flatspin
(Ralf Jeckel)
March 20, 2020, 3:16pm
1
NethServer Version: 7.7.1809 subscr.
Module: firewall
Hi mates,
never had dealed with this, but now I’ve the request to make my AS400 reachable from the internet.
A specific application from Fiat should reache the AS400 in my internal lan on a specific port.
AS400 and GREEN are in the same LAN.
Fiat-Server (from outside) <==> Nethserver Gateway <==> AS400
So I made a portforwarding from RED to AS400 (firewall object) on that specific port.
Question: Do I also have to make a rule to accept TCP traffic from RED to AS400 with a serviceobject on this specific port? (@mrmarkuz )
TIA Ralf
mrmarkuz
(Markus Neuberger)
March 20, 2020, 3:46pm
2
No, the portforwarding should be enough.
1 Like
flatspin
(Ralf Jeckel)
March 20, 2020, 4:00pm
3
Thanks for your quick response!!
1 Like
pike
(Michael Kicks)
March 20, 2020, 4:34pm
4
I suggest to use at least a VPN client connection. AFAIK AS400 do not encrypt data between client and server.
1 Like
Or at least only accept traffic from FIAT’s IP on your Firewall.
I do assume they use a fixed IP…
pike
(Michael Kicks)
March 20, 2020, 5:54pm
6
This won’t ease any issue about data sniffing between your ISP and the other side. And this could collide with GDPR…
I quite and fully agree with the VPN.
But try as a small KMU to get a big conglomerate to move… (FIAT falls under that league in my opinion)
Invisible elefants in the room - they have the same issues…
pike
(Michael Kicks)
March 20, 2020, 5:58pm
8
You can always try to make FCA sign some legal papers for assuming risks and sanctions…
Even from NL should comply with GDPR
flatspin
(Ralf Jeckel)
March 23, 2020, 7:47am
9
@Andy_Wismer and @pike thanks for your suggestion.
Yes, they do use a fixed IP and I restriced it to this IP.
It’s https-traffic, so datasniffing shouldn’t be able.
VPN is not an option. As you said: Try to move a large company…
Stay healthy, mates!
1 Like
pike
(Michael Kicks)
March 23, 2020, 7:54am
10
This detail was not in the initial post… and waves all my concerns.