On Fri, 6 Aug 2004, Joey Kelly wrote:
> everything to work correctly. While forwarding selected ports is what I'd
> rather do, it's going to be simpler to just stick the box on the net, having
> it appear to be on a real IP, while remaining on a private IP so the host
Sure it'd be simpler, but think about the security implications that
others have mentioned. I'd personally like to know what business this is,
that can afford an AS400 but can't afford or be bothered with
VPN/encrypted sessions.
If you must do it, run tcpdump on the external interface, get them to try
access, watch what ports are being accessed, and only forward those ports.
I doubt they're running SIP or H.323 to the AS400, so hopefully the app
doesn't use random ports.
ray
___________________
Nolug mailing list
nolug@nolug.org
Received on 08/06/04
This archive was generated by hypermail 2.2.0 : 12/19/08 EST