What is a DMZ?
"De-Militarized Zone" -- the neutral territory between hostile forces;
the area between two opponents where fighting is prevented.
For firewalls, the DMZ is within the outer screen (like a screening router)
and outside of the inner wall (bastion host with
application proxies).
Sometimes, DMZ networks connect networks and computers controlled
by different bodies.
Often, public servers
(i.e. web, ftp) are placed in the DMZ; and usually the firewall only
allows a few protocols to reach these machines.
By placing these public access servers
on a separate isolated network, you provide
extra security for your internal network. It also can help
increase the internal network throughput
since external traffic no longer appears on your internal network.
What is a a bastion host?
host between Internet and Intranet.