Pass through PPP link to AS/400 onto WWW

Yes, it is possible and can be done. However, there are many many steps of configuration must be config correctly in order for this to work. I'm going to list the step by step and hopefully I remember them all. 1) If your firewall is using either proxy or socks server, you need to know the IP address of that server and config your browser at home to use proxy or socks server instead of direct connect to Internet as the browser default. If you are using MS IE, make sure you select the correct dial-up setting to config. 2) Double check your PPP setup from the Operation Nav to make sure the TCP/IP Settings is using internal IP addresses for local and remote that are not being block by your firewall. And make sure the ALLOW IP FORWARDING is checked and no custom routing is config. 3) For your PC dial-up dun setup, make sure the checkbox is checked for Use Default Gateway on Remote Network in the TCP/IP settings. And if your do specify the name server address, make sure they are correct. It would best to let the server assigned the name server address. 4)On the AS/400 side, make sure the IP datagram forwarding is on (option 3 in CFGTCP). 5)Now, here is the tricky part - routing. make sure your AS/400 default route is pointed to your firewall. However, If you are using AS/400 firewall, this may not be the case. The default route IP address can be the virtual token ring IP address. If it is, just make sure you did setup the step 1 correctly. 6)Filter rules - make sure you have no AS/400's IP filter rules or firewall's rules that will stop you. Some companies that provide the remote access with 800 number probably have this restriction. 7) ??? Well, that all remember so far. Good luck. Shawn Fu

Pass through PPP link to AS/400 onto WWW

Thanks Shawn, I went through all your points and double-checked and still to no avail. The only thing I cannot check just yet is the firewall to see if it is filtering (your point 6). It is a third-party firewall so I'm going to have to check with them. I'll let you know. In checking all your suggestions, I came across settings on the AS/400 TCP an dwhat I found was: 1. Work with TCP/IP interfaces 1.1.1.52 255.255.255.0 ETHERNET *ELAN 127.0.0.1 255.0.0.0 *LOOPBACK *NONE 2. Work with TCP/IP routes[*]DFTROUTE *NONE 1.1.1.1 *NONE[*]DFTROUTE *NONE 1.1.1.254 *NONE 10. Work with TCP/IP host table entries 1.1.1.52 MyAS400 10.180.15.254 Firewall 127.0.0.1 LOOPBACK LOCALHOST The question I have is that there are now two default routes. The first one is a router that we use to connect to our parent company. The 254 default route is the firewall and is the primary route in the AS/400. Can you see if there is anything wrong with this setup? Cheers

Pass through PPP link to AS/400 onto WWW

Hi Carlo, Based on your TCP/IP routes, the default route definitely is the isuue. Assuming you have config all the default gateways in DUN and PPP and enable AS/400 IP datagram forwarding correctly, the flow of current TCP/IP traffic are as the followings: 1) From your PC at home, HTTP request is routed to AS/400. 2) The AS/400 is forwarding to your parent company router 1.1.1.1 since it is the first default route on the list and the other route is also define as *Normal TOS (Type of Service). 3) Your parent company receive the request then either deny it or drop it. Now, before you make any change to the default route, I strongly suggest you consult with your network architect or someone really understand your network. Otherwise, you may found some jobs or some clients at your parent company or your end suddenly having communication problem. The question you may want to ask the network architect is what IP addresses or ranges need to go thru this default route? If he or she can answer that, may be it can be config as the static route instead of default. Then make the firewall as the only default route to solve your issue. Shawn Fu

Pass through PPP link to AS/400 onto WWW

Shawn, Thanks once again. I changed the default route so that the firewall is the only route on the AS/400 - that is, I deleted the 1.1.1.1 route altogether (it was not necessary). I still cannot browse the web. It times out. I can, however, ping a known www ip address from my PC. I therefore reasoned that the routing is working (am able to ping) but that the DNS (the AS/400 I am connecting to) is unable to resolve addresses for the www. To solve this, I added the ip address of the firewall as the secondary DNS to my DUN (the primary must be the AS/400 since that is what I am - directly - connecting to). Unfortunately it still does not work (although I can still ping a www ip address). If you can figure this out, you're a better man than I !!

Pass through PPP link to AS/400 onto WWW

Carlo, How about if you enter the proxy ip address for your firewal in DNS? I'm thinking you need to enter the proxy, rather than the actual, firewall IP. Seems like I had to do this awhile back to be able to use SNDDST to send email to the outside world. My memory is a bit fuzzy on this, but I'm thinking this was the solution that worked for me.

Pass through PPP link to AS/400 onto WWW

OK! That is good sign since you can ping the outside world. You are heading the right direction - DNS. However, before we jump to conclusion of DNS. Try key in the this URL http://209.125.31.238 . If you can see my Web site, then everything is good except DNS. If this is the case, then back to step# 3. The primary DNS for your home pc dialup's DUN should be your internal DNS server IP address (assuming your internal DNS will forward any none authoritive query to your ISP DNS or your firewall split DNS). It should not be your AS/400 unless your AS/400 is config as DNS server. For secondary DNS, it should be your ISP DNS or your firewall split DNS just in case your internal DNS is down. If this is not the case, then look closely of your browser setup on step# 1. Let me know how it turns out. BTW, I don't know about better man, I just want to help. Good luck. Shawn Fu

Pass through PPP link to AS/400 onto WWW

Shannon, The firewall and proxy ip addresses are the same. Regards, Carlo

Pass through PPP link to AS/400 onto WWW

Shawn, I misread the situation. I cannot ping your website. The only external site I can ping is my ISP's dial-up address. I changed the DUN primary DNS from the AS/400 to the firewall which did not make any difference.

Pass through PPP link to AS/400 onto WWW

Carlo, When you said you can only ping your ISP's dial-up address, did you try to ping any other IP address other than my and your ISP? The reason that you could not ping my Web site is I have a filter rule to block ping. Try ping this one 209.125.31.225 see if you get any reply. As far as the DNS, do you have an internal DNS? If not, is your firewall has split DNS or relay DNS feature? If both of the answers are no, then your primary DNS should be your ISP DNS. To find out for sure, take a look at one of your PC at work that has no problem to access Internet. From that PC, clicks START->RUN->then type WINIPCFG. From the popup window, select the PC LAN card, not the PPP, then click MORE INFO. Whatever the DNS IP addresses show there, you should use them as your primary and secondary DNS for your home PC. If you can ping and the DNS is correct, you should be able to browse. If not, then the next one to look into is your firewall. BTW, what type of firewall are you using? Shawn Fu

Pass through PPP link to AS/400 onto WWW

Shawn, I can ping 209.125.31.225 and other external addresses but I cannot browse. I changed the DUN so that both the primary and secondary DNS are now the firewall (as it is at work with WINIPCFG) and not the AS/400. When I connected to the AS/400 after changing the DUN, I ran WINIPCFG on my (home) PC and it is showing a DNS address of the AS/400 and not the firewall! How can this be so? Is it a configuration issue on the AS/400? I'm not certain of the set-up of the firewall - whether DNS is internal or relayed - but it is a linux box with (apparantly) a standard DNS, DHCP server. Regards, Carlo

Pass through PPP link to AS/400 onto WWW

Hi Carlo, I think you are almost there. At this point, routing is no longer an issue. However, can you browse by IP address instead of name? For example, instead of typing http://www.xyz.com in your browser URL, type http://209.125.31.238. Do you see anything? If you can browse this way, you are having DNS issue for sure. Before we focus on DNS, one thing that I still not clear about your firewall is - does it act as proxy, DNS, DHCP, and firewall all in one box with the same IP address? If that is the case, how is your browser setup? direct connect to the Internet or using proxy? Now, DNS. Clearly, your PC DNS config got changed after connected to AS/400 is an issue, and I don't know why. For work-around solutions, you can set the AS/400 up as your secondary DNS server (you need the backup DNS anyway and AS/400 is probably better than Linux's DNS). If that is not feasible, try to change your AS/400 TCP/IP setting to use your Linux as the remote DNS server and see whether it makes any different. Shawn Fu

Pass through PPP link to AS/400 onto WWW

Shawn, Yes, the firewall box is doing everything (proxy, DNS, DHCP, firewall and mailer daemon) all with the same IP address. My browser at work has the ip address of the firewall (et al) for its proxy with a port number added. I'll try to set up the AS/400 as the secondary DNS server and see what happens. I'll get back to you on this. Carlo

Pass through PPP link to AS/400 onto WWW

I've now set up the AS/400 as the secondary DNS server (I think I got it right) but it did not change anything. When I connect to the AS/400 from home my DNS in WINIPCFG shows the AS/400 as the DNS and I can ping external adresses but I cannot browse them. Carlo

Pass through PPP link to AS/400 onto WWW

I have created a PAP connection between my home PC and my AS/400 at work and all is fine since I can do a lot of after hours work. Our network includes an AS/400, a linux box which is the DHCP server, pop server and firewall for our permanent 64k connection to our SIP. The rest of our network is made up of W98 PC's and some printers all in a peer-to-peer set up. By way of example, we can send spooled files via email from the AS/400 (using Gumbo software) through our pop server to the outside world - it works beautifully. But, what I'd like to do is to connect to the AS/400 from home (using dial-up) and, since the AS/400 is on the network and can see' the firewall, pass through' it to the firewall and onto the Internet so I can browse the web from home. A thirty-cent local call to work is cheap when one has a permanent connection at work to the SIP! I've looked at some articles in the MC and IBM forums but nothing covers this specific set-up. Does anyone know if it is at all possible? I'd appreciate it. Carol Vii