Hi Rich,
It is important to know whether you have a NAT or non-NAT configuration.
In the NAT configuration the router is the interface to Internet and your i5
is just another device on your internal network. In this configuration the
router will normally have some form of firewall and should hide your
internal network devices from the internet. In other words, the internal
devices can access the internet, but the internet cannot access your network
devices (not unless you allow this).
In the non-NAT configuration your i5 is the only device attached to the
router. All other devices on the network access the internet through the i5.
This type of config requires two network cards in your i5. One for the
internet connection and the other for the internal network. For this config
to work you need two IP addresses assigned by your ISP. One for the Router
and the other for the i5.
In all cases the router should have the IP address assigned by the ISP. The
router is your internet gateway, so the router IP address should be
specified as the next hop on the *DEFAULT TCP route.
Firewall --- important -- VERY important. I have my i5 attached directly to
the internet and there are several attempts to attack it every day. I have
had an "AS/400" on the internet for over 10 years and so far not one attack
has breached my defences (touch wood!!)
OS/400 has its own packet filter firewall. It is quite effective. You
configure this firewall using Ops Nav. In Ops Nav select your system and
navigate to Network/IP Policies/Packet Rules. There is documentation and
help in Ops Nav, the IBM InfoCenter, and I am certain there is a red book.
The other thing you should do as a further defence mechanism is prevent
unwanted network attack from both inside and outside your organisation. My
Fortress/400 product can do this, as well as products by other
manufacturers.
Remember the i5 can be hub of any network, you don't need a server farm. My
i5 runs DHCP, DNS, Windows Domain, Mail, Fax, Print, File, FTP, Web,etc.
servers and is my internet gateway. ALL the network control is performed by
a single P05 system. My development, etc. runs on a different box in the
network. If you go to www.ccs400.com, then that web server is my i5 here in
this office, with the web pages generated using RPG with IceBreak. There are
NO Windows servers here with the benefit of significantly reduced running
costs and far less down time. I had Windows servers at one time but the
seemingly constant problems pissed me off and they ended up in the trash.
I hope this helps. - When I know what your NAT status is I should be able to
provide some configuration guidelines.
Regards
Syd
-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On
Behalf Of Shannon ODonnell
Sent: 25 July 2008 15:43
To: 'Web Enabling the AS400 / iSeries'
Subject: Re: [WEB400] Connecting i5 Express to Internet
You have your iSeries set up with an IP Address of 74.219.167.174. And
then you have the route set up to point back to that same IP address. I
don't think that's going to work. That will create a closed loop that goes
nowhere I'd think.
Is 74.219.167.174 the static IP address your ISP gave you and you are
plugging the iSeries directly into that?
Do you have a router or a cable modem or something in there anywhere?
You really should not have your iSeries plugged into the web directly. At
the very least, go to Wal-Mart and buy yourself a cheap Belkin or DLink
router to put in the middle. That way you'll have at least a rudimentary
firewall in the mix.
Here's what I would try...
Let's assume you are on a cable modem and it's static IP address is
74.219.167.174
Leave your *DFTROUTE set as you have it now, but give your iSeries the IP
address of 74.219.167.175.
Then don't forget to start the tcp/ip interface on your new IP address:
STRTCPIFC 74.219.167.175
At this point it does not matter what you have in your domain and host table
unless you are wanting to set up HTTP Server or Websphere or Tomcat and/or
have someone come in from the outside to your system.
If you throw a router between your iSeries and the cable modem (or whatever
you have there that actually connects you to your ISP...) you'll need to
configure it to allow TCP/IP traffic to flow through it to your iSeries.
But that's another topic. :-)
-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On
Behalf Of Pat Barber
Sent: Friday, July 25, 2008 8:56 AM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Connecting i5 Express to Internet
Go here and do a little reading...
http://www.easy400.net/tcpcfgs
and a router/firewall would be of help.
Rich Dotson wrote:
I am trying to connect an iSeries 515 to the internet and would like
some guidance. This is my first try at this side of things after 20
years of programming on the midrange. I am signed on to the i5
using the System Console attached to the T6 port.
1. I have a static IP address from my ISP.
2. I configured the ethernet line on the iSeries (defined to use the T5
port).
3. I setup the TCP/IP interfaces as follows:
Internet Address SubNet Line Desc Line Type
74.219.167.174 255.255.255.252 ETHLIN *ELAN
127.0.0.1 255.0.0.0 *LOOPBACK *NONE
4. I setup the TCP/IP Routes
Destination Mask Next Hop Interface
*DFTROUTE *NONE 74.219.167.174 *NONE
5. Setup the TCP/IP host table entries
Internet address Host Name
74.219.167.174 S1048D02
DDMSONLINE
DDMSONLINE.COM
127.0.0.1 LOOPBACK
LOCALHOST
6. Changed TCP/IP Domain
Host name: DDMSONLINE
Domain Name: DDMSONLINE.COM
DNS Internet address: 65.24.0.168
65.24.0.169
7. I plugged the i5 into the internet modem / router
8. Started TCP/IP and the TCP/IP server
When I try to PING the domain name DDMSONLINE.com it says:
Verifying connection to host system S1048D02 at address 74.219.167.174
Cannot reach remote system
Where do I go from here?
Thanks in advance...
Rich..
As an Amazon Associate we earn from qualifying purchases.