Problem solve
Get help with specific problems with your technologies, process and projects.
Configure the iSeries v5r4 to open the HTTPS port for incoming connections
When the HTTPS 443 port is not accessible from interned but is open within the local network, open the port for incoming connections by recognizing the problem as a network firewall issue rather than an iSeries issue.
Our iSeries v5r4 is running on WAS 6.0 and is connected to the internet via L2TP connection without IPSec.
The problem is that the HTTPS 443 port is not accessible from interned, but it is open within the local network. Nmap ports 25, 80, 110 and 10322 (WAS administration console) have state open on the internet IP address.
The HTTPS 443 port has state filtered.
No packet filters are active. My goal is to open the HTTPS 443 port, and close the 10322 ports in internet. However, I'm not sure where or how to configure this.
Activating the following filtering rules causes port 80 to open, and ports 443 and 10322 to be filtered.
# -----------------------------------------------
# Statements to permit inbound HTTP over STATICIP # -----------------------------------------------
FILTER SET HTTP_INBOUND ACTION = PERMIT DIRECTION = OUTBOUND SRCADDR = * DSTADDR = * SERVICE = HTTP_80_FS JRN = OFF
FILTER SET HTTP_INBOUND ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = * SERVICE = HTTP_80_FC JRN = OFF
FILTER SET HTTP_INBOUND ACTION = PERMIT DIRECTION = OUTBOUND SRCADDR = * DSTADDR = * SERVICE = HTTP_443_FS JRN = OFF
FILTER SET HTTP_INBOUND ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = * SERVICE = HTTP_443_FC JRN = OFF
FILTER_INTERFACE INTERFACE = STATICIP SET = HTTP_INBOUND
# -----------------------------------------------
How can I open the HTTPS port for incoming connections?Packet rules are fairly complicated. My systems have about three pages of rules each, and there is no way I can tell what is going on without seeing the whole file. That said, since you say that "HTTPS 443 port is not accessible from interned, but it is open within the local network," I suspect that this is a network firewall issue rather than an iSeries problem.
