Re: Passing information between an external client and an internal sever

["Saravana Ram" <Ram () POP Jaring My>]

> Since the form is submitted from the client, the firewall sees the client's
> IP address as the source. So, to make this work as designed the external
> port on the firewall needs to be opened up to the world.

I am never comfortable with opening more holes on the firewall. You could,
instead, run an external and internal webserver, have the information passed
to your external webserver from your isp hosting service, and have that
external webserver push the data to the internal webserver. With this, on your
firewall you'd only allow a connection from your DMZ subnet which is far
harder to spoof than a connection form your ISP.

To eliminate open ports on the firewall completely, do not have the requests
pushed into the internal webserver at all. Let the internal webserver poll the
external webserver (or hosting service) for information requests, let it
process it and then spit it out again. The disadvantage to this is response
time; even with a polling frequency of once in five seconds, a public user
will notice the wait.