Can anybody help cos it is doing my head in now. I'm looking to use a 2830 to replace a netgear router and a watchguard firewall that was blown up by a Scotish power mains spike, and I seem to get all or nothing with the fire wall and although I will be replacing the watchguard soon I'm not going to let the firewall rules beat me.

Our current setup is we have:-
5 static public ip addresses - 218.41.149.80 ..... 218.41.149.85

3 Internal machines (Domain Controller, Email Server and a File Server) 192.168.10.11 .. 192.168.10.12 .. 192.168.10.13

1 machine that needs a port open 192.168.10.224 port 123456

varoius machines on the 192.168.10.xxx need internet access

What I'm trying to do is the following

218.41.149.80 --> 192.168.10.11 (Domain Controller)
Allow HTTP (80) and HTTPS(443) out
Allow LDAP (389) in but only from the following external addresses ( 91.220.42.0 subnet 255.255.255.0)

218.41.149.81 --> 192.168.10.12 (Email Server)
Allow HTTP (80) and HTTPS(443) in/out
Allow SMTP (25) and POP3 (110) out

218.41.149.82 --> 192.168.10.13 (File Server)
Allow HTTP (80) and HTTPS(443) out

218.41.149.83:123456 --> 192.168.10.224 port 123456
allow port 123456 (TCP) out

all other machines on th 192.168.10.xxx range
Allow HTTP (80) and HTTPS(443) out
Allow DNS lookup and NTP time updates


What ever I do I either allow full access to everything or lock it down so tight nothing gets out and as mentioned before it is doing my ead in

TIA

Ian