If you don't host your own domain how do you get to your i5?
Do you use your own Domain.com to get to your i5.
When you ping your own Domain.com is that the same IP address in your Sonicwall WAN
IP that is forwarding to you local IP on the i5?

What do you use to normally get to your i5? Is it System i Access? Do you use the
Domain.com or do you use an IP address?

Gary

On 9 Mar 2014 at 22:01, Bob (Bob Cagle <midrange-l@xxxxxxxxxxxx>) commented about
RE: New public IP address not working:

The Sonicwall is a TZ 215.

My policies aren't in the same exact order as yours, but I do have those
polices - except I am not limiting the i5 by port - I'm allowing 'any'
service.

I also have additional rules for our main windows server - which are working
fine. I can RDP into the server no problem, which is what makes this i5 issue
so frustrating.

p.s. if I ping our Domain.com, I will get our web hosts IP address - we don't
host our own domain.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx]
On Behalf Of Gary Kuznitz
Sent: Sunday, March 9, 2014 1:09 AM
To: Midrange Systems Technical Discussion
Subject: Re: New public IP address not working

What model Sonicwall do you have?

On the Sonicwall do you have in Nat Policies:
1st policie
Source Original = Firewalled Subnets
Translated = Wan Primary IP
Destination Original = Wan Primary IP
Translated = Local IP of i5
Service Original = Ports 23, 446-447, 449, 5555, 8470-8480 Translated =
Original Interface Inbound = Any Outbound = Any

2nd policie
Source Original = Local IP of i5
Translated = Wan Primary IP
Destination Original = Any
Translated = Original
Service Original = Ports 23, 446-447, 449, 5555, 8470-8480 Translated =
Original Interface Inbound = Any Outbound = X1

3rd policie
Source Original = Any
Translated = Original
Destination Original = Wan Primary IP
Translated = Local IP of i5
Service Original = Ports 23, 446-447, 449, 5555, 8470-8480 Translated =
Original Interface Inbound = X1 Outbound = Any

In your Firewall Access Rules do you have:
Source = Any
Destination = Wan Primary IP
Service = Ports 23, 446-447, 449, 5555, 8470-8480 Action = Allow Users = All
Enable = Checked

If you ping YourDomain.com do you get your new wan IP?
How long has it been since you changed your wan IP zone records?

Gary

On 8 Mar 2014 at 21:25, Jim (Jim Essinger <midrange-l@xxxxxxxxxxxx>) commented
about Re: New public IP address not worki:

May not be the case but I've seen issues where the remote IP scheme is
192.168.1.nnn and the network that the IBM i is on is 192.168.1.nnn.
When that has been the case the two networks can't talk.

Jim
On Mar 8, 2014 5:10 PM, "Bob Cagle" <bcagle@xxxxxxxxxxx> wrote:

First off, I'm a one-man IT shop, and networking is NOT my
specialty, AND my normal network consultant is busy dealing with
another customer's emergency already - so I'm grasping at straws here:

My ISP just assigned me a block of new IP addresses with our latest
upgrade, so I had to assign a new public IP for the System i.

Made the changes to the firewall, and thought all was well; all I
had to do was change the public IPs from old to new - but now I'm
unable to connect to the System i remotely.

You would think this would be a firewall issue, but I've poured over
this Sonicwall and all the routing looks correct to me. I've even
confirmed with the ISP that the IP is routed correctly on their end.

Is there any TCP setting on the i that would be related to a public
IP address? I've gone through the CFGTCP options and all I see is
the local IP and domain referenced. (I'm able to connect to my
desktop remotely via
TeamViewer)

Thanks

Bob Cagle
IT Manager
Lynk, Inc.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To
post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or
change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment
to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.