[ previous ] [ next ] [ threads ]
 
 From:  Scott Benninger <sbenninger at rogers dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem with Port redirects
 Date:  Mon, 26 Jan 2004 22:49:14 -0500
Are you using a regular telnet client or the 5250 client that comes with 
Client Access for the AS/400? If you are using the Client Access 
emulator you will probably need more ports forwarded. I had this problem 
myself. Here is a list that CA 5250 can require:

PC Function Server Name             Port Non-SSL        Port SSL
Server Mapper as-svrmap              449                         449
License Management as-central      8470                       9470
Database Access as-database        8471                        9471
Data Queues as-dtaq                     8472                        9472
Network Drives as-file                   8473                        9473
Network Printers as-netprt             8474                        9474
Remote Command as-rmtcmd        8475                        9475
Signon Verification as-signon          8476                        9476
Telnet (PC5250 Emulation) telnet   23                            992


Doc #13642023 from IBM's Site 
http://www-912.ibm.com/s_dir/slkbase.nsf/slkbase

Hope this helps.

Scott

Jim Berryman wrote:

>WAN = 24.247.106.26
>LAN = 192.168.1.0 /24
>DMZ = 192.168.2.0 /24 (not used at this time)
> 
>Outbound works fine.
>My ISP blocks inbound traffic to well known ports (21, 23, 80, 443, etc)
>I want to do inbound (WAN) port re-directs to a server @ 192.168.1.2 (see NAT below)
>If I telnet from an outside client to 192.168.1.2:2223, it times out. Nothing appears in the
logs.....
>Where'd I screw up? (This works fine on OpenBSD & pf)
> 
>Thanks,
> 
> 
>
> 
>
>==========================================================================================
>Firewall: NAT
>
>Inbound Server NAT 1:1 Outbound   
>Proto Ext. port range NAT IP
>(ext. IP) Int. port range Description  
>TCP  2221  192.168.1.2  21 (FTP)     Allow FTP to AS/400      
>TCP  2223  192.168.1.2  23 (Telnet)  Allow Telnet to AS/400      
>TCP  2280  192.168.1.2  80 (HTTP)    Allow HTTP connection from WAN      
>TCP  2443  192.168.1.2  443 (HTTPS)  Allow HTTPS connection to AS/400      
> 
>
> 
> 
>==========================================================================================
> 
>Firewall: Rules
>
>WAN interface  
>  Proto    Source    Port    Destination    Port         Description  
>  TCP        *        *      192.168.1.2     23(Telnet)  NAT Allow Telnet to AS/400     
>    
>  TCP        *        *      192.168.1.2     80(HTTP)    NAT Allow HTTP connection from WAN     
>    
>  TCP        *        *      192.168.1.2     21(FTP)     NAT Allow FTP to AS/400     
>    
>  ICMP       *        *          *            *          Allow ICMP     
>    
>  TCP        *        *      192.168.1.2    443(HTTPS)   NAT Allow HTTPS connection to AS/400     
>    
>  TCP/UDP    *        *      192.168.2.1      *          DMZ     
>    
>  TCP/UDP    *        *          *          137 - 139       
>    
> 
>
>LAN interface  
>  Proto Source Port Destination Port Description  
>  *      LAN net      *         *            *           Default LAN -> any     
>    
>  TCP/UDP  *          *         *          137 - 139       
>    
>
>  
>