On Wed, Feb 05, 2003 at 01:51:11PM +0700, Budi Febrianto wrote: > Hi, > Recently I create a firewall in my company using RHL 8.0 with iptables. > There are 3 zone, and I put AS/400 in DMZ zone. > > Users using Client Access to access AS/400, and I only open port 23 (TELNET). Users >can access it, but later they got drop (Log out), or message error about >communication. > > Is there any ports need to be open to access AS/400 with client access? > > Right now, I open all ports for AS/400 and the users can access it normally without >being droped. > > Thanks.
Do an off-hours test: 1. Enter this command as root - iptables -I FORWARD 1 -p tcp --syn -i <as400 interface> -j LOG \ --log-prefix "unique_string " (note trailing space) 2. Have someone log onto the AS400 from a client, do a quick lookup, and log off. 3. Enter this command on the firewall: iptables -D FORWARD 1 Caution: the log will be sent to the kernel file, but ALSO TO THE SCREEN. Expect to see a LOT of traffic. You'll have to grep the kernel file for <unique string> and then extract the actual port(s) being used. HTH. Bill -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
