Firewall Wizards mailing list archives
Re: Passing information between an external client and an internal sever
From: "Saravana Ram" <Ram () POP Jaring My>
Date: Tue, 23 Nov 1999 16:06:08 +0800
Since the form is submitted from the client, the firewall sees the client's IP address as the source. So, to make this work as designed the external port on the firewall needs to be opened up to the world.
I am never comfortable with opening more holes on the firewall. You could, instead, run an external and internal webserver, have the information passed to your external webserver from your isp hosting service, and have that external webserver push the data to the internal webserver. With this, on your firewall you'd only allow a connection from your DMZ subnet which is far harder to spoof than a connection form your ISP. To eliminate open ports on the firewall completely, do not have the requests pushed into the internal webserver at all. Let the internal webserver poll the external webserver (or hosting service) for information requests, let it process it and then spit it out again. The disadvantage to this is response time; even with a polling frequency of once in five seconds, a public user will notice the wait.
Current thread:
- Passing information between an external client and an internal sever tyrrell (Nov 21)
- Re: Passing information between an external client and an internal server Bret Watson (Nov 22)
- Re: Passing information between an external client and an internal sever Randy Witlicki (Nov 22)
- Re: Passing information between an external client and an internal sever Saravana Ram (Nov 23)