|
The Sonicwall is a TZ 215.
My policies aren't in the same exact order as yours, but I do have those polices - except I am not limiting the i5 by port - I'm allowing 'any' service.
I also have additional rules for our main windows server - which are working fine. I can RDP into the server no problem, which is what makes this i5 issue so frustrating.
p.s. if I ping our Domain.com, I will get our web hosts IP address - we don't host our own domain.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Gary Kuznitz
Sent: Sunday, March 9, 2014 1:09 AM
To: Midrange Systems Technical Discussion
Subject: Re: New public IP address not working
What model Sonicwall do you have?
On the Sonicwall do you have in Nat Policies:
1st policie
Source Original = Firewalled Subnets
Translated = Wan Primary IP
Destination Original = Wan Primary IP
Translated = Local IP of i5
Service Original = Ports 23, 446-447, 449, 5555, 8470-8480 Translated = Original Interface Inbound = Any Outbound = Any
2nd policie
Source Original = Local IP of i5
Translated = Wan Primary IP
Destination Original = Any
Translated = Original
Service Original = Ports 23, 446-447, 449, 5555, 8470-8480 Translated = Original Interface Inbound = Any Outbound = X1
3rd policie
Source Original = Any
Translated = Original
Destination Original = Wan Primary IP
Translated = Local IP of i5
Service Original = Ports 23, 446-447, 449, 5555, 8470-8480 Translated = Original Interface Inbound = X1 Outbound = Any
In your Firewall Access Rules do you have:
Source = Any
Destination = Wan Primary IP
Service = Ports 23, 446-447, 449, 5555, 8470-8480 Action = Allow Users = All Enable = Checked
If you ping YourDomain.com do you get your new wan IP?
How long has it been since you changed your wan IP zone records?
Gary
On 8 Mar 2014 at 21:25, Jim (Jim Essinger <midrange-l@xxxxxxxxxxxx>) commented about Re: New public IP address not worki:
May not be the case but I've seen issues where the remote IP scheme is
192.168.1.nnn and the network that the IBM i is on is 192.168.1.nnn.
When that has been the case the two networks can't talk.
Jim
On Mar 8, 2014 5:10 PM, "Bob Cagle" <bcagle@xxxxxxxxxxx> wrote:
> First off, I'm a one-man IT shop, and networking is NOT my
> specialty, AND my normal network consultant is busy dealing with
> another customer's emergency already - so I'm grasping at straws here:
>
> My ISP just assigned me a block of new IP addresses with our latest
> upgrade, so I had to assign a new public IP for the System i.
>
> Made the changes to the firewall, and thought all was well; all I
> had to do was change the public IPs from old to new - but now I'm
> unable to connect to the System i remotely.
>
> You would think this would be a firewall issue, but I've poured over
> this Sonicwall and all the routing looks correct to me. I've even
> confirmed with the ISP that the IP is routed correctly on their end.
>
> Is there any TCP setting on the i that would be related to a public
> IP address? I've gone through the CFGTCP options and all I see is
> the local IP and domain referenced. (I'm able to connect to my
> desktop remotely via
> TeamViewer)
>
> Thanks
>
> Bob Cagle
> IT Manager
> Lynk, Inc.
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L)
> mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
> unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
> take a moment to review the archives at
> http://archive.midrange.com/midrange-l.
>
>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
