Rob,
1) Don't I need to add a new default route for the new IP.
CFGTCP 2. Work with TCP/IP routes
Route Subnet Next Preferred
Destination Mask Hop Interface
*DFTROUTE *NONE xx.x.xx.xxx xx.x.xx.x
2) There are some jobs binding to all IPS, but not on port 443.
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob Berendt
Sent: Friday, November 11, 2016 10:19 AM
To: Midrange Systems Technical Discussion
Subject: RE: HTTP listening ports and URL questions
I would do the
NETSTAT *CNN
and ensure that it is being used correctly and that no particular job is binding to all (*) IP addresses or some such thing.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 11/11/2016 10:15 AM
Subject: RE: HTTP listening ports and URL questions
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
I've added the new IP
QSYS/ADDTCPIFC INTNETADR('XX.X.X.XX') LIND(ETHERLAN02)
SUBNETMASK('255.255.255.0')
Started the new IP - active.
Network folks changed the URL to use the new IP and opened the firewall
ports.
New IP is pingable.
Reconfigured the HTTP instance to use new IP listening on port 443.
Restarted the HTTP instance - running.
Page cannot be displayed.
Are there any other setting changes needed to enable a new IP?
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Welly@OCBCNISP
Sent: Wednesday, November 09, 2016 8:58 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: HTTP listening ports and URL questions
HI Paul,
1. Correct
2. Correct
3. do not know
4. It depends on how you want to treat your network
Thanks for your help
Br,
Welly Soegiantoro
EST Division
cug : 367090
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Steinmetz, Paul
Sent: Kamis, 10 November 2016 08.49
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxx>
Subject: RE: HTTP listening ports and URL questions
Rob,
QSYS/ADDTCPIFC INTNETADR('XX.X.X.XX') LIND(ETHERLAN01)
SUBNETMASK('255.255.255.0')
1) When creating the additional interface, will the new interface will be
attached to an existing lind ETHERLAN01., correct?
2) All other values, use default, correct?
3) Is there any reason to use the PREFIFC option?
4) Will a static route be needed? This interface will only be used for a
new HTTP instance listening on port 443.
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob
Berendt
Sent: Wednesday, November 02, 2016 10:05 AM
To: Midrange Systems Technical Discussion
Subject: RE: HTTP listening ports and URL questions
Your first IP interface that you've ever done (not counting the local
loopback) was completed using
ADDTCPIFC 'x.x.x.x' LIND(MYLINE)
All the rest could be the same, just with a different IP address. On a
DMZ lpar supporting multiple sites all of the interfaces use
Virtual LAN identifier . . . . . . . . . . . . : *NONE
I even have a virtual ethernet set up from my hosting lpars to their
guests and they use
Virtual LAN identifier . . . . . . . . . . . . : *NONE
You may have to have your network guy do the firewall thing.He's probably
blocking external from getting to any new IP address assigned. But, if
he's worth his salt, he should have asked you enough questions to get
started on that.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 11/02/2016 09:49 AM
Subject: RE: HTTP listening ports and URL questions
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
I'm assuming these additional IPs will all be virtual IPS.
1) Should these new virtual IPs be on the same VLAN as the physicals?
2) If there is a choice of a physical IP to bind to any suggestions on
which to choose?
3) Must also contact security guy to add new firewall rules for the new
IPs?
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob
Berendt
Sent: Wednesday, November 02, 2016 8:28 AM
To: Midrange Systems Technical Discussion
Subject: RE: HTTP listening ports and URL questions
Here it involves sacrificing two doves and an unblemished young ram to the
network administrator and asking him for another IP address.
Once you have that you can add it one of two ways
Add TCP/IP Interface (ADDTCPIFC)
Start TCP/IP Interface (STRTCPIFC)
CFGTCP
1. Work with TCP/IP interfaces
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 11/02/2016 08:19 AM
Subject: RE: HTTP listening ports and URL questions
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
Currently, I have two IPs, each physical, on each LPAR.
What would be required to set up additional IPs, which would only be used
for HTTP listening ports.
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob
Berendt
Sent: Wednesday, November 02, 2016 8:14 AM
To: Midrange Systems Technical Discussion
Subject: Re: HTTP listening ports and URL questions
I don't even pretend to be a web expert on TV but we use the multiple IP
address solution. We tend to "bind specific" and not bind to all IP
addresses.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 11/02/2016 08:09 AM
Subject: HTTP listening ports and URL questions
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
I have some questions related to HTTP listening ports and URLs.
I have a current instance listening on port 443, all IPS.
I have a new app going live that we prefer to listen on port 443. It can
listen on a different port, but I've been told that if 443 is not used,
then we must include the port number in the URL.
We would like to have the new app keep the same URL as the old current
app, which is listening on port 80.
So my issue is that I will have two http apps listening on port 443.
Options.
1) Create one http instance for both, using virtual host. The problem with
this option is that when one app needs to be shutdown, we don't wish to
shut down the other app.
2) Have both apps listen on 443, two http instances, different IPs. I'm
leaning towards this solution.
3) Are there others?
Thank You
_____
Paul Steinmetz
IBM i Systems Administrator
Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071
610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home
psteinmetz@xxxxxxxxxx<mailto:psteinmetz@xxxxxxxxxx>
http://www.pencor.com/
midrange.com
