IBM SC41-5420-04 manual TCP/IP Port Restriction, Dftroute None

Page 76

a specific route defined. The system allows up to eight default routes, but each route must have a unique next hop value.

An example of a multiple route table can be found in Figure 54.

Work with TCP/IP Routes

 

 

 

 

System: SYSNAM003

Type options, press Enter.

 

 

1=Add

2=Change

4=Remove 5=Display

 

 

 

Route

Subnet

Next

Preferred

Opt

Destination

Mask

Hop

Interface

_

______________

______________

______________

 

_

*DFTROUTE

*NONE

9.4.73.193

*NONE

_

*DFTROUTE

*NONE

9.4.73.197

*NONE

_

*DFTROUTE

*NONE

9.4.73.196

*NONE

_

9.4.70.0

255.255.255.0

9.4.73.194

*NONE

_

9.4.70.0

255.255.255.0

9.4.73.195

*NONE

_

9.4.70.0

255.255.255.0

9.4.73.198

*NONE

 

 

 

Bottom

F3=Exit

F5=Refresh

F6=Print list

F10=Work with IP over SNA routes

F11= Display type of

service F12=Cancel

F17=Top F18=Bottom

Figure 54. Work with TCP/IP Routes Display

TCP/IP Port Restriction

TCP and UDP protocols use ports to identify a unique origin or destination of communication with an application. Each port is assigned a small integer. You can configure port information if you want to restrict the use of a TCP or UDP port to one or more user IDs.

The range of port numbers is from 1 to 65535. However, ports 0-1023 are reserved as well-known port numbers, which are controlled and assigned by the Internet Assigned Numbers Authority (IANA). Only those applications that have been assigned one of these ports should use a number within this range. Refer to the current Assigned Numbers RFC for a list of the port assignments.

Because this range of port numbers, 0-1023, is reserved for the well-known ports, they should not be used by user application programs because it could affect the operation of TCP/IP. For example, restricting the use of ports 21, 23, or 25, prevents other users from using FTP, TELNET, or SMTP, respectively.

The iSeries Add TCP/IP Port Restriction (ADDTCPPORT) command allows you to restrict usage of a single port or a range of ports to a particular iSeries user profile.

Restricting ports is like allocating ports to a specific user profile. When a socket application issues the bind() system call, or when a TCP/UDP Pascal API application issues a call to the TcpOpen, TcpWaitOpen, or UdpOpen function, the job’s user profile is checked against the list of user profiles that are associated with

62OS/400 TCP/IP Configuration and Reference V5R1

Image 76
Contents TCP/IP Configuration and Reference Page TCP/IP Configuration and Reference Fifth Edition May Contents Index About TCP/IP Configuration and Reference SC41-5420 Vi OS/400 TCP/IP Configuration and Reference V5R1 Prerequisite and related information Operations NavigatorViii OS/400 TCP/IP Configuration and Reference V5R1 Page OS/400 TCP/IP Configuration and Reference V5R1 Summary of changes Xii OS/400 TCP/IP Configuration and Reference V5R1 Configuring TCP/IP What you need to know before you can configure TCP/IPPlanning for TCP/IP Installation and Configuration Gathering Information About your NetworkTCP/IP Planning Checklists Line Description Parameters ChecklistLocal TCP/IP Host Information Checklist Interfaces to Local TCP/IP NetworksInstalling the TCP/IP Application Programs 25 / Remote System InformationUsing the TCP/IP Administration Menu TcpadmUsing the Configure TCP/IP Menu Configure TCP/IP Menu CfgtcpConfiguring TCP/IP using the EZ-Setup Wizard Configuring TCP/IP using the Command Line InterfaceServices table Protocol tableConfiguring a Line Description Configuring a TCP/IP InterfaceImportant Note Internet addressSubnet mask Line descriptionAssociated local interface Automatic startConfiguring TCP/IP Routes Do you need to add routes at all?Route destination Maximum Transmission Unit MTU sizeAdding TCP/IP routes Preferred binding interfaceDftroute None Normal Multiple Default RoutesNO, *YES Configuring TCP/IP attributes Configuring TCP/IP Remote System InformationIP Datagram Forwarding Adding Remote System InformationNone NONE, *REQUEST, *ACCEPT PVCLind 15, *LIND, *TRANSMIT Configuring TCP/IP Host Table Entries Adding an Entry to the Host TableWork with TCP/IP Host Table Display Macian BernDNS Loopback SYSNAM890Localhost Configuring the Local Domain and Host Name AnyNet/400 Appc over TCP/IPDomain Name System DNS Server LocalStarting TCP/IP and TCP/IP Servers Dspmsg Qsysopr Dspmsg QtcpTCP/IP Jobs Job Name DescriptionVerifying the TCP/IP Connection End TCP/IP EndtcpVerifying Additional TCP/IP Connections Successful Ping MessagesVerify TCP/IP Connection Verify TCP/IP Connection VfytcpcnnVerifying TCP/IP Connections with Host Name-Example Verify TCP/IP Connection PingVERBOSE, *QUIET COMP, *ESCAPESaving Your TCP/IP Configuration Verifying TCP/IP Connections with Internet Address-ExampleConfiguring TCP/IP 32 OS/400 TCP/IP Configuration and Reference V5R1 Network Status Work with TCP/IP Network Status MenuWork with TCP/IP Interface Status Work with TCP/IP Network StatusWork with TCP/IP Interface Status Internet Network LineOpt Address Mask Service Starting TCP/IP InterfacesInternet Subnet Type MaxthrputEnding TCP/IP Interfaces Display TCP/IP Route Information Display TCP/IP Route InformationRoute Subnet Next Opt Destination Mask Hop Available Route Type Opt Destination Service Work with TCP/IP Connection StatusType Source BottomRemote Local Opt Address Port Idle Time State Work with TCP/IP Connection StatusRemote Local Opt Address Port User Bytes Out Ending TCP/IP Connections ALLRemote Local Opt Address Port Type TCPWorking with Configuration Status Confirm End of TCP/IP ConnectionsDisplaying TCP/IP Network Status Information Display Multicast GroupsOpt Description Status Job Trnline Active Trnlinet Trnlitcp QtcpipDisplay Multicast Host Groups Displaying TCP/IP InterfacesHost Group Hardware Address Displaying Associated Routes Display TCP/IP Interface StatusTrlan MSBDisplay Associated Routes Displaying Route Details OptionRoute Subnet Next Opt Destination Mask Hop Display TCP/IP Route Details Displaying TCP/IP Route InformationDirect Display TCP/IP Route Information, Display 1 Displaying TCP/IP Connections Display TCP Connection StatusDisplaying Connection Totals Display TCP/IP Connection Status, Display 2TCP/IP Host Tables Display TCP/IP Connection TotalsManaging TCP/IP Host Tables Host File FormatsHost Table Information with *AIX Files Host Table Information with *NIC FilesMerging TCP/IP Host Tables Tips for Merging Host TablesHost Table Information with *AS400 Files Managing the Host Table from a Central Site Merge the File Negative Advice from TCP or the Data Link Layer Dead Gateway ProcessingHow IP Responds to Negative Advice Multihoming FunctionMultihoming Single Host, Single Network, Single Line Per physical LAN only Example The Multihoming function Multihoming TCP/IP NetworkX25LINE Type of Service TOSLoopback None Multiple Routes TOS ExampleTCP/IP Port Restriction Configuring TCP/IP Port Restrictions PaoloOnly UDP, *TCPGerry Configure Related Tables Menu Related Tables and the Host TableWork with Service Table Entry Display Using X.25 PVC instead of SVC IBMMulticast Restrictions Chglintrn Lindtrnline FCNADRC00000040000 70 OS/400 TCP/IP Configuration and Reference V5R1 TCP/IP Jobs Base Pool SizeTCP/IP Protocol Support Provided by IOP Outbound batching of TCP and UDP datagrams Merge Host Table Performance Running TCP/IP Only Performance Considerations74 OS/400 TCP/IP Configuration and Reference V5R1 Line type Configuration command Configuration Steps Source Service Access PointCreating the Line Description Line Description NameSetting the Maximum Transmission Unit Determining the Maximum Size of Datagrams78 OS/400 TCP/IP Configuration and Reference V5R1 Appendix B. TCP/IP Application Exit Points and Programs TCP/IP Exit Points and Exit ProgramsOS/400 Registration Facility TCP/IP Application Exit PointsCreating Exit Programs Adding Your Exit Program to the Registration FacilitySelect your exit point QAPP0100Select the Add Exit Program option Add your exit programRemoving Exit Programs YourlibExit Point Interfaces for TCP/IP Application Exit Points TCP/IP Application Request Validation Exit Point InterfaceRequired Parameter Group Application identifierOperation identifier User profileRemote IP address Length of remote IP addressLength of operation-specific information Usage NotesAllow operation QSYS.LIB file system pathnames are always in uppercase Length of command string Command stringPoint Command processor identifier Character conversion optionQshell interpreter not installed 92 OS/400 TCP/IP Configuration and Reference V5R1 Copyright IBM Corp Programming Interface Information TrademarksDB2 96 OS/400 TCP/IP Configuration and Reference V5R1 Index Special Characters Interface Qtgtelnets Qtsmtpsrvr Page SC41-5420-04