220 V5 TCP/IP Applications on the IBM Eserver iSeries Server
8.1 Connecting to Internet from behind a firewall: HTTP Server
This scenario describes the configuration of the iSeries connection to the Internet from
behind a firewall. This connection will be utilized for a read only HTTP server.
Problem Definition
For this scenario, let us suppose that we have a secure internal network that is connected via
a firewall to the Internet, but need to share information with our external customers over the
Internet.
Solution definition
We are going to utilize an HTTP server to provide read only access to our customers. We also
utilize our existing firewall solution to control access from the public network (Internet) to the
private network. This solution enables the iSeries to communicate with the Internet, while still
protecting our private network. In order for this solution to be secure, the iSeries and firewall
must be secured to prevent unauthorized access. In this scenario, the iSeries has multiple
Ethernet interfaces, we allocate one of the interfaces for Internet traffic and associate a new
IP address for further isolation. This solution can be configured via the Internet setup wizard
located in iSeries Navigator.
The solution is presented in Figure 8-1.
Figure 8-1 Connecting to the Internet from behind a firewall
Assumptions
Here are the conditions assumed for this scenario:
򐂰 iSeries server running OS/400 Version 5 Release 2 (V5R2)
򐂰 Existing firewall protecting your internal network
򐂰 Existing iSeries is within your internal network
򐂰 You have a read only HTTP server configured on the iSeries
192.168.1.200
192.168.1.201
192.168.1.x Network
Internet
Router
192.168.1.1
Firewall
Public IP Address
68.13.103.103
Chapter 8. Connecting your iSeries to the Internet: Scenarios 221
򐂰 The firewall is configured and allows only HTTP traffic to the iSeries
򐂰 The Protocol router is providing the public IP address
򐂰 The iSeries has only two network adapter in the LAN, with two IP interfaces
򐂰 HTTP is the only service from the iSeries available to the Internet
򐂰 iSeries software requirements
TCP/IP Connectivity Utilities for iSeries (5722-TC1)
IBM HTTP Server for iSeries (5722-DG1)
How-to
To configure the Internet connection from behind a firewall, perform the following tasks:
1. Planning worksheet for connecting to the Internet.
2. Configure iSeries server AS24 via Internet Connection WIzard.
3. Implement security setting on iSeries server AS24.
4. Test the configuration.
8.1.1 Planning worksheet for connecting to the Internet
To configure the Internet connection, first we need to respond to a series of questions about
the configuration of the network in which we implement the Internet connection. For example,
we need to know how the iSeries will be connected to the Internet. All these questions are
included in Table 8-1, Table 8-2, and Table 8-3. The answers are based on this scenario
shown in Figure 8-1 on page 220 and should be altered to meet customers security and
application requirements. Table 8-1 contains information about the iSeries Internet
connection configuration.
Table 8-1 Planning the Internet connection for server AS24: AS24 TCP/IP information
*This is the address that will be used by the iSeries to respond to HTTP requests. This address is hidden behind a
public IP address. The router handles this one-to-one static address translation.
Note: The details on how to configure the HTTP server configuration can be found
in HTTP Server (powered by Apache) An Integrated Solution for IBM
~
iSeries servers, SG24-6716.
Configuration parameter Value
iSeries Host name AS24
Ethernet Card Resource for Internet traffic CMN05
Ethernet Line Description for Internet traffic ETHLIN2
IP address for Internet traffic 192.168.1.201*
Subnet mask for Internet traffic 255.255.255.0
Ethernet Card Resource for internal traffic CMN02
Ethernet Line Description for internal traffic ETHLIN
IP address for internal traffic 192.168.1.200
Subnet mask for internal traffic 255.255.255.0
Router / Firewall internal IP address 192.168.1.1
Router / Firewall public IP address 68.13.103.103

Get V5 TCP/IP Applications on the IBM eServer iSeries Server now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.