What's DMZ used for in a home wireless router?
The DMZ is good if you want to run a home server that can be accessed from outside of your home network (ie web server, ssh, vnc or other remote access protocol). Typically you would want to run a firewall on the server machine to make sure only the ports that are specifically wanted are allowed access from public computers.
An alternative to using the DMZ is to setup port forwarding. With port forwarding you can allow only specific ports through your router and you can also specify some ports to go to different machines if you have multiple servers running behind your router.
Please be careful. DMZ in a corporate/professional environment (with high-end firewalls) is not the same as for a home wireless router (or other NAT routers for home use). You may have to use a second NAT router to get the expected security (see the article below).
In episode 3 of the Security Now podcast by Leo Laporte and security guru Steve Gibson this subject was talked about. In the transcript see near "really interesting issue because that's the so-called "DMZ," the Demilitarized Zone, as it's called on routers.".
From Steve Gibson, http://www.grc.com/nat/nat.htm:
"As you might imagine, a router's "DMZ" machine, and even a "port forwarded" machine needs to have substantial security or it will be crawling with Internet fungus in no time. That's a BIG problem from a security standpoint. Why? ... a NAT router has a standard Ethernet switch interconnecting ALL of its LAN-side ports. There's nothing "separate" about the port hosting the special "DMZ" machine. It's on the internal LAN! This means that anything that might crawl into it through a forwarded router port, or due to its being the DMZ host, has access to every other machine on the internal private LAN. (That's really bad.)"
In the article there is also a solution to this problem that involves using a second NAT router. There are some really good diagrams to illustrate the problem and the solution.
A DMZ or "de-militarized zone" is where you can set up servers or other devices that need to be accessed from outside your network.
What belongs there? Web servers, proxy servers, mail servers etc.
In a network, the hosts most vulnerable to attack are those that provide services to users outside of the LAN, such as e-mail, web and DNS servers. Because of the increased potential of these hosts being compromised, they are placed into their own subnetwork in order to protect the rest of the network if an intruder was to succeed. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external network, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients.