Has anybody out there investigated the implications of these IBM documents? I'd 
be nervous about these settings without a few additional precautions, and even 
then I'd wonder.

1) With those ports open, I'd want the traffic restricted to the iSeries IP 
address, not allowing traffic to/from any other servers in my network. (Seems 
odd restricting to the iSeries rather than the other way around.)
2) You'd want a Netserver 'guest' profile and definite restrictions on what was 
shared.
3) I figure access to Netserver would have to be either by IP address or an 
entry in the remote LMHOSTS file, rather than by Netserver system name.

Are those paranoid? Or are they not yet restrictive enough? It's right at the 
fringe of my knowledge.

Tom Liotta


On Thu, 03 January 2002, "Jim Franz" wrote:

> Neil - is the wan connection over the same iSeries ethernet card as the lan?
> There is an old warning about the "tcp-only" option in an ethernet line
> description  needing MF22323 ptf before setting this parm.
> If you haven't already checked all this, your wan router needs certain ports
> specific to netserver. Info apar II12227 has a list of all the ports.
>
> http://www-912.ibm.com/n_dir/nas4apar.NSF/c79815e083182fec862564c00079d117/f
> cc664db54c4c549862568720047b5fd?OpenDocument&Highlight=2,ii12227
>
> if a firewall is involved, also check
> http://www-1.ibm.com/servers/eserver/iseries/clientaccess/cafirewl.htm (a
> little old but could
> be relevant)
>
> if vpn involved check info apar II11791
> http://www-912.ibm.com/n_dir/NAS4APAR.NSF/51d11a683a56a5cc862564c000763b23/a
> 7a17214ad50cc9d862567550029d287?OpenDocument
>
> hth
> jim franz
>
> ----- Original Message -----
> From: "Neil Palmer" <NeilP@DPSlink.com>
>
> > Yes - have all that OK.  The same laptop will access Service Pack images
> > from the AS/400 fine when attached to the local LAN.  When connected
> > remotely via Cable Modem over Internet it won't.

--
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788
Fax  253-872-7904
http://www.400Security.com


___________________________________________________
The ALL NEW CS2000 from CompuServe
 Better!  Faster! More Powerful!
 250 FREE hours! Sign-on Now!
 http://www.compuserve.com/trycsrv/cs2000/webmail/






As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.