× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: Adding an internet address to an established network
  • From: jelam@xxxxxxxxxx
  • Date: Tue, 27 Feb 2001 16:16:41 -0700



We have four AS/400s in our internal network. Our current Domino server (Dom1)
needs to be upgraded, and the system that it resides upon (AS1) does not meet
the minimum requirements for the functions we want to use. Therefore, we have
set up a second Domino server (Dom2) on our newest system (AS4). It works ok
internally, but it needs an internet address to be accessible to outside
clients. The Domino administrator says that his instructions are that you need
to be able to ping Dom2's internet address from a PC workstation before
continuing with other implementation steps. I have used an available internet
address within the same subnet as Dom1, but after the configuration steps I've
taken I can ping this address only from AS4.

Something's missing or incorrect in my configs and after two weeks trying
various things I still can't figure it out. I've got a pile of manuals on my
desk that's about a foot high. I've looked at everything I can find on TCPIP,
DNS, NAT, etc. but all of the material out there assumes I'm starting from
scratch and configuring TCPIP for the first time on a new network. I haven't
been able to find anything that gives explicit steps on how to add an internet
address to an existing network. I suspect we should be using NAT, but I'm not
sure which system to implement it on and our firewall (yes, it's the IBM one.
Sigh.) is just unstable enough that I don't like to mess with it any more than
absolutely necessary. We'll probably be changing our network structure when we
change firewalls, but that's not going to happen for some months yet at the
earliest.

Can anyone see what I need to do to be able to find Dom2 from anywhere
internally using its internet address? If I can get that far, I think I can deal
with getting the firewall to allow requests through from the outside.

Here's the current setup:

AS1 contains our firewall, our DNS, Dom1 and three connections -- an internal
LAN connection to the firewall, a token ring connection to two AS/400s (AS2 and
AS3), and an Ethernet connection to two AS/400s (AS3 and AS4). All of our
workstations are on the Ethernet LAN. The firewall has both internet and
internal addresses (on the internal LAN, on the Ethernet LAN, and to the outside
world). We have one subnet inside the firewall and another outside the firewall.
I am not using one of those unusable addresses at the beginning or end of the
subnet range. There are no routers other than the one to the outside world.

We use 10.1.1.x addressing on the Ethernet LAN, and a different set of internal
addresses on the TR LAN. AS1 and Dom1 have 10.1.1.x addresses as well as their
own Internet addresses (on the internal LAN line). There has been only a single
default route -- it points to our firewall via the internal LAN. (I've played
with additional routes but they don't seem to help.)

AS4 currently has three interfaces using the single Ethernet line description.
The 10.1.1.x addresses work fine for both AS4 and Dom2. The third interface is
for the Dom2 internet address.  (I've wondered if it's just not possible to have
both an internet address and internal addresses on the same Ethernet line, but I
haven't found anything that says it can't be done and plenty that says it's okay
to have multiple interfaces on the same line. Perhaps it's not possible to have
two addresses for Dom2 on the same line?)

I set up entries for Dom2 in the AS1 DNS that exactly mimic the entries for
Dom1. For good measure,  there are entries for Dom2 in host tables on AS1 and
AS4. The firewall DNS also knows of the existence of this newly assigned
address. I have a host file on my PC that knows about AS1 and AS4; it does not
specifically mention either Dom1 or Dom2. My PC config knows AS1 as the DNS. AS4
also is supposedly looking at the AS1 DNS to find things. I suspect not all of
this is necessary, but I inherited this whole setup and don't want to mess with
the parts that are working.

Right now, I can ping Dom1 or Dom2 from my PC, from AS1, and from AS4 if I use a
name or an internal address. If I use the internet address, I can ping Dom1 from
my PC or from AS1, but not from AS4. Only AS4 can ping the internet address of
Dom2.

From my PC, tracert immediately finds AS1 or Dom1 when using a name or either
the internal or internet addresses. It also can find Dom2 using the name or the
internal address. When I do tracert on Dom2's internet address, it goes to AS1
and then times out. However, for any other internet address I enter, tracert
continues to the firewall. This is what I would expect to happen if AS1 doesn't
know where something is. Why does it stop at AS1 if it doesn't know where Dom2
is? It's as if AS1 thinks Dom2 must be located on AS1. It also seems that AS1
and AS4 aren't exchanging info properly, although they're doing fine with those
10.1.1.x addresses.

Can anyone see what I might be missing or suggest something I can try? Despite
the number of systems we have, we are a small shop and I have become the
(unfortunate) TCPIP guru designate.

Janet






+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.