× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2004

Re: IP filtering

Steve,

Since you already have a 170, why not use it as your HTTP server. Use DDM files on the 170 that point back to your production unit. You'll need two NIC's on the 170, one to go to your firewall and one for the internal network. We used this scheme successfully for over two years until our little Model 4SS couldn't handle the traffic. It isolates your production box from the internet and still allows you to use your familiar AS/400 tools for application development.

Wayne

Steve McKay wrote: 
"Urbanek, Marty" <Marty_Urbanek@xxxxxxxxxxxx>
wrote in message
news:96AB0F4ACC33EF41B0A76870053FF060910D3D@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Steve,

I'm jumping in late on this conversation and I think I missed a digest or
two along the way, but are you talking about IP forwarding (rather than
filtering)?

Also, I'm wondering about your statement that one of these systems is in
your DMZ (implying the other is not) yet they are both on the same subnet.
This would seems to me to be a contradiction.


Marty -

I guess it *is* IP forwarding . . .

Currently, both machines are on the same subnet because I'm trying to do a
proof-of-concept to show our corporate networking guys (more on them in a
second) that it can be done with 2 iSeries boxes.  So, when I refer to one
system being in our DMZ, that is how it will be "ultimately" but at the
moment, they're both on the same subnet.  I've come to realize that they
need to be on separate subnets.

We are trying to open up an existing intranet site to Internet access.  The
corporate IT guys would really like for us to have what they call a "bastion
server" which is a Wintel server running the user interface which does DB
calls to our production iSeries.  From a cost standpoint, this is not
"doable" since we used iSeries specific tools to create the intranet site
(Progen WebSmart and ASC Sequel).  In order to move the UI to the front-end
system, we would have to buy additional software licenses and revamp the
intranet site.  While this could be done, we are a departmental cost center
(as opposed to a profit center) and must be very stingy with our
expenditures.  The corporate guys are not amenable to direct access to our
production iSeries through our firewall so, in an effort to appease them, we
came up with the front-end iSeries (a 170 which used to be our D/R box) on
which all ports except 80 are shut off and which passes HTTP to our
production system and returns the results to the requestor.  The config of t
he front-end system fell to me and I've not been very successful so far
(unfortunately).

This post has run longer than I intended and may sound a bit "woe is
me"-ish - if so, I apologize.

Thanks,

Steve



_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.