Re: [TCLUG:11644] firewall packages

[Dave Sherman <dcsherman@uswest.net>]

Yep, that's pretty much what I had in mind. And being the visual person that I
am, the ASCII art is quite helpful :-)

Dave Sherman

Troy Johnson wrote:
> 
> Dave,
> 
> Dave Sherman wrote:
> > If I do the above, would I then register a domain and give the registered IP to
> > the firewall? I'll keep reading, but if anyone knows this off-hand...
> 
> To illustrate one simple way to do it would be this:
> 
>  10bT               10bT
> ---------[firewall]---------------------[your clients]
>  a.b.c.d            e.f.g.h  |  m.n.o.p
>                              |
>                              L----------[AS/400]
>                                 q.r.s.t
> 
> You are right in that the external interface of [firewall] would get the
> registered domain name address (a.b.c.d), and the internal addresses
> (e.f.g.h, m.n.o.p, and q.r.s.t) would all be on a private network
> (192.168.x.x, 172.16.x.x, or 10.x.x.x). [your clients] would use e.f.g.h
> as a gateway address, as would [AS/400], and [firewall] would IP Masq
> their addresses. Packets coming to the port a.b.c.d:80 would be
> forwarded to q.r.s.t:80 on [AS/400].
> 
> Example network addresses would be:
> a.b.c.d = 123.123.123.123
> e.f.g.h = 192.168.1.254
> m.n.o.p = 192.168.1.3 (through 192.168.1.253)
> q.r.s.t = 192.168.1.2
> 
-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/O d- s+: a C++ UL/US>$ P++ L+>++++ E- W+++(--) N+ o? K- w++(---) O@ M V? 
PS@ PE Y+ PGP- t+ 5+++ X+ R+ tv+ b++ DI+ D+ G e++(*) h--- r+++ y+++
------END GEEK CODE BLOCK------