Re: [TCLUG:11644] firewall packages

[Callum Lerwick <lerwick@tcfreenet.org>]

> The firewall I am setting up requires that any allowed requests (http, telnet,
> ftp) made to the IP of our AS/400 be forwarded to the AS/400. No other IPs
> (within our lan) will be accessible to the outside world. On the other hand,
> users on the lan must be able to access the internet through the firewall. I
> plan on using IP masquerading, so that all requests to external internet servers
> appear to come from the firewall, and not our PCs on the lan. Just so you know,
> the AS/400 will have a valid internet IP, to which we will register our domain.
> The firewall will also have a valid internet IP, of course. The PCs just have
> 10.1.1.x IPs.

Hmmm. Don't think giving the AS/400 a real IP is necessary. Give it a
10.1.1.x and port forward everything from the firewall... That or you're
probably going to have to put three NICs in the firewall and put the
AS/400 on its own subnet... That might even be better for not clogging
up the local LAN, if the AS/400 gets a lot of outside buisness...