In this configuration, the only system which has access to the
outside Internet is the bastion host. In turn, the systems on the
internal LAN (nowadays often referred to as the "Intranet") can
only contact the bastion host, or gateway. Both of these conditions
are configured using IP address-based packet filtering in the
routers.
If users connected to the internal LANs wish to use the services
of the outside Internet, they can (eg) telnet to the gateway, and
then use standard tools running on it to access the rest of the
Internet.
An example of such a structure is provided by an electronic mail
gateway. Typically, a mail gateway in the DMZ receives messages
addressed to an alias address, such as:
Phil.Scott@latrobe.edu.au
and delivers the message to an appropriate system and person within
the organisation. The MX type in the DNS is used to support such
mail gateway systems.