TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:11644] firewall packages
Dave,
Dave Sherman wrote:
> If I do the above, would I then register a domain and give the registered IP to
> the firewall? I'll keep reading, but if anyone knows this off-hand...
To illustrate one simple way to do it would be this:
10bT 10bT
---------[firewall]---------------------[your clients]
a.b.c.d e.f.g.h | m.n.o.p
|
L----------[AS/400]
q.r.s.t
You are right in that the external interface of [firewall] would get the
registered domain name address (a.b.c.d), and the internal addresses
(e.f.g.h, m.n.o.p, and q.r.s.t) would all be on a private network
(192.168.x.x, 172.16.x.x, or 10.x.x.x). [your clients] would use e.f.g.h
as a gateway address, as would [AS/400], and [firewall] would IP Masq
their addresses. Packets coming to the port a.b.c.d:80 would be
forwarded to q.r.s.t:80 on [AS/400].
Example network addresses would be:
a.b.c.d = 123.123.123.123
e.f.g.h = 192.168.1.254
m.n.o.p = 192.168.1.3 (through 192.168.1.253)
q.r.s.t = 192.168.1.2
If you segmented [AS/400] off from the others, it would look more like
this:
10bT 10bT
--------------[firewall]----------------------[your clients]
a.b.c.d | e.f.g.h m.n.o.p
| 10bT
L------------------------[AS/400]
i.j.k.l q.r.s.t
and you would being doing basically the same thing, but you would also
make sure that e.f.g.h and m.n.o.p were on the same net/subnet, that
i.j.k.l and q.r.s.t were on the same net/subnet, and firewall would have
to provide routing between the two nets (if [your clients] need access
to [AS/400]).
Example network addresses would be:
a.b.c.d = 123.123.123.123
e.f.g.h = 192.168.1.254
i.j.k.l = 192.168.2.254
m.n.o.p = 192.168.1.2 (through 192.168.1.253)
q.r.s.t = 192.168.2.2
This could be a bunch of garbage, so keep reading. I did this mostly
because I just _love_ ascii "art". ;-)
Good luck,
Troy