friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajb_5.4.0.1/rzajbrzajb0eexample3.htm

95 lines
6.3 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Scenario: Create filter rules to allow HTTP, Telnet, and FTP" />
<meta name="abstract" content="In this scenario, your company uses IP filtering to restrict the IP traffic that can access its Web server to HTTP, Telnet, and FTP." />
<meta name="description" content="In this scenario, your company uses IP filtering to restrict the IP traffic that can access its Web server to HTTP, Telnet, and FTP." />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb0awhyip.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8a1verifyingsd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbactivaterules.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajb0e-example3" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Scenario: Create filter rules to allow HTTP, Telnet, and FTP</title>
</head>
<body id="rzajb0e-example3"><a name="rzajb0e-example3"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Scenario: Create filter rules to allow HTTP, Telnet, and FTP</h1>
<div><p>In this scenario, your company uses IP filtering to restrict the
IP traffic that can access its Web server to HTTP, Telnet, and FTP.</p>
<div class="section"><h4 class="sectiontitle">Situation</h4><p>You want to provide Web applications to
your customers, but your current firewall is working overtime and you do not
want to add additional stress to it. Your colleague suggests running the
applications outside of the firewall. However, from the Internet, you only
want HTTP, FTP, and Telnet traffic to have access to your iSeries™ Web
server. What should you do?</p>
</div>
<div class="section"><br /><img src="rzajb506.gif" alt="This picture shows&#xA;that traffic is being run outside a firewall product." /><br /></div>
<div class="section"><h4 class="sectiontitle">Solution</h4><p>IP filtering allows you to set rules that
define what information you want to permit. In this scenario you will write
filter rules that permit HTTP, FTP, and Telnet traffic (inbound and outbound)
to the Web server, which is your iSeries server in this case. The public
address of the server is 192.54.5.1, and the private IP address is 10.1.2.3. </p>
</div>
<div class="section"><h4 class="sectiontitle">Configuration</h4><div class="p">To configure the packet rules described
in this scenario, use the <span class="uicontrol">Permit A Service</span> wizard in iSeries Navigator.
The wizard requires the following information: <ul><li>The type of service you want to permit: HTTP</li>
<li>The public address of the iSeries server: 192.54.5.1</li>
<li>The address of the client: Any IP address</li>
<li>The interface over which the service will run: TRNLINE</li>
<li>The direction the service will run: INBOUND</li>
<li>The name you want to use to identify this filter set: external_files</li>
</ul>
</div>
</div>
<div class="section"><p>To use the <span class="uicontrol">Permit Service</span> wizard, follow
these steps:</p>
</div>
<div class="section"> <ol><li>In iSeries Navigator,
select <span class="menucascade"><span class="uicontrol"><var class="varname">your server</var></span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">IP policies</span></span>.</li>
<li>Right-click <span class="uicontrol">Packet Rules</span>, and select <span class="uicontrol">Rules
Editor</span>.</li>
<li>From the <span class="uicontrol">Welcome Packet Rules Configuration</span> dialog,
select <span class="uicontrol">Create a new packet rules file</span>, and click <span class="uicontrol">OK</span>.</li>
<li>From the <span class="uicontrol">Wizards</span> menu, select <span class="uicontrol">Permit
A Service</span>, and follow the wizard's instructions to create the
filter rules.</li>
</ol>
</div>
<div class="section"><p>These packet rules permit HTTP traffic in and out of the system.
The packet rules looks like the following example: </p>
<br /><img src="rzajb508.gif" alt="How your packet rules look like" /><br /></div>
<div class="section"><p>Use the <span class="uicontrol">Permit a Service</span> wizard two more
times to create filter rules that permit FTP traffic and Telnet traffic in
and out of the system.</p>
</div>
<div class="section"><p>After you finish creating these filter rules, verify them to ensure
that they will activate without errors. After that, you can activate them.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajb0awhyip.htm" title="Use these scenarios to learn how you can use network address translation (NAT) and IP filtering to protect your network.">Scenarios: Packet rules</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzajbrzajb8a1verifyingsd.htm" title="Always verify your rules before you activate them. This helps ensure that the rules will be activated without problems.">Verify packet rules</a></div>
<div><a href="rzajbactivaterules.htm" title="Activating the packet rules that you create is the final step in configuring packet rules.">Activate packet rules</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink