|
Hi Jon, Question: how will you know from outside the firewall which (private) address you mean to reach the AS/400 behind your NAT-Address (only one (?) or do you have a pool of addresses assigned. Without further configuration your firewall cannot determine which host you want to reach inside by "pinging from outside". As Larry perfectly described, normal firewall setup is disabling ICMP-echos as well to make it even worse for you to test your setup. Answers/solutions: But, hopefully, there are some simple solutions available, the "inventors" of NAT thought about: You need to setup up a mapping of one of your "external" (official) addresses to match the desired "internal" (private) addresses. Normally you map only one port per service which is then to be performed/served by that particular host. Lets say you have a webserver at 192.168.1.90 and a mailserver at 192.168.1.10 and you have been assigned official adresses like 212.3.2.1 to 212.3.2.8, then you could do a mapping of port 80 (HTTP) to 212.3.2.1 / 192.168.1.90 and another mapping of ports 25 (SMTP) and 110 (POP3) to 212.3.2.7 / 192.168.1.10 and so on. For driiling deeper into NAT information have a look at: http://www.cisco.com/warp/public/556/index.shtml HTH, Regards from germany, Philipp Rusch ----------------------------------------------------------------- | EDV Beratung Rusch EDP Consulting Rusch | | Philipp Rusch Mailto: Philipp.Rusch@rusch-edv.de | | Am Errlich 9 WWW : http://www.rusch-edv.de/ | | D-61191 Rosbach, | | Germany | | Phone: (+49) 6003 3972 Mobile : (+49) 172 89 86 230 | | Fax : (+49) 6003 3795 | | | ----------------------------------------------------------------- Jon.Paris@hal.it schrieb: > > Can anyone point me in the right direction here. > > We are having a problem PINGing our AS/400 via a NAT translation in the > firewall. The long term intent is to allow certain HTTP transactions to > come through the wall and be served up by the AS/400. As part of testing > this we have one of the PCs set up to appear to the firewall to be coming > from outside. He can ping any of the PCs (and a Linux box) but the AS/400 > just doesn't respond. If the 400 is pinged from inside the firewall or > from outside via the VPN it responds just fine. > > Any thoughts? Any kind of logging I can turn on that would show me what is > going on? I'm somewhat of a TCP/IP virgin so any help welcome. > > +--- > | This is the Midrange System Mailing List! > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: david@midrange.com > +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
