× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2021

Re: Network firewall change, can't ping my PC

The whole firewall has changed since their ransomware attack. I may be
wrong but I think the network guy is a bit of a jackass lol. I was able to
figure out my problem some other way so I'm going to let my customer know
that I need more help from the network guy some other time.

Thanks again. Art

On Mon, Jan 4, 2021 at 8:47 PM Don Brown via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

It is strange that the IBMi is not reporting the first hop when you run
the traceroute.

This would suggest the firewall is blocking icmp on the inside interface.

I should have said tracert 192.168.2.60 from your PC but we know that
works and the IBMi would have been the next hop.

You will need to get your network person to run a packet capture at the
firewall to see what is happening.

The ping has to get to 192.168.2.254 as that is the default route and the
first hop

But it is not getting to you; so if you can trace the packet through the
firewall this should identify the issue.

Did this work previously ? What has changed ?

Hope this is some help.


Don





From: "Art Tostaine, Jr." <atostaine@xxxxxxxxx>
To: "Midrange Systems Technical Discussion"
<midrange-l@xxxxxxxxxxxxxxxxxx>
Date: 05/01/2021 11:12 AM
Subject: Re: Network firewall change, can't ping my PC
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx>



Here are my answers inline.

You have not shown the subnet mask but I am presuming it is /24 or
255.255.255.0

CORRECT

So the IBMi is sending outbound traffic to the default route of
192.168.2.254 - What is the device at 192.168.2.254 a router or a firewall
or ?

FIREWALL

What is the device that provides the VPN is it the same device as
192.168.2.254 ?

YES

When you connect to the VPN an IP address is assigned, 10.10.1.200 and if
you run ipconfig /all (presuming windows) you will see this address, mask
and gateway.

Ethernet adapter FortiVPN:

IPv4 Address. . . . . . . . . . . : 10.10.1.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.2.200
8.8.8.8

So from your PC run a TRACERT 192.168.2.254 which will show you the hops
to get to the IBMi.

Tracing route to 192.168.2.254 over a maximum of 30 hops

1 28 ms 32 ms 28 ms Tostaine7 [10.10.1.200]
2 27 ms 33 ms 34 ms 192.168.2.254

You could then run a TRACEROUTE on the IBMi to 10.10.1.200 and see where
it fails.

--
TRACEROUTE RMTSYS('10.10.1.200')
Probing possible routes to 10.10.1.200 using *ANY interface.
1 * * *
2 * * *

and on and on

You will also need to check the firewall on your PC as ping will be denied
by default.

THIS IS DISABLED

Commonly for security routers and firewalls will have icmp disabled which
makes this type of investigation more difficult so the results of the
route tracing may be incomplete but could provide some clues.

IVE BEEN TOLD IT IS OK To PING

Lastly why do you need to ping your PC from the IBMi ? Is there another
problem ?

The IBM needs to talk to my PC so I can debug using the LANSA IDE
Thanks

On Mon, Jan 4, 2021 at 7:16 PM Art Tostaine, Jr. <atostaine@xxxxxxxxx>
wrote:

Thank you Don. I will get more info from the network guy.

On Mon, Jan 4, 2021 at 4:39 PM Don Brown via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

You have not shown the subnet mask but I am presuming it is /24 or
255.255.255.0

So the IBMi is sending outbound traffic to the default route of
192.168.2.254 - What is the device at 192.168.2.254 a router or a
firewall
or ?

What is the device that provides the VPN is it the same device as
192.168.2.254 ?

When you connect to the VPN an IP address is assigned, 10.10.1.200 and
if
you run ipconfig /all (presuming windows) you will see this address,
mask
and gateway.

So from your PC run a TRACERT 192.168.2.254 which will show you the
hops
to get to the IBMi.

You could then run a TRACEROUTE on the IBMi to 10.10.1.200 and see
where
it fails.

You will also need to check the firewall on your PC as ping will be
denied
by default.

Commonly for security routers and firewalls will have icmp disabled
which
makes this type of investigation more difficult so the results of the
route tracing may be incomplete but could provide some clues.

Lastly why do you need to ping your PC from the IBMi ? Is there another
problem ?

Thanks


Don




From: "Art Tostaine, Jr." <atostaine@xxxxxxxxx>
To: "Midrange Systems Technical Discussion"
<midrange-l@xxxxxxxxxxxxxxxxxx>
Date: 05/01/2021 06:33 AM
Subject: Network firewall change, can't ping my PC
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx>



I connect to the VPN, the adapter gives me 10.10.1.200. I go to the
IBM
i,
it can't ping the address.

IBM is 192.168.2.60, it has only have one *DFTROUTE to 192.168.2.254.

Display TCP/IP Route

Route destination . . . . . . . . . . : *DFTROUTE
Subnet mask . . . . . . . . . . . . . : *NONE
Type of service . . . . . . . . . . . : *NORMAL
Next hop . . . . . . . . . . . . . . . : 192.168.2.254

Tech says I don't need a route to 10.10.1.0 because this is a flat
network
and 192.168.2.254 will route the 10 address.

I tried adding another route but it didn't work
Route destination . . . . . . . . . . : 10.10.1.0
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Type of service . . . . . . . . . . . : *NORMAL
Next hop . . . . . . . . . . . . . . . : 192.168.2.254

Anyone have an idea? Thanks in advance

--
Art Tostaine
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:



https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.midrange.com_mailman_listinfo_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=AGBGiXmH3HnEFpRhHDrVa4R7YT3nz33Lo6nHnD6sj2c&e=


or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at



https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.midrange.com_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=KdGjy0sNQtzG1kQO6tBX3I3Xu6B-d7BpuCMaS-P0fOY&e=

.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.

Help support



https://urldefense.proofpoint.com/v2/url?u=http-3A__midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=SBaPC5nVZ6dMQ1G1rZQuqaV_Ze-xUpcQ7myUrSEQ8eQ&e=

by shopping at



https://urldefense.proofpoint.com/v2/url?u=http-3A__amazon.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=nlYdcXiM5JMSG-uLwpsCaLYJKFmLyfm6_FxVbOs8I4E&e=

with our affiliate link:



https://urldefense.proofpoint.com/v2/url?u=https-3A__amazon.midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=JsqppHVFi3HIqNsY_wf7HLD4xTJXPsNfirHHXXCLIyI&s=zjpxR1uH_5UVDPrQM8-2LffVzO4Gf3nrMknuP9kdj0M&e=






--
This email has been scanned for computer viruses. Although MSD has
taken
reasonable precautions to ensure no viruses are present in this email,
MSD
cannot accept responsibility for any loss or damage arising from the
use of
this email or attachments..
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:

https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.midrange.com_mailman_listinfo_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=uGMWI4p6rNFt1xtRJu6u15QvsQojOv_fZF4a81lteAc&e=

or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at

https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.midrange.com_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=4c_sqZz0IND36Uwq8lZcsY-U1yPz2Cb2ye9dLZgyWH4&e=
.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.

Help support

https://urldefense.proofpoint.com/v2/url?u=http-3A__midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=F6R5wOVjyaCnSEsUzsKvr3t3RrX8t5bt34iXiilujes&e=
by shopping at

https://urldefense.proofpoint.com/v2/url?u=http-3A__amazon.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=SvWsEf5iwAnwg_f7TBkgYoOmWcybfLUDVD0rzKLiRcs&e=
with our affiliate
link:

https://urldefense.proofpoint.com/v2/url?u=https-3A__amazon.midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=MQgOSGr-pDf9IRA5Z91UuArKSM2B4HkHqzGgcuN9l3w&e=




--
Art Tostaine



--
Art Tostaine
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:

https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.midrange.com_mailman_listinfo_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=uGMWI4p6rNFt1xtRJu6u15QvsQojOv_fZF4a81lteAc&e=

or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at

https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.midrange.com_midrange-2Dl&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=4c_sqZz0IND36Uwq8lZcsY-U1yPz2Cb2ye9dLZgyWH4&e=
.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support

https://urldefense.proofpoint.com/v2/url?u=http-3A__midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=F6R5wOVjyaCnSEsUzsKvr3t3RrX8t5bt34iXiilujes&e=
by shopping at

https://urldefense.proofpoint.com/v2/url?u=http-3A__amazon.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=SvWsEf5iwAnwg_f7TBkgYoOmWcybfLUDVD0rzKLiRcs&e=
with our affiliate link:

https://urldefense.proofpoint.com/v2/url?u=https-3A__amazon.midrange.com&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=Kys-lxRCMpPr7up01Pp1FRjOe49ne6imWwi1b-ue8yQ&m=ku2BY-66XhDrsgoGYeDjR3158NkNaPWrtkpl_08aqP8&s=MQgOSGr-pDf9IRA5Z91UuArKSM2B4HkHqzGgcuN9l3w&e=





--
This email has been scanned for computer viruses. Although MSD has taken
reasonable precautions to ensure no viruses are present in this email, MSD
cannot accept responsibility for any loss or damage arising from the use of
this email or attachments..
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.