I think I may have found the answer to my own question but would just like the opinion of someone who actually knows about this sort stuff as oppose to just Googles the specific thing he's having an issue with until an answer that works comes up (i.e. me).
I have a machine (currently a RaspberryPi but soon to be a rack machine running Ubuntu server) that runs runs a Minecraft server for my kids and their friends. This requires outside access to couple of ports and the way I have always done it is to forward the two ports and stick the machine in a DMZ. I've been doing some more reading as.....
The next step with the Ubuntu rack server running Minecraft in the DMZ is to relay status messages to the RaspvberryPi (inside my LAN) which would then be displayed on a small LCD below the TV. This would obviously contravene one of the principles of the DMZ as I understand them in that I would be wanting for a machine in the DMZ to initiate traffic to inside my network (as oppose to the otherway round). Because of this I started to look at ways round this to find that the DMZ just has every port open to the world as oppose to port forwarding which just has the ones I specify open with the added of protection of being behind my router's firewall. If this is the case then it would be both safer and easier to programme if I keep both machines behind the firewall with just the required two ports open on the rack server.
My question is therefore, am I better off not using a DMZ at all if my specific application can run on specified ports (it does they are fixed for Minecraft and the map server that I use) from behind the router just using port forwarding?
