tags:

views:

592

answers:

5
+1  Q: 

Port 443 on iSeries v5r4 is ‘filtered’ to internet clients, even it is allowed in firewall rules. How can I make it ‘open’? Can it be i5/OS bug? [SOLVED]

Port was fitered by ISP.

The problem is that HTTPS 443 port isn't accessible from internet, but it is open in our local network. Our iSeries v5r4 is connected to inet via L2TP withot IPSec. If no packet filters are active, nmap shows that ports 25, 80, 110 and even 10322 (WAS admin console) have state 'open' on internet ip address. 443 have state 'filtered'.

If I activate the following packet rules:

# -----------------------------------------------
# Statements to permit inbound HTTP over STATICIP
# -----------------------------------------------
INCLUDE   FILE = /QIBM/UserData/OS400/TCPIP/PacketRules/Services.i3p
FILTER SET HTTP_INBOUND   ACTION = PERMIT   DIRECTION = OUTBOUND   SRCADDR = *   DSTADDR = *   SERVICE = HTTP_80_FS   JRN = OFF
FILTER SET HTTP_INBOUND   ACTION = PERMIT   DIRECTION = INBOUND   SRCADDR = *   DSTADDR = *   SERVICE = HTTP_80_FC   JRN = OFF
FILTER SET HTTP_INBOUND   ACTION = PERMIT   DIRECTION = OUTBOUND   SRCADDR = *   DSTADDR = *   SERVICE = HTTP_443_FS   JRN = OFF
FILTER SET HTTP_INBOUND   ACTION = PERMIT   DIRECTION = INBOUND   SRCADDR = *   DSTADDR = *   SERVICE = HTTP_443_FC   JRN = OFF
FILTER_INTERFACE   INTERFACE = STATICIP   SET = HTTP_INBOUND
# -----------------------------------------------

port 80 is 'open', 443 is 'filtered'.

How can I make it 'open'? Thanks.

A: 

You should configure your firewall to open and close TCP/IP ports.

Each firewall has a list of ports (or port ranges) that are open or closed for trafic. PLease consult you firewall/router documentation or consult your system administrator.

Gamecat  2008-11-24 09:52:51
A: 

Port 443 is the SSL port so it is quite possible that either your firewall or your iSeries has a further filter that needs to be set to allow ssl traffic to it.

 2008-11-24 10:05:53
A: 

Some ISPs filter specific ports, like RoadRunner used to filter my webserver. It'd be odd since 80 isn't filtered, but it's a possibility.

Stefan Mai  2008-11-24 10:41:27
Thanks! You're right.There is ISP's feature - VPN protection configured by customer. All ports from 0 to 1024 was filtered except 21,22,25,80 and 110.i5/OS, its ip filter and my packet rules are alright.Now problem is solved.
Mikhail  2008-11-25 13:55:05
No way! Haha, glad to hear it worked!
Stefan Mai  2008-11-26 06:03:18
A: 

Thanks for your answers! Firewall is cofigured to open ports 80 and 443. But 443 is filtered anyway. Our ISP filters no ports.

Mikhail  2008-11-24 11:51:28
A: 

IBM's online documentation about IP filtering and NAT which may help solve the problem.

Paul Morgan  2008-11-24 15:39:18

related questions

List of source members in a file with SQL
AS400 library/file (member) JDBC query
AS400 style naming over JDBC
SQL query of multi-member file on AS400
How do you organize your RPGLE subversion repository on IBM i ?
Mail from iSeries with attachment
AS400 C#.net inserting new record problems
AS/400 ODBC Drivers
XML and iSeries RPGLE - development tools?
iSeries - Call SQL stored procedure from CL program
Data structure definitions / templates in RPG(LE)
OpenQuery to DB2/AS400 from SQL Server 2000 causing locks
Encrypt on iSeries
Accessing RPG on iSeries from Java
iSeries SQL Procedure - Check if already exists
iSeries Export to CSV
C#: Convert COMP-3 Packed Decimal to Human-Readable Value
Source Control on the IBM i (iSeries)
Setting a key field on a view
How do I iterate over a set of records in RPG(LE) with embedded SQL?
How do indicate the SQL default library in an IBM iSeries 2 connection string to an AS/400?
Sample code for using IBM's PCOMM in C# o write an as400 screenscraper
Resources for an Oracle beginner
Connect PHP to an AS/400