|
We have four AS/400s in our internal network. Our current Domino server (Dom1) needs to be upgraded, and the system that it resides upon (AS1) does not meet the minimum requirements for the functions we want to use. Therefore, we have set up a second Domino server (Dom2) on our newest system (AS4). It works ok internally, but it needs an internet address to be accessible to outside clients. The Domino administrator says that his instructions are that you need to be able to ping Dom2's internet address from a PC workstation before continuing with other implementation steps. I have used an available internet address within the same subnet as Dom1, but after the configuration steps I've taken I can ping this address only from AS4. Something's missing or incorrect in my configs and after two weeks trying various things I still can't figure it out. I've got a pile of manuals on my desk that's about a foot high. I've looked at everything I can find on TCPIP, DNS, NAT, etc. but all of the material out there assumes I'm starting from scratch and configuring TCPIP for the first time on a new network. I haven't been able to find anything that gives explicit steps on how to add an internet address to an existing network. I suspect we should be using NAT, but I'm not sure which system to implement it on and our firewall (yes, it's the IBM one. Sigh.) is just unstable enough that I don't like to mess with it any more than absolutely necessary. We'll probably be changing our network structure when we change firewalls, but that's not going to happen for some months yet at the earliest. Can anyone see what I need to do to be able to find Dom2 from anywhere internally using its internet address? If I can get that far, I think I can deal with getting the firewall to allow requests through from the outside. Here's the current setup: AS1 contains our firewall, our DNS, Dom1 and three connections -- an internal LAN connection to the firewall, a token ring connection to two AS/400s (AS2 and AS3), and an Ethernet connection to two AS/400s (AS3 and AS4). All of our workstations are on the Ethernet LAN. The firewall has both internet and internal addresses (on the internal LAN, on the Ethernet LAN, and to the outside world). We have one subnet inside the firewall and another outside the firewall. I am not using one of those unusable addresses at the beginning or end of the subnet range. There are no routers other than the one to the outside world. We use 10.1.1.x addressing on the Ethernet LAN, and a different set of internal addresses on the TR LAN. AS1 and Dom1 have 10.1.1.x addresses as well as their own Internet addresses (on the internal LAN line). There has been only a single default route -- it points to our firewall via the internal LAN. (I've played with additional routes but they don't seem to help.) AS4 currently has three interfaces using the single Ethernet line description. The 10.1.1.x addresses work fine for both AS4 and Dom2. The third interface is for the Dom2 internet address. (I've wondered if it's just not possible to have both an internet address and internal addresses on the same Ethernet line, but I haven't found anything that says it can't be done and plenty that says it's okay to have multiple interfaces on the same line. Perhaps it's not possible to have two addresses for Dom2 on the same line?) I set up entries for Dom2 in the AS1 DNS that exactly mimic the entries for Dom1. For good measure, there are entries for Dom2 in host tables on AS1 and AS4. The firewall DNS also knows of the existence of this newly assigned address. I have a host file on my PC that knows about AS1 and AS4; it does not specifically mention either Dom1 or Dom2. My PC config knows AS1 as the DNS. AS4 also is supposedly looking at the AS1 DNS to find things. I suspect not all of this is necessary, but I inherited this whole setup and don't want to mess with the parts that are working. Right now, I can ping Dom1 or Dom2 from my PC, from AS1, and from AS4 if I use a name or an internal address. If I use the internet address, I can ping Dom1 from my PC or from AS1, but not from AS4. Only AS4 can ping the internet address of Dom2. From my PC, tracert immediately finds AS1 or Dom1 when using a name or either the internal or internet addresses. It also can find Dom2 using the name or the internal address. When I do tracert on Dom2's internet address, it goes to AS1 and then times out. However, for any other internet address I enter, tracert continues to the firewall. This is what I would expect to happen if AS1 doesn't know where something is. Why does it stop at AS1 if it doesn't know where Dom2 is? It's as if AS1 thinks Dom2 must be located on AS1. It also seems that AS1 and AS4 aren't exchanging info properly, although they're doing fine with those 10.1.1.x addresses. Can anyone see what I might be missing or suggest something I can try? Despite the number of systems we have, we are a small shop and I have become the (unfortunate) TCPIP guru designate. Janet +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.