.

 \\

**Leave Remote Access**: If enabled, this forces SSH (TCP port 22) and HTTP (TCP port 443) traffic to always be answered by the FreshTomato router, regardless of DMZ settings.

\\

 \\