RE:IP Forwarding and Filtering -- WEB400

Chris

There is a firewall in front of the machine, however I have been asked to 
configure IP Filtering rules so that the addresses that can be reached 
using the AS/400 as a router - as an effect of IP forwarding - are limited. 
Presumably the traffic is already filtered by the Telco-operated firewall 
that protects the perimeter of the enterprise and therefore supposedly the 
internal traffic.

There is a dedicated interface to the outside world, a dedicated interface 
to the machines behind the AS/400 and another dedicated interface to the 
rest of the WAN.

Hope this explains the set-up some more.

These servers WILL have a lot of traffic. At what level do you believe this 
will choke the AS/400 - are you saying that it will not handle the IP 
filtering tasks or that the NIC will be overwhelmed ? Where do you see the 
bottleneck ocurring ?

Having said that, do you have any specifics for how to set up IP filtering 
? Or the effects of  IP Forwarding being on.

Thanks for the suggestion anyway

Regards
Evan Harris



>I would strongly recommend getting a firewall device and placing all these
>machines in the DMZ.  Otherwise, there is the potential to choke your AS/400
>if one of these other servers has a lot of traffic.
>
>-Chris
>
>---------------------------------------------------------
>Christopher A. Libby, Programmer/Analyst
>Maine Public Service Company (www.mainepublicservice.com)
>clibby@mainepublicservice.com (207) 768-5811 ext. 2210
>
>
> > -----Original Message-----
> > From: owner-web400@midrange.com [mailto:owner-web400@midrange.com]On
> > Behalf Of Evan Harris
> > Sent: Tuesday, July 17, 2001 5:50 AM
> > To: web400@midrange.com
> > Subject:
> >
> >
> > Hi guys
> >
> > we have a customer that wants to provide access to some boxes behind the
> > AS/400 directly, but still maintain security. A suggestion that
> > has come up
> > is to set IP forwarding on on the AS/400 and use IP filtering to control
> > the traffic that gets past the AS/400 (apologies if I haven't
> > phrased this
> > right)
> >
> > I have had a peek at the IP Filtering screens under Ops navigator
> > but it is
> > not as helpful as I would like, particularly not for getting
> > started. Does
> > anyone have any suggestions or samples to get this underway. I have
> > configured the hideous AS/400 firewall in the past (it wasn't a complex
> > configuration) so I have had some exposure to configuring firewall rules,
> > but the IP Filtering screens and the firewall screens are light
> > years apart.
> >
> > Any comments on the strategy our customer has adopted or how to
> > get started
> > and especially any perceived pitfalls are welcome.
> >
> > And of course feel free to ask me to make myself clear or provide more
> > information :)
> >
> > regards
> > Evan Harris
> >
> > +---
> > | This is the WEB400 Mailing List!
> > | To submit a new message, send your mail to WEB400@midrange.com.
> > | To subscribe to this list send email to WEB400-SUB@midrange.com.
> > | To unsubscribe from this list send email to WEB400-UNSUB@midrange.com.
> > | Questions should be directed to the list owner/operator:
> > david@midrange.com
> > +---
> >
>
>
>+---
>| This is the WEB400 Mailing List!
>| To submit a new message, send your mail to WEB400@midrange.com.
>| To subscribe to this list send email to WEB400-SUB@midrange.com.
>| To unsubscribe from this list send email to WEB400-UNSUB@midrange.com.
>| Questions should be directed to the list owner/operator: david@midrange.com
>+---

+---
| This is the WEB400 Mailing List!
| To submit a new message, send your mail to WEB400@midrange.com.
| To subscribe to this list send email to WEB400-SUB@midrange.com.
| To unsubscribe from this list send email to WEB400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---