Hi all,

On a BorderManager 3.8 server (running on NetWare 6.5), I am trying to accomplish the following:

An external user has got a VPN-connection to one of the two public interfaces of our BM-server. He can only use port 80 over this VPN. I can't change that, since the VPN isn't ours to configure.

The external user has to access an internal webserver on port 8888. Since port translation isn't available on BM 3.8, I thought that using Reverse Proxy could be the way to go here. I've set up a generic TCP proxy from secondary-public-address:80 to private-address:8888 and I created a statefull packet-filter-exception allowing port 8888 from the external user to the internal server and back. After that I created an access-rule allowing the external user access via the proxy.

Now, I've got the following questions:
1. Is this the best way (security?) to accomplish this?
2. Is my thinking right on the packet-filter? Is an exception for port 8888 enough?
3. Will it work like this at all, or did I forget something?

All thoughts are more than welcome! :-)