Re: [TCLUG:11644] firewall packages

[Dave Sherman <dcsherman@uswest.net>]

Okay, sorry for the poor description of my intent. Here's a diagram of what I
have in mind:

|----------|    T1    |----------------|    10bT    |--------------|   10bT  
|------------------|
| internet |----------| other company: |------------| my company's |----------|
hub: connects to |
|----------|          | - router/hub   |            |  firewall    |          |
server and PCs   |
                      | - gateway?     |            |--------------|         
|------------------|
                      | - DNS          |
                      |----------------|

I have the other company's gateway questioned, as I am not entirely sure I need
it configured on my own PCs. But in Windows networking prefs, there is an entry
for gateway, so that is what I have set up. I have not actually tried removing
the entry from my networking prefs. In any case, other than the gateway entry,
their network is totally transparent to my company (well, their workgroup does
show up in our Network Neighborhood and vise versa, but otherwise...). Also, we
are not presently using their DNS server, since we have a dialup account for our
company and we use the ISP's DNS server. However, once we go live with the
firewall, then I will either have DNS on our firewall, or we will use the other
company's DNS. At that point, we will drop the dialup account with the ISP.

Ideally, as far as we are concerned, our lan will seem to be connected directly
to the internet.

The firewall I am setting up requires that any allowed requests (http, telnet,
ftp) made to the IP of our AS/400 be forwarded to the AS/400. No other IPs
(within our lan) will be accessible to the outside world. On the other hand,
users on the lan must be able to access the internet through the firewall. I
plan on using IP masquerading, so that all requests to external internet servers
appear to come from the firewall, and not our PCs on the lan. Just so you know,
the AS/400 will have a valid internet IP, to which we will register our domain.
The firewall will also have a valid internet IP, of course. The PCs just have
10.1.1.x IPs.

If this is still confusing, then it is probably because I am not entirely sure
of my terminology and the technology I am dealing with. I am a programmer after
all, not a network wiz. ;-)

Dave Sherman

Troy Johnson wrote:
> 
> Dave Sherman wrote:
> > Basically, I am just pretending the other company is like an ISP -- they provide
> > the T1 line and a small block of static IP addresses for me to use, and it's up
> > to me to do the rest.
> 
> >From previous emails it seemed as if you were the ISP and they were the
> users, but here it sounds like the other way around. Maybe I am just
> being dense, but could you clarify this situation.
> 
> Scenario #1:
> 
>      10bT       T1
> [T]--------[Y]------[I]
> 
> Scenario #2:
> 
>      10bT       T1
> [Y]--------[T]------[I]
> 
> 
> T = Them
> Y = You
> I = ISP (provider of T1)
> 
> Which is it?
> 
> Good luck,
> 
> Troy
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/O d- s+: a C++ UL/US>$ P++ L+>++++ E- W+++(--) N+ o? K- w++(---) O@ M V? 
PS@ PE Y+ PGP- t+ 5+++ X+ R+ tv+ b++ DI+ D+ G e++(*) h--- r+++ y+++
------END GEEK CODE BLOCK------