Home > IT Answers > Security > iSeries IP adress restruction
Help

Question

  Asked: May 4 2005   4:19 AM GMT
  Asked by: Dalibor

iSeries IP adress restruction


Tech support, Security, Intrusion management, Managed security services, DataCenter, AS/400

Hi, is there a way to restrict access to iSeries by IP address?
I need to configure something on iSeries to prevent one PC to access on our iSeries and think that best way is to restrict IP address of this PC. Please help.

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: May 4 2005  4:52 AM GMT  by PeterMac




Easiest way to restrict access via IP is to use different subnets. put the PC you want to exclude into one subnet, and everything else into the other. Use subnet mask to allow everything other than the i-series access to both subnets, but restrict i-series access to only the main one.
eg. put everything except excluded pc into subnet xxx.xxx.10.xxx, put excluded PC into xxx.xxx.11.xxx, IP range for all PC's including the excluded one should be
IP xxx.xxx.10.0 MASK 255.255.254.0
IP range for i-series should be
IP xxx.xxx.10.0 MASK 255.255.255.0
i-series will not then talk to xxx.xxx.11.xxx IP range.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security, DataCenter and AS/400.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

TomLiotta  |   Jun 2 2005  11:48PM GMT

Yes, for a number of years, OS/400 has had a form of native firewall. Access is through iSeriesNavigator (or Operations Navigator) from iSeries Access on your PC.

In iNav, follow My Connections ->(your AS/400 icon) ->Network -> IP Policies -> Packet Rules. From there, you’ll perhaps want to select Rules Editor from the right-click context menu.

NOTE — Be clear that you fully understand how to set up a set of rules before you activate. For example, there is a default DENY *ALL rule that is implied — if you fail to include an accept-rule that allows others in at the bottom of your rules, even your iNav session connection will be immediately shut down as soon as you activate the rules. It’s totally possible that your _only_ access will be through a twin-ax connection if you aren’t careful. Study first, ask questions.

 

ininav ax  |   Apr 17 2008  8:53PM GMT

[…] Rules … It??s totally possible that your _only_ access will be through a twin-ax connection if …http://itknowledgeexchange.techtarget.com/itanswers/iseries-ip-adress-restruction/&157&144d&220&132q ??&131 *&200&176&161&195&135JD &162&162&141&139 T &163&198&141&140 A&200&160 […]