IBM AS/400e Computer Hardware User Manual


 
12 Use IP datagram forwarding to forward IP datagrams that come from a
remote host, but are not meant for the local IP address.
The default is N (No). Datagrams from the remote system that are not
destined for this address are discarded.
Note: You can disable datagram forwarding for all TCP/IP interfaces on this
system by using the command CHGTCPA IPDTGFWD(*NO). When
you do this, the value set in configuration profiles is ignored, and no
IP datagrams are forwarded. Once a remote system is connected to
AS/400 and the user signs on to AS/400 using TELNET or FTP, then
the user can access the other systems in the network that is
connected to this AS/400 system. The user has access because the
interface address for the user is now from this AS/400 system and
not from the original remote client.
To determine the current value for system datagram forwarding, enter
CHGTCPA and press F4. The AS/400 prompter will show the current value
for the parameter.
For information about security for AS/400 support of the SLIP protocol, see
the
Tips and Tools for Securing Your AS/400
book.
PING-ing your local IP address:
After establishing a point-to-point connection
with a remote system, it is typical to try to PING both the remote and local IP
addresses defined for the connection. This is done to ensure the connection to the
remote system is actually operational. If the connection is complete, the PING to
the remote IP address should complete successfully. However, a PING to your local
IP address may or may not work, depending on whether the remote system
forwards IP datagrams or not.
When a PING is done on a local IP address for point-to-point links such as SLIP,
X.25, and so on, the PING ECHO request will actually leave the local system and
travel to the remote system. The remote system will then look at the PING ECHO
request and determine that the PING address is not its own. If the remote system is
capable of forwarding IP datagrams, it will resend the PING ECHO request back out
over the point-to-point link to the local system. When the local system receives the
PING ECHO request, it determines that the PING address is its own and replies
back with a PING ECHO reply completing the PING request. However, if the remote
system does not do IP datagram forwarding, then a PING of your local IP address
will not work since the PING ECHO request will be thrown out.
PING time metrics will normally show that a PING to the local IP address takes
twice as long to complete as a PING to the remote IP address because all PING
requests to the local address have to travel through the remote system first.
System Access Authorization List:
13 Enter the name of an AS/400 authorization list if you want to allow only the
user profiles that are specified in the authorization list to connect to this
AS/400 from a remote system over SLIP.
Note: If ’Use connection dialog script’ (see “Use Connection Dialog Script”
on page 145) is set to N (No), you must set the system access
authorization list to *NONE. Authorization list checking is only done
as part of a connection dialog script.
146 OS/400 TCP/IP Configuration and Reference V4R4