|
midrange.com
The routing is working fine and all other connectivity is there with no
problems. It just seems to be the 'announcement' to the Windows domain
that isn't seen by our clients/servers on the inside zone of the firewall.
"Chris Bipes"
<chris.bipes@cros
s-check.com> To
Sent by: "Midrange Systems Technical
midrange-l-bounce Discussion"
s+chadb=wheeling- <midrange-l@xxxxxxxxxxxx>
nisshin.com@midra cc
nge.com
Subject
RE: Netserver browsing across
10/12/2005 04:36 firewall zones
PM
Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>
Does the as400 have a route back to the inside network? While you are
allowing INSIDE to DMZ connection, if the server does not know how to
reply to something not on it's subnet, you will not get your connection.
Chris Bipes
Information Services Director
CrossCheck, Inc.
-----Original Message-----
We have 3 iSeries boxes that do a limited amount of Netserver file
serving
to a few users. The users are all on the 'inside' firewall zone as well
as
2 of the 3 iSeries boxes. The users can pull up the domain when
browsing
down through the network and see those 2 boxes just fine. The 3rd box
is
in our 'DMZ' firewall zone and doesn't show up when browsing the domain
(It
is also a member of the same domain).
The netserver is set to announce it's name every 5 minutes (via Netbios
broadcasts I believe). I suspect this is just a matter of the
broadcasts
not getting across the firewall into the inside zone because the correct
ports aren't open. I've tried opening up the inside zone to ports 137,
138, 139 from that particular iSeries in the DMZ with no luck so far.
Any
ideas? Any example of the PIX commands follows:
access-list inside permit udp any host 172.#.#.# eq netbios-dgm
access-list inside permit udp any host 172.#.#.# eq netbios-ns
access-list inside permit udp any host 172.#.#.# eq 139
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
_____________________________________________________________________________
Scanned by IBM Email Security Management Services powered by MessageLabs.
For more information please visit http://www.ers.ibm.com
_____________________________________________________________________________
ForwardSourceID:NT0002F136
_____________________________________________________________________________
Scanned by IBM Email Security Management Services powered by MessageLabs. For
more information please visit http://www.ers.ibm.com
_____________________________________________________________________________
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
