ibm系列/ as400 ip策略/防火墙规则
ibm系列/ as400 ip策略/防火墙规则
提问于 2016-08-17 10:15:38
我有一个IBM系列(AS/400),需要使用公共ip。我想关闭互联网面对端口关闭,只开放一些端口向外部世界,并保持内部网络开放的ftp,5250等。
我打开了系统I Navigator,查看IP策略编辑器,不完全确定如何执行this.Public ip 211.*只是编辑以不显示真正的ip和*'s不是通配符。昨天我把每个人都锁在as400之外,因为我弄错了,也不太确定我是怎么出错的-- RMVTCPTBL (*IPFTR)挽救了这一天……
#Assign IP Addresses to Names
ADDRESS External_AS400 IP = 211.*.*.* TYPE = BORDER
#Internal lan network address
ADDRESS INTERNAL_AS400 IP = 192.168.1.201 TYPE = TRUSTED
ADDRESS Internal_Lan IP = 192.168.1.0 MASK = 255.255.255.0 TYPE = TRUSTED
#Inbound from Internet rules
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = INTERNAL_AS400 PROTOCOL = TCP DSTPORT = 22 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = External_AS400 PROTOCOL = TCP DSTPORT = 22 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = INTERNAL_AS400 PROTOCOL = TCP DSTPORT = 25 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = External_AS400 PROTOCOL = TCP DSTPORT = 25 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = INTERNAL_AS400 PROTOCOL = TCP DSTPORT = 110 SRCPORT = * FRAGMENTS = NONE JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = External_AS400 PROTOCOL = TCP DSTPORT = 110 SRCPORT = * FRAGMENTS = NONE JRN = OFF
#Allow local lan access to server
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = Interal_Lan DSTADDR = INTERNAL_AS400 PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
FILTER SET Inbound_AS400 ACTION = PERMIT DIRECTION = INBOUND SRCADDR = Interal_Lan DSTADDR = External_AS400 PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
#Outbound to Internet Rules
FILTER SET Outbound_AS400 ACTION = PERMIT DIRECTION = OUTBOUND SRCADDR = INTERNAL_AS400 DSTADDR = * PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
FILTER SET Outbound_AS400 ACTION = PERMIT DIRECTION = OUTBOUND SRCADDR = External_AS400 DSTADDR = * PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
#Get Out of Jail Free
FILTER SET ALLOWALL ACTION PERMIT DIRECTION = * SRCADDR = * DSTADDR = * PROTOCOL = * DSTPORT = * SRCPORT = * FRAGMENTS = * JRN = OFF
#Allocate FILTER SET to Network INTERFACE
FILTER_INTERFACE LINE = TCPLIN2 SET = Inbound_AS400
FILTER_INTERFACE LINE = TCPLIN2 SET = Outbound_AS400
FILTER_INTERFACE LINE = TCPLIN2 SET = ALLOWALL回答 2
Server Fault用户
回答已采纳
发布于 2016-09-01 03:26:00
我认为这会让人感到困惑,因为您正在将所有规则设置为同一行描述行= TCPLIN2。
你知道这个系统上有多少个网络适配器吗?WRKHDWRSC类型(*CMN)和检查类型5767的适配器,并检查其运行状态。大多数iSeries至少有2个适配器,如果有两个适配器,您可以为内部通信分配一个适配器,为外部适配器分配一个适配器。
您还可以使用硬件管理控制台创建虚拟以太网适配器,也可以为外部/内部通信创建一个适配器。您可能会通过两个适配器实现您所需要的更简单的功能。
Server Fault用户
发布于 2016-08-19 00:48:26
抱歉,我不做这种事。但是你不希望物理服务器前面有一个硬件防火墙吗?这样,在互联网和服务器之间就有了额外的保护层。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/797332
复制相关文章
相似问题
腾讯云开发者
