separates the private IP network from the Internet by inserting a router between them. The router filters all IP packets passing through.
Bastion
a machine that is placed between the secure and nonsecure network where the IP forwarding is broken, wihch means no IP packet can go through this machine. So only users which have an account on the bastion can use services in both networks. One bastion application would be SOCKS.
Dual-Homed Gateway
combines a screening filter and a bastion. The problem with this approach is that the firewall machine becomes quite complex. If an attacker manages to compromise it, he has access to the entire secure network.
Bastion Behind a Screening Filter
the bastion is protected from external attack by the screening filter. The filter only accepts connections from and to the bastion.
Screened Subnet
a further development from the "bastion behind a screening filter". Here a subnetwork is introduced between the screening filter and the bastion, as a site for application services. This approach is often referred to as demilitarized zone (DMZ) setup. The DMZ is the part between the two firewalls.
