× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Paul or Rob,

The select from NETSTAT_INFO in this thread includes a udf
"myudfToDoaNslookup"
Which I do not find on the developerWorks link provided.
Is this from IBM or your mod? Can it be shared?

Jim Franz


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Steinmetz, Paul
Sent: Friday, September 01, 2017 4:31 PM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxx>
Subject: RE: Need to find any/all connections to the i via host name

Rob,

Forgot to mention, I am currently using the

select
remote_address, remote_port, remote_port_name, local_address, local_port,
local_port_name,
myudfToDoaNslookup(remote_address)
FROM QSYS2.NETSTAT_INFO

Works great.
But you can't tell if there accessing by name or ip.

Another point.
All firewall rules are currently by ip only.
So when the IP changes, the firewall rules also need to change.

There is newer version of Cisco OS which will allow firewall rules by name.
That project is in the works.

Paul

-----Original Message-----
From: Steinmetz, Paul
Sent: Friday, September 01, 2017 4:03 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Need to find any/all connections to the i via host name

Rob,

We are finishing up a move of all traffic from Etherlan01 - ip 1.1.1.1 to
Etherlan02 - ip 2.2.2.2.
Etherlan02 has additional firewall rules and not all port are open.

There are some remaining processes on Etherlan01, could be connecting via
host name or ip.
When I change the host name from 1.1.1.1 to 2.2.2.2, only those processes
accessing the I by host name will be impacted.
These are the ones I am a after.
If they fail, it will probably need ip and or ports open on the firewall.

Then, any traffic remaining will be those accessing the I by ip - 1.1.1.1.
We will deal with these on a one by one basis.

Paul



-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob
Berendt
Sent: Friday, September 01, 2017 3:53 PM
To: Midrange Systems Technical Discussion
Subject: Re: Need to find any/all connections to the i via host name

Just trying to figure out what you are asking.

At first I thought you wanted to know who was attaching to your IBM i by
accessing it at "myibmi" or whatever the name was and not by using the IP
address.
But as I thought about it perhaps you know you can do a NETSTAT *CNN but you
want to know who is access it by the end person's host name. IOW you don't
want to know that 10.10.4.27 is accessing your IBM i. You want to know the
host name of 10.10.4.27 so that if it is RALPHSPC you can talk to Ralph and
know that he will be affected.

I'm still trying to figure out why though. Because I don't think you can
determine if Ralph is accessing it by:
- using the IP address of your ibm i
- is using a host table entry on his pc.
- or is accessing it by using a dns entry from a dns server.

In theory you shouldn't care if they are using DNS. Sure they may be
affected. One little outage perhaps until the DNS cache is flushed and they
reconnect. We do a switch every quarter which involves a DNS change.
Works great. We quiesce the system before changing the DNS.

Now the ones you want to hunt down and kill are those using an IP address or
a local host table entry. Me, I figured it's their own stupidity and forget
them.

Now, there are some querying you can do

select
remote_address, remote_port, remote_port_name, local_address, local_port,
local_port_name,
myudfToDoaNslookup(remote_address)
FROM QSYS2.NETSTAT_INFO

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%2
0i%20Technology%20Updates/page/QSYS2.NETSTAT_INFO


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 09/01/2017 03:30 PM
Subject: Need to find any/all connections to the i via host name
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



I need to find any/all connections to the I via host name.

We will be changing our host name to a different IP, and I would like to
know which connections/processes could be impacted.


Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx
http://www.pencor.com/



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.