Jim,
to give an easy explanation to your problem:

TCP/IP always needs to know "how to get there" AND
about the "way back". It's always a two way thing, both
sides (hosts) need to know about this
So in your network it is perfectly okay, that you point your PC's
in the 172.22.x.y network point to the AS/400 as default gate,
but your firewall obviously doesn't know how to reach that net
on the way back to establish that connection / to acknoledge even
your pings. It seems like your firewall needs to have an additional
routing entry like 172.22.0.0/16 gate 172.24.1.1. Depends on
your firewall how to setup this exactly.

HTH, regards from Germany, Philipp Rusch


Jim Essinger schrieb:

> Tom,
>
> Poorly drawn example.  What it is supposed to represent is a ring (token
> ring) with a firewall participating as a part of the ring.  It is hard to
> draw  circles with straight lines.  On the other side of the firewall is
> only a DSL modem and my ISP.
>
> I have 2 rings, each with a card in the same AS/400.
>
> Ring 1 has a network address of 172.24.***.*** with the AS/400 card being
> 172.24.1.1 and the firewall being 172.24.1.10.  The PCs on the same ring
> have address in the range of 172.24.***.***. The PCs on that ring and the
> AS/400 have a default route (gateway?) of 172.24.1.10 to point to the
> firewall, and all of them (so far) can see the firewall and access the
> internet.
>
> Ring 2 has a network address of 172.22.***.*** with the AS/400 Token Ring
> NIC having an address of 172.22.1.1, and the PCs having addresses of
> 172.22.***.***.  My PC has an address of 172.22.20.4 (I believe). I some
> times get a response from the 172.24.1.1 address on the AS/400, but all
> other address on that network are not responding.
>
> All PCs have Win 2K installed.  AS/400 has V5R2 installed.
>
> We recently went from 4 Token Ring NIC in the AS/400 cards to 2.  Their
> addresses were 172.21.1.1, 172.22.1.1, 172.23.1.1, and 172.24.1.1.  I
> believe the attempt was to reduce the length of cable the rings would have
> to travel, and spread traffic out over 4 connections.  We have old wiring
> (pre-cat 3 twisted pair) in our building.   We upgraded from a 720 to an
> 810 last fall, and from V4R5 to V5R1 to V5R2.  A some point in all of these
> changes, I lost the ability to ping to a PC on a different network.  It
> seems to me that passive routing using the AS/400 never worked extremely
> well, because transferring files from 1 PC to another between networks was
> slow, and sometimes lost connection in the middle of a transfer.  We saved
> time by moving big files up to the IFS, then downloading them to the other PC.
>
> So the short answer is, no, this physical network was not in place prior to
> V5.  It's just that when I was helping with the configuration prior to V5,
> there were different prompts and ways to configure TCP-IP.  I was confused
> before, and when IBM changes (I believe for the better?!) I get lost and
> have to start all over again.  I am not a network person, just a 1 (& 1/2)
> man COBOL shop, and I have to wear a lot of hats.
>
> I have not used traceroutes before,and so had no clue that it existed.  How
> do I use it and what does it tell me?
>
> Thanks for your response.  It helps me get closer to understanding this
> beast!  I still think that communications is 90% smoke and mirrors!!
>
> Jim.
>
> At 10:03 PM 5/23/2003 -0700, Tom wrote:
> >Jim:
> >
> >I'm not totally clear about your diagram. It looks like you're showing PCs
> >on both sides of your firewall. Does that mean you have _3_ subnets? I
> >mean, sure, the firewall has two sides, but what's the third subnet set as?
> >
> >Anyway, two other questions... Was the same physical network working fine
> >before V5 on the AS/400? If upgrading OS/400 started the trouble, then you
> >can probably ignore routes on your various PCs or the firewall. Those
> >should all already be set. Maybe the firewall has changed, but start at
> >the AS/400.
> >
> >Now, have you tried traceroutes from various PCs to the points you want
> >them to reach? Just see where it tells you that routes are actually
> >leading. Go to PCs on each segment and traceroute to PCs on the other
> >segments. Problem configuration points should be obvious.
> >
> >Tom Liotta
> >
> >midrange-l-request@xxxxxxxxxxxx wrote:
> >
> >>   RE: Need TCP-IP guru advice - 2 networks, 1 firewall
> >>
> >>
> >>I seem to remember at V4R5 that I was able to set data gram forwarding by
> >>line, and able to use the AS/400 as a passive router.  I have lost that
> >>ability, though I don't know how or why.
> >>
> >>Topology looks something like this:
> >>
> >>-----------------
> >>|                    |
> >>|  AS/400      |   TR Card 1 (172.24.1.1) --> PC's -->  Firewall
> >>(172.24.1.10) --> More PCs
> >>|                    |
> >>|                    |   TR card 2 (172.22.1.1)  -------> PC's
> >>(172.22.***.***)
> >>------------------
> >>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.