× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Good afternoon:

I just bought an AS/400 with V5R1 that I am going to install on my home
network via an ethernet connection.  I'm trying to figure out how to allow
access to this system from the internet via my Linksys router.  I know that
I have to set up a default route entry on the AS/400.  I know that there are
probably several ways to accomplish this, but my environment is somewhat
complicated.

I have searched the archives here and I have looked on the Linksys site, but
I haven't found a definitive answer to my questions.

Here is my scenario:

I have RoadRunner cable modem service and I am using the Linksys model
BEFW11S4 wireless router to allow the PC's on my home network (all nine of
them-ok, I'm a geek) to reach the internet.

One of these PC's is currently running FTP server software, and is exposed
to the internet using the router's DMZ host option.  I want to keep this FTP
server PC exposed to the internet, and at the same time want to expose my
AS/400 to the internet so that I can access it remotely via a telnet
connection thru Client Access or Rumba.

I am concerned about security at this point, but not paranoid.  I know that
some of you are probably going to scream about security, but I am willing to
take my chances that someone could hack the system.  After all, it is MY
playground.  I plan to change the passwords to the IBM-supplied profiles,
but I could also use some pointers about what else needs to be locked down
on the AS/400 when it is exposed to the internet.  All I initially plan to
do from the internet is telnet 5250 emulation and possibly FTP.

What I really am trying to figure out is how I can expose BOTH my AS/400 AND
my FTP server to the internet at the same time.  I guess I could go into the
router configuration and manually change the address used by DMZ between the
PC and the AS/400, but I would like to figure out how to enable both at the
same time.  The router also has port forwarding.

Here are my questions:

1) It is as simple just specifying the AS/400's IP as the DMZ host and then
use port forwarding on the router to forward the FTP (ports 20 & 21) to the
PC FTP server's IP?

2) Should I replace the router with a true firewall?  Will this let me do
multiple DMZ's?  If so, is there a low-priced or free firewall package that
is fairly easy to setup and administer to replace or supplement my Linksys
router?  I have a copy of Linux and an extra PC (6 more in the garage) that
I can load Linux on in order to run firewall software if necessary.

3) Besides changing the passwords for the IBM-supplied profiles, what else
do I need to do to secure my AS/400 system when exposed to the internet?
Which services should I start/NOT start with STRTCPSVR to help protect the
system from outside attacks?

4) Does anyone have any experience in this area that you are willing to
share?

5) Does anyone have any web links that would be beneficial?

6) Are there any questions that I should have asked that I didn't?

Thanks in advance for your help...

Steve Landess
Austin, Texas


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.