Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


can an iSeries vsr1 shares a website with two different subnest?

Posted on 2014-12-11
Medium Priority
Last Modified: 2014-12-17
here is how my scenario is:

I have two subnets:  192.168.3.x  &  192.168.150.x

when I access the website from 150.x there is no problem.    When I tried to access the website from 3.x, it wouldn't go.   My objective is to ensure both 150.x and 3.x users can access the site.  

the website is originally created and reside on 150.x
Question by:mwauki
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 3
LVL 57

Expert Comment

ID: 40496809
From a host on the 192.168.3.x subnet can you ping the IP address of the iSeries?

From the iSeries can you ping a host on the 192.168.3.x subnet?

Do you have a router between the two subnets?
LVL 35

Expert Comment

by:Gary Patterson
ID: 40496923
Short answer is "yes", of course.  Web servers communicate with client computers on other networks - even networks across the world from each other - every second of every day.

When two hosts on different networks need to communicate via IP, they each need to be able to find a route to each other.  Since they apparently reside on different subnets (I'm just assuming these are class C subnets, since you didn't tell us), you'll need some device serving as a router between these two networks, and the client and the host each need to know to forward traffic destined for the other network to that router.

So for example:

-- Either needs a default route set to (default gateway)
-- Or a static route configured for 192.168.3.x via

   Router1 Interface1 -
   Router1 Interface2 -

-- either needs a default route set to (default gateway)
-- Or a static route configured for 192.168.150.x via

Sometimes the problem is as simple as one of the systems not having a default gateway configured.  When this is the case, the host can communicate with other hosts on the same subnet, but nothing else.

Suggest you post the following:

Blank out left two octets of any public addresses, but leave private addresses alone.

iSeries CFGTCP option 1
iSeries CFGTCP option 2

Same information from client - IP address, subnet mask, default gateway, static routes.

Also, determine if the default gateway on each system is pointing to the same router, or to different routers.  You may need some help from a network admin to make this determination if you aren't familiar with the network configuration.

Author Comment

ID: 40497084
giltjr, yes, both subnets can ping each other no problem.  and yes, two routers between the two subnets. router1 with 3.x and router2 with 150x.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

LVL 35

Expert Comment

by:Gary Patterson
ID: 40497155
Subnets don't ping anything. Hosts ping other hosts.  

The question is, can the client ping the server, and can the server ping the client?  If so, then both are configured properly to route traffic to each other, and your problem is elsewhere.  For example, perhaps there is a firewall that is blocking TCP port 8- between the two hosts.

Author Comment

ID: 40497170
thanks Gary.  reading your entry made me realize I didn't put the whole detail in.
this is the details of what I have:

pc1@ router1 192.168.3.x, pc2@ 192.168.4.x  & iseries (server)@ router3 192.168.150.x with multiple NIC.

Pc1 & Pc2 are connected via vpn tunnel.   objective is to have pc1&pc2  access website on iSeries.

I didn't want to create a vpn between iseries and pc1 & pc2.   so what I did was, use one of the nics on the iseries to connect to router1 (192.168.3.x).  Now the iseries has two nics with two different subnets (192.168.3.x (nic2), 192.168.150.x (nic1).

given that iseries is now on 3.x, I am able to ping iseries from pc1 and viseversa.

given that both pc1, pc2 can ping the iseries and viseversa,  I tried to access the website on the iseries from both pc1 and pc2 but failed.  everytime I tried to access the website, I could see a banner in the status showing " accessing website on 192.168.150.x... then it failed.

keep in mind, when I'm on the 192.168.150.x subnet, the website comes up fine.

thank you.
LVL 35

Expert Comment

by:Gary Patterson
ID: 40497243
Ok.  That's a completely different matter.  Seems more complex than it has to be, too, but maybe you have a reason.

Sounds like you forgot to modify your web server configuration to run on the new 192.168.3.x address.  Are you running Apache?

Author Comment

ID: 40497246
yes, running on Apache

Author Comment

ID: 40497250
yes its setup that way for security reasons.  thanks
LVL 35

Assisted Solution

by:Gary Patterson
Gary Patterson earned 1000 total points
ID: 40497267
And did you modify your Apache config to bind the 192.168.3.x interface?


Author Comment

ID: 40499895
thanks, Gary.   added the binding but now the site don't wanna come up.
LVL 57

Expert Comment

ID: 40500262
What version of Apache are you running?

I don't know where Apache stores its logs on iSeries, but what message are you seeing?
LVL 35

Expert Comment

by:Gary Patterson
ID: 40500494
Suggest you share your Apache config and, as giltjr requests, error log showing startup error.

Author Comment

ID: 40502016
here is the config:

  1    #2014
  2    Listen *:3080
  3    Listen 192.168.3.x:3080
  4    DocumentRoot /www/xxx/htdocs
  5    TraceEnable Off
  6    Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews
  7    LogFormat "%h %T %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  8    LogFormat "%{Cookie}n \"%r\" %t" cookie
  9    LogFormat "%{User-agent}i" agent
  10    LogFormat "%{Referer}i -> %U" referer
  11    LogFormat "%h %l %u %t \"%r\" %>s %b" common
  12    LogMaint logs/error_log 30 0
  13    AccessFileName .htaccess
  14    SetEnvIf "User-Agent" "Mozilla/2" nokeepalive
  15    SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0
  16    SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0
  17    SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0
  18    SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive
  19    SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0
  20    DirectoryIndex index.html
  21    <Directory />
  22         Order Deny,Allow
  23         Deny From all
  24    </Directory>
  25    <Directory /www/xxx/htdocs>
  26         Order Allow,Deny
  27         Allow From all
  28    </Directory>
  29    ServerUserID xxxWNR
  30    CGIConvMode %%EBCDIC/EBCDIC%%
  31    Alias /xxxx/ /xxxx/
  32    ScriptAliasMatch ^/xxxxx/(.*) /QSYS.LIB/TIMEINIT.LIB/$1.PGM
  33    AliasMatch ^/xxxx/(.*) /xxxx/$1
  34    Redirect 307 /webaccess http://192.168.150.x:3080/xxx/clw0001 
  35    Redirect 307 /employee http://192.168.150.x:3080/xxx/clw0041 
  36    <Directory /xxx/>
  37        Allow From All
  38    </Directory>
  39    <Directory /QSYS.LIB/TIMEINIT.LIB/>
  40        Allow From All
  41    </Directory>
LVL 57

Accepted Solution

giltjr earned 1000 total points
ID: 40502436
If you just have the two IP addresses on the iSeries since you have "Listen *:3080" you don't need "Listen 192.168.3.x:3080"

"Listen *:3080" tells Apache to listen on port 3080 on all/any IP addresses that this host has open.

"Listen 192.168.3.x:3080" tells Apache to listen on port 3080 on just IP address 192.168.3.x.  This would have been before, assuming that the iSeries only had one IP address.

If the iSeries has more that the two IP addresses you have mentioned here and you don't want Apache listening on them, then you need to code:

Listen 192.168.3.x:3080
Listen 192.168.150.x:3080

And remove the "Listen *:3080"

Also with the Redirect statements you have you do realize that when somebody access /webaccess or /employee they are going to be forced to go to the 192.168.150.x address.  Which means that you need to have the correct routing setup for all other IP subnets.
LVL 35

Expert Comment

by:Gary Patterson
ID: 40502850
Sounds like there is intentionally no routing set up for unexplained "security reasons".  

If this was me, and I had security requirements, then I'd have the two networks separated by a firewall and I'd be using ACLs (and possibly NAT) to restrict access between the two networks.  That way I could just publish on the one original address and let everyone access it.

I don't understand the network or the security requirements well enough to recommend a proper network design, though.   If you'd like to explain your requirements in detail, I'd be happy to make some suggestions.

Author Comment

ID: 40504451
thanks Gary and giltjr!  issue resolved...  additional listening port and routing path.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question