Here is a very broad explantion. The normally is to have a router with 3 nics in it. First nic connects to the internet. second can connacet to internal lan machines and the third will be machine on the dmz circuit. Normally these are server machines that will be seen from the outside internet as machines on the first nic. The dmz is less secure because you allow open ports from the internet to it. On the lan side you very seldom have any open ports (normally never open any ports) to make information as secure as possible on this side.
designed network segments if I understand is usually used in large businesses. They create subnets of class A,B,or C address and divide them into smaller subnets. Look up subnetting for more info. So in a class C address of 192.168.1.0 and using the subnet 255.255.255.0 to define it as a class C you have use of 255 IP from 192.168.1.1 to 192.168.1.255.
Now if divide a class C into smaller segemnts we use 192.168.1.0 with a subnet 255.255.255.224 or same as 192.168.1.0/27. You will have total of 30 ip's to work with from 192.168.1.1 to 192.168.1.30 and use of 192.168.1.31 as broadcast. For the next segment you would use 192.168.1.32/27 which gets you 192.168.1.33 to 192.168.1.63 with 192.168.1.64 as broadcast. Even though both may be on the same network it requires a routing table to allow packets to and from each segment. One seldom divides a class C unless segmenting users from seeing each other.
Items to help in search. iptables, subnetting, firewall, routing, gateway.
Hope this helps out.