iSeries IP adress restruction
Hi, is there a way to restrict access to iSeries by IP address?
I need to configure something on iSeries to prevent one PC to access on our iSeries and think that best way is to restrict IP address of this PC. Please help.
Software/Hardware used:
Software/Hardware used:
ASKED:
May 4, 2005 4:19 AM
UPDATED:
June 2, 2005 11:48 PM
Answer Wiki:
Easiest way to restrict access via IP is to use different subnets. put the PC you want to exclude into one subnet, and everything else into the other. Use subnet mask to allow everything other than the i-series access to both subnets, but restrict i-series access to only the main one.
eg. put everything except excluded pc into subnet xxx.xxx.10.xxx, put excluded PC into xxx.xxx.11.xxx, IP range for all PC's including the excluded one should be
IP xxx.xxx.10.0 MASK 255.255.254.0
IP range for i-series should be
IP xxx.xxx.10.0 MASK 255.255.255.0
i-series will not then talk to xxx.xxx.11.xxx IP range.
To see all answers submitted to the Answer Wiki: View Answer History.
Yes, for a number of years, OS/400 has had a form of native firewall. Access is through iSeriesNavigator (or Operations Navigator) from iSeries Access on your PC.
In iNav, follow My Connections ->(your AS/400 icon) ->Network -> IP Policies -> Packet Rules. From there, you’ll perhaps want to select Rules Editor from the right-click context menu.
NOTE — Be clear that you fully understand how to set up a set of rules before you activate. For example, there is a default DENY *ALL rule that is implied — if you fail to include an accept-rule that allows others in at the bottom of your rules, even your iNav session connection will be immediately shut down as soon as you activate the rules. It’s totally possible that your _only_ access will be through a twin-ax connection if you aren’t careful. Study first, ask questions.