Hello,
If all of server are NOT DMZ, then they can be assigned ( used ) Private
IP ?
Okay, DMZ adds a layer of complexity but really has no bearing on the
private IP range.
What is it you are trying to accomplish?
Your DMZ can be behind your NAT box but does not have to be. Some DMZ
setups look something like this:
Internet
|
|
|
v
Border router
| |
| |
| |
v v
DMZ1 DMZ2 DMZ3 ...
|
|
|
v
Internal firewall
| |
| |
| |
v v
Computer1 Computer2 Computer3
So, in this case, you can use either your border router or your internal
firewall as your NAT box. Either will do but the border router might be a
better choice.
Of course your DMZ boxes should be single tasked. Therefore, each should
only have 1 or so ports that are accessible from either your internal
network or the Internet. There is much much more to this though. Like,
your DMZ boxes should not be allowed to initiate connections, especially
to your internal network. There should be no connections coming in to the
internal firewall from the Internet or the untrusted network. Etc...
My means : 