Originally posted by alexrd
The answer to this question really depends on your router: Some can do this and some can't. How it is done will, again, depend on the router. The only home router I have direct experience with is the LinkSYS. In their vocabulary you have to set up a "DMZ" machine. Basically, all outside requests (HTTP, SMTP, whatever...) will be directed to a certain host on the internal network.
More sophisticated routers will let you pass different protocols to different internal hosts (ie: mail to the one machine, HTTP requests to another).
Actually, this is not entirely correct. In fact, if you use the "DMZ Host" functionality this way, it can be somewhat dangerous.
The Linksys router is capable of port forwarding (see forwarding under the advanced tab on the Linksys config page) to different hosts based on the port, so it can serve as that "more sophisticated router" mentioned.
I've done this quite a lot in the past, sending SSH traffic to one host, web traffic to another, and so on. The DMZ Host is the "everything else" machine. If, for instance, I have port 80 traffic forwarded to 192.168.1.2, and the DMZ host designated as 192.168.1.60, all traffic
except port 80 will be sent to 1.60. If no forwarding ports are specified, then
all traffic will be sent to the DMZ host, as you say.
This can be dangerous because if the DMZ host is not properly locked down, it is effectively connected
directly to the internet, which kind of defeats the part of the purpose of having the Linksys box in the first place.
The DMZ host setting can serve as a simple workaround for the "tricky" protocols that some apps (especially games) use. For instance, it came in very handy when running an Unreal Tournament server, since it requires something like seven different ports to be open to properly function. But for general use (web, smtp, dns, etc), port forwarding is far safer.