I have an IBM I series (AS/400) that needs to go onto a public ip. I would like to shut the internet facing ports down and only open some ports to the outside world and keep the internal network open for ftp, 5250 etc.
I have System i Navigator open and looking at the IP Policies editor and not entirely sure on how to go about this.Public ip 211...* just edited to not show the real ip and *'s are not wildcards. I locked everybody out of the as400 yesterday by getting this wrong and not quite sure on how I went wrong so have amended with this - RMVTCPTBL TBL(*IPFTR) saved the day.... Something like;
#Assign IP Addresses to Names
ADDRESS External_AS400 IP = 211.*.*.* TYPE = BORDER
#Internal lan network address
ADDRESS INTERNAL_AS400 IP = 192.168.1.201 TYPE = TRUSTED
ADDRESS Internal_Lan IP = 192.168.1.0 MASK = 255.255.255.0 TYPE = TRUSTED
#Inbound from Internet rules
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = INTERNAL_AS400 PROTOCOL = TCP DSTPORT = 22 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = External_AS400 PROTOCOL = TCP DSTPORT = 22 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = INTERNAL_AS400 PROTOCOL = TCP DSTPORT = 25 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = External_AS400 PROTOCOL = TCP DSTPORT = 25 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = INTERNAL_AS400 PROTOCOL = TCP DSTPORT = 110 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = External_AS400 PROTOCOL = TCP DSTPORT = 110 SRCPORT = * FRAGMENTS = NONE JRN = OFF
#Allow local lan access to server
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = Interal_Lan DSTADDR = INTERNAL_AS400 PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = Interal_Lan DSTADDR = External_AS400 PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
#Outbound to Internet Rules
FILTER SET Outbound_AS400 ACTION = PERMIT DIRECTION = OUTBOUND SRCADDR = INTERNAL_AS400 DSTADDR = * PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
FILTER SET Outbound_AS400 ACTION = PERMIT DIRECTION = OUTBOUND SRCADDR = External_AS400 DSTADDR = * PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
#Get Out of Jail Free
FILTER SET ALLOWALL ACTION PERMIT DIRECTION = * SRCADDR = * DSTADDR = * PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
#Allocate FILTER SET to Network INTERFACE
FILTER_INTERFACE LINE = TCPLIN2 SET = Inbound_AS400
FILTER_INTERFACE LINE = TCPLIN2 SET = Outbound_AS400
FILTER_INTERFACE LINE = TCPLIN2 SET = ALLOWALL