× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2005

RE: Port problems

They are concerned, as they explain it to me, because the IDS/IPS can
only monitor one app on a given port, so it can't judge the validity of
those packets.  There might be CVMMON running somewhere on our network,
but not between the addresses I'm trying to connect.

This is all internal, but we have firewalls segmenting the network to be
able to control the spread of potential attacks, which they say come
mostly from desktops within the network.

There is an outside customer attached to the iSeries.  They VPN into
that subnet on our network.  The subnet that the machines we want to use
port 2300 for console access that subnet through a firewall.  So, yes,
even though all access is inside our network, we need to open the port
in the firewall between one subnet and another (and potentially others
in between).  

They claim the IDS/IPS vendors follow the IANA port registration, so
they are leery of opening anything else up.  

Help! 
 
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Walden H. Leverich
Sent: Monday, August 22, 2005 8:48 AM
To: Midrange Systems Technical Discussion
Subject: RE: Port problems

OK, two issues here. 

One, while your network group is correct, 2300 is registered to CVMMON
(http://www.iana.org/assignments/port-numbers) that doesn't mean that
that port can't be used for other uses. The registry is a list of
common-uses, not an exclusive allocation. Now, if they are running
CVMMON I can see more reason for confusion, but still, I don't think you
need the CVMMON port on the HMC, so still no big deal. The registry, and
well-known port numbers are important, but there's no technical reason I
can't run a web server on port 25, or a telnet server on port 80 -- it
might mess with peoples heads, but it's technically allowed.

Now, having said all that. WHY are you trying to have a hole punched in
your firewall for the HMC? Do you have a firewall between your internal
network and the iSeries (iSeries in a bubble?) I can't think of a good
reason to open that port (or most other ports) on the firewall. If
you're trying to access the service from the outside, that's what VPNs
are for.

-Walden


------------
Walden H Leverich III
Tech Software
(516) 627-3800 x11
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.