Port Forwarding and DMZ Hosting are two ways to accomplish the same thing, opening ports. Where Port Forwarding is selective and specific, DMZ Hosting is indiscriminate and wide open. If you need to open one port or a small range of ports, or even a combination of both, Port Forwarding is the best choice. If the list of ports that need to be opened is long and complicated, it may be tempting to use DMZ Hosting, but it should still be avoided unless the security of the machine in question is not critical. The only time that DMZ Hosting is appropriate, is when it can be used without compromising the security of the network.
Examples where DMZ Hosting might be appropriate:
- Devices like game consoles or webcams with a limited Operating System
- A server designed for that type of an environment (like a proxy server or a server with hardened security)
- Possibly a gaming computer, but it is not recommended (At the very least the computer may need frequent reloading of the OS)
The difference between Port Forwarding and DMZ Hosting is security. While any open port will slightly degrade security, it is possible to maintain a level of security on a network that utilizes Port Forwarding. It is not really possible to keep a network secure using DMZ Hosting unless the network or some of it's critical components are designed for it.
Rules of Thumb:
- Use Port Forwarding as the primary tool for configuring ports.
- Use DMZ Hosting only when it is required.