Discussion:
AS400 Remote Access help
(too old to reply)
Ken Pate
2005-11-25 16:03:09 UTC
Permalink
I need a little help...

The boss just gave me a 9406-170 with V5R2 (after a major upgrade).

I have it at home, wired into a Linksys WRT54G wireless router.

I can connect to the 400 from anywhere in the house, trouble is, I need
remote access while traveling.

Can someone point in me the direction to get this 400 to see the internet?

I am on Verizon DSL. I have an IP address that changes about 3-4 weeks.

Thanks
Angus
2005-11-25 16:10:31 UTC
Permalink
Post by Ken Pate
I need a little help...
The boss just gave me a 9406-170 with V5R2 (after a major upgrade).
I have it at home, wired into a Linksys WRT54G wireless router.
I can connect to the 400 from anywhere in the house, trouble is, I need
remote access while traveling.
Can someone point in me the direction to get this 400 to see the internet?
I am on Verizon DSL. I have an IP address that changes about 3-4 weeks.
Thanks
Set-up your router to open and forward port 23 (and maybe others if you
want full iSeries Access for Windows functionality) to the
internal(private) IP address you've given the 400.

You may also want to check if your router supports the dyndns or similar
service that will allow you to use a dns name to connect to the 400 from
anywhere on the Internet regardless of how often your IP address changes.

Angus
Ken Pate
2005-11-25 18:06:19 UTC
Permalink
Thanks Angus,

That took all of 2 minutes & I can see the AS400 outside of my LAN!!!!

Data Transfer...does that run off port 23 as well??

WOOOHOOO!
Post by Angus
Post by Ken Pate
I need a little help...
The boss just gave me a 9406-170 with V5R2 (after a major upgrade).
I have it at home, wired into a Linksys WRT54G wireless router.
I can connect to the 400 from anywhere in the house, trouble is, I need
remote access while traveling.
Can someone point in me the direction to get this 400 to see the internet?
I am on Verizon DSL. I have an IP address that changes about 3-4 weeks.
Thanks
Set-up your router to open and forward port 23 (and maybe others if you
want full iSeries Access for Windows functionality) to the
internal(private) IP address you've given the 400.
You may also want to check if your router supports the dyndns or similar
service that will allow you to use a dns name to connect to the 400 from
anywhere on the Internet regardless of how often your IP address changes.
Angus
René H. Hartman
2005-11-25 19:14:24 UTC
Permalink
Nope. And you should not really run plain Telnet over the internet
either. Does your router support Dynamic DNS? Then take a free dyndns
account (www.dyndns.org) and configure that into your router. That way,
when your WAN IP changes, therouter will update dyndns, and you can keep
accessing your LAN through your chosen dyndns domain name, even with
changing IP addresses. For secure access, you'd better set up an SSH
server, but that requires a PC (Windos, Linux) or Mac (OS X) to be
powered up all the time. To have a native SSH server on your 170, yoŽ'd
need V5R3, and there's porbably no chance you'll get that, unless the
box is currently still under maintenance (maybe it hasn0t run out yet,
in that case get your V5R3 and licences order in quick).

With SSH, you can run everything securely through the SSH tunnel on port
22. SFTP (Secure FTP) is then supported as well. And of course, you can
map all your Client Access ports through SSH.
--
Best regards,

René H. Hartman
www.hac-maarssen.nl
Post by Ken Pate
Thanks Angus,
That took all of 2 minutes & I can see the AS400 outside of my LAN!!!!
Data Transfer...does that run off port 23 as well??
WOOOHOOO!
Post by Angus
Post by Ken Pate
I need a little help...
The boss just gave me a 9406-170 with V5R2 (after a major upgrade).
I have it at home, wired into a Linksys WRT54G wireless router.
I can connect to the 400 from anywhere in the house, trouble is, I need
remote access while traveling.
Can someone point in me the direction to get this 400 to see the internet?
I am on Verizon DSL. I have an IP address that changes about 3-4 weeks.
Thanks
Set-up your router to open and forward port 23 (and maybe others if you
want full iSeries Access for Windows functionality) to the
internal(private) IP address you've given the 400.
You may also want to check if your router supports the dyndns or similar
service that will allow you to use a dns name to connect to the 400 from
anywhere on the Internet regardless of how often your IP address changes.
Angus
Ken Pate
2005-11-26 20:23:09 UTC
Permalink
René,

I set up an account with dyndns. From a remote location, I can use Mocha to
connect to my home 400, but CA times out. They are both using port 23. Any
ideas what the problem could be?
Post by René H. Hartman
Nope. And you should not really run plain Telnet over the internet
either. Does your router support Dynamic DNS? Then take a free dyndns
account (www.dyndns.org) and configure that into your router. That way,
when your WAN IP changes, therouter will update dyndns, and you can keep
accessing your LAN through your chosen dyndns domain name, even with
changing IP addresses. For secure access, you'd better set up an SSH
server, but that requires a PC (Windos, Linux) or Mac (OS X) to be
powered up all the time. To have a native SSH server on your 170, yoŽ'd
need V5R3, and there's porbably no chance you'll get that, unless the
box is currently still under maintenance (maybe it hasn0t run out yet,
in that case get your V5R3 and licences order in quick).
With SSH, you can run everything securely through the SSH tunnel on port
22. SFTP (Secure FTP) is then supported as well. And of course, you can
map all your Client Access ports through SSH.
--
Best regards,
René H. Hartman
www.hac-maarssen.nl
Post by Ken Pate
Thanks Angus,
That took all of 2 minutes & I can see the AS400 outside of my LAN!!!!
Data Transfer...does that run off port 23 as well??
WOOOHOOO!
Post by Angus
Post by Ken Pate
I need a little help...
The boss just gave me a 9406-170 with V5R2 (after a major upgrade).
I have it at home, wired into a Linksys WRT54G wireless router.
I can connect to the 400 from anywhere in the house, trouble is, I
need
Post by Ken Pate
Post by Angus
Post by Ken Pate
remote access while traveling.
Can someone point in me the direction to get this 400 to see the internet?
I am on Verizon DSL. I have an IP address that changes about 3-4
weeks.
Post by Ken Pate
Post by Angus
Post by Ken Pate
Thanks
Set-up your router to open and forward port 23 (and maybe others if
you
Post by Ken Pate
Post by Angus
want full iSeries Access for Windows functionality) to the
internal(private) IP address you've given the 400.
You may also want to check if your router supports the dyndns or
similar
Post by Ken Pate
Post by Angus
service that will allow you to use a dns name to connect to the 400
from
Post by Ken Pate
Post by Angus
anywhere on the Internet regardless of how often your IP address
changes.
Post by Ken Pate
Post by Angus
Angus
René H. Hartman
2005-11-26 21:58:59 UTC
Permalink
Yes. Client Access uses far more ports than just telnet. Mocha only uses
telnet, like the free Symtrax client (which I like a lot). Client Access
connects to the Client Access product on the AS/400, checks licenses and
such. There's a list of ports that I dont have handy, but if you do a
cwbping, it'll tell you the ports it's trying to connect to (cwbping is
what's called when you press the ' verify connection' button when
configuring a new connection). Minimum ports for Client Access 5250 are
telnet (23) and the logon server (see cwbping results). Maybe even more,
but I think these two should do it. File transfer is yet another port.

For all internet access you have to bear in mind that data flows in
clear text, unless you use a secure protocol, like SSL. There are quite
some parties scanning the net, and while AS/400 may lock an account
after 3 (default) attempts, it may disable your access to the box. Hence
my plea for SSH, used with private/public key authentication (as opposed
to password authentication) which is _much_ more secure and allows you
to run all your AS/400 ports with only one open port (22) in your
firewall, through SSH port mapping. Plus, if you happen to run a
Unix/Linux box as well (makes a great SSH server) you can use
X-forwarding to run your X applications remotely as well, through that
same, secure tunnel.

As I mentioned, it's worth finding out whether or not there's still
maintenance on the box, as that may get you the OS and all currently
licensed products for that box on V5R3 for free. Get the latest CUM at
the same time. I run my 170 with V5R3 and the native SSH server
(AIX-PASE, requires V5R3) and just downloaded the 5799-PTL product,
which works from V4R5 up and offers VNC (among other things, again from
PASE). Even if you don't plan on upgrading just yet, get the software
while you still can, if software maintenance hasn't expired yet.
--
Best regards,

René H. Hartman
www.hac-maarssen.nl
Post by Ken Pate
René,
I set up an account with dyndns. From a remote location, I can use Mocha to
connect to my home 400, but CA times out. They are both using port 23. Any
ideas what the problem could be?
Post by René H. Hartman
Nope. And you should not really run plain Telnet over the internet
either. Does your router support Dynamic DNS? Then take a free dyndns
account (www.dyndns.org) and configure that into your router. That way,
when your WAN IP changes, therouter will update dyndns, and you can keep
accessing your LAN through your chosen dyndns domain name, even with
changing IP addresses. For secure access, you'd better set up an SSH
server, but that requires a PC (Windos, Linux) or Mac (OS X) to be
powered up all the time. To have a native SSH server on your 170, yoŽ'd
need V5R3, and there's porbably no chance you'll get that, unless the
box is currently still under maintenance (maybe it hasn0t run out yet,
in that case get your V5R3 and licences order in quick).
With SSH, you can run everything securely through the SSH tunnel on port
22. SFTP (Secure FTP) is then supported as well. And of course, you can
map all your Client Access ports through SSH.
--
Best regards,
René H. Hartman
www.hac-maarssen.nl
Post by Ken Pate
Thanks Angus,
That took all of 2 minutes & I can see the AS400 outside of my LAN!!!!
Data Transfer...does that run off port 23 as well??
WOOOHOOO!
Post by Angus
Post by Ken Pate
I need a little help...
The boss just gave me a 9406-170 with V5R2 (after a major upgrade).
I have it at home, wired into a Linksys WRT54G wireless router.
I can connect to the 400 from anywhere in the house, trouble is, I
need
Post by Ken Pate
Post by Angus
Post by Ken Pate
remote access while traveling.
Can someone point in me the direction to get this 400 to see the internet?
I am on Verizon DSL. I have an IP address that changes about 3-4
weeks.
Post by Ken Pate
Post by Angus
Post by Ken Pate
Thanks
Set-up your router to open and forward port 23 (and maybe others if
you
Post by Ken Pate
Post by Angus
want full iSeries Access for Windows functionality) to the
internal(private) IP address you've given the 400.
You may also want to check if your router supports the dyndns or
similar
Post by Ken Pate
Post by Angus
service that will allow you to use a dns name to connect to the 400
from
Post by Ken Pate
Post by Angus
anywhere on the Internet regardless of how often your IP address
changes.
Post by Ken Pate
Post by Angus
Angus
Chuck Ackerman
2005-11-28 15:39:00 UTC
Permalink
Ken,

Here's another alternative...

Create a free account at www.logmein.com. This will allow you to log into,
and take over, one of the PCs on your home LAN. Then you can use the AS/400
the same way you would from one of your home PCs. The benefit is that you
can do more than just AS/400 by utilizing LogMeIn.

chuck
Opinions expressed are not necessarily those of my employer.
Post by Ken Pate
I need a little help...
The boss just gave me a 9406-170 with V5R2 (after a major upgrade).
I have it at home, wired into a Linksys WRT54G wireless router.
I can connect to the 400 from anywhere in the house, trouble is, I need
remote access while traveling.
Can someone point in me the direction to get this 400 to see the internet?
I am on Verizon DSL. I have an IP address that changes about 3-4 weeks.
Thanks
Ken Pate
2005-11-29 01:38:20 UTC
Permalink
I have been using logmein.com for quite a while.

I just need to transfer files back & forth from/to work. I found all the
ports that needed to be opened, pass protected them and I am all set.

Thanks everyone for all of the help.
Post by Chuck Ackerman
Ken,
Here's another alternative...
Create a free account at www.logmein.com. This will allow you to log
into, and take over, one of the PCs on your home LAN. Then you can use
the AS/400 the same way you would from one of your home PCs. The benefit
is that you can do more than just AS/400 by utilizing LogMeIn.
chuck
Opinions expressed are not necessarily those of my employer.
Post by Ken Pate
I need a little help...
The boss just gave me a 9406-170 with V5R2 (after a major upgrade).
I have it at home, wired into a Linksys WRT54G wireless router.
I can connect to the 400 from anywhere in the house, trouble is, I need
remote access while traveling.
Can someone point in me the direction to get this 400 to see the internet?
I am on Verizon DSL. I have an IP address that changes about 3-4 weeks.
Thanks
Continue reading on narkive:
Loading...