冰峰雪晴

Changing TCP/IP Application Port Numbers on IBM i

时间：2016-06-16 ┊ 阅读：4,490 次 ┊ 标签: 分享 , 系统 , 配置

Last week I was faced with a situation in which I needed one of my training customers to be able to access my IBM i for Telnet access for an upcoming hands-on System i technical training class. If they couldn't access the system, there wouldn't be any hands-on labs, which was not an acceptable situation.

The problem was that this person's network security firewall policy blocks all traffic on port 23. This isn't unusual, but port 23 is the standard port used for Telnet workstation access. No port 23 access equals no IBM i Telnet access for students. Another problem arose in that I was blocked myself from port 2001(the HTTP admin port), so I couldn't configure SSL for Telnet, which uses port 992. This would have been acceptable to the customer's security team, but I was blocked.

I was told that if I changed my IBM i Telnet port from 23 to 22, that would be acceptable to the security team. So that's what I did, from my hotel room late that night.

Before attempting to change the Telnet port, I needed to make sure I wouldn't lock myself out of the system and make a bad situation worse. Because I was changing Telnet, I needed to make sure I had an alternate access method to make configuration changes using some avenue other than Telnet, in case I broke Telnet. I decided on using the remote command server as my backup access method.

You can send CL commands to the IBM i through the remote command server. The client software is accessible using the PC command RMTCMD from a PC loaded with IBM's System i Access for Windows. (Go to a Windows command prompt[Start>CMD].) The PC executable is named RMTCMD.exe.

The RMTCMD.exe command has the following basic syntax:

RMTCMD CL-Command //IP-Address or System-Name

The //IP-Address is optional. If you only connect to one system, you can omit the directive.

Changing the TELNET Port Number

From the IBM i command line, you can use the command Work with Service Table Entries (WRKSRVTBLE) to view the current port numbers used for TCP/IP services. Using this command I noticed that the Telnet server was set for port 23 for both tcp and udp protocols, as shown here:

Work with Service Table Entries System: CILASOFT
Type options, press Enter.
1=Add 4=Remove 5=Display
Opt Service Port Protocol
telnet 23 tcp
telnet 23 udp
telnet-ssl 992 tcp
tftp 69 tcp
tftp 69 udp
time 37 tcp
time 37 udp
wbem-exp-https 5990 tcp
wbem-exp-https 5990 udp
wbem-http 5988 tcp
wbem-http 5988 udp
More... Parameters for options 1 and 4 or command
===>
F3=Exit F4=Prompt F5=Refresh F6=Print list F9=Retrieve F12=Cancel F17=Top F18=Bottom

Having a udp port assignment didn't make much sense to me because Telnet runs over tcp, but I wanted to make sure I wasn't missing something, so I configured the new port 22 for both tcp and udp using the following commands:

Add the entries to set Telnet to use Port 22 for tcp and udp
ADDSRVTBLE SERVICE('telnet') PORT(22) PROTOCOL('tcp') TEXT('Customized Telnet') ALIAS('TELNET' 'Telnet') ADDSRVTBLE SERVICE('telnet') PORT(22) PROTOCOL('udp') TEXT('Customized Telnet') ALIAS('TELNET' 'Telnet')
Remove the old entries that set Telnet to use Port 23 for tcp and udp
RMVSRVTBLE SERVICE('telnet') PORT(23) PROTOCOL('udp') RMVSRVTBLE SERVICE('telnet') PORT(23) PROTOCOL('tcp')
I then needed to stop and restart the Telnet server for the port change to take effect.

Using the remote command facility, I then ended and restarted the Telnet server:

RMTCMD ENDTCPSVR *TELNET RMTCMD STRTCPSVR *TELNET
I configured my Telnet client to use the new port 22 and all was right with the world. The students could now connect to the system using the approved port number 22. When this class is over, I'll surely set Telnet back to port 23.

Caution: Before changing any port on your production system, I encourage you to test, test, and then test again on a test or development system. And always make sure you have a way to change the settings back to the original settings in case of unexpected results.

本文固定链接: https://www.amkevin.com/86.html｜冰峰雪晴｜转载请注明出处,谢谢