Hi,
  Background :
We have successfully installed zDnT 10.0 with ADCD z/OS v2.2 on Public Cloud.
We are able to successfully start zDnT & IPL z/OS.
We can access z/OS using x3270 within Linux server. 

Issue:
However, even after following all the steps mentioned in the zDnT site.
https://www.ibm.com/support/knowledgecenter/en/SSTQBD_10.0.0/com.ibm.zsys.rdt.guide.adcd.doc/topics/rdzutconfig22.html
 
We are not able to connect z/OS outside Linux server on Public Cloud. 

We are not able to configure IP for z/OS using Scenario 4 or Scenario 5 in zPDT Guide.
Although we were able to connect z/OS outside Linux server using same IP of Linux server.
 
However, when using same IP for Linux & z/OS, TSO sessions are getting disconnected frequently.

Would like to know if disconnection are due to using same IP for both Linux & z/OS ?
If that is the case, could you help us configure 2nd IP for z/OS using Scenario 4 or 5 from zDnT perspective.

It might be that we missing out something.
Kindly help us in the same.

Regards
Gautam

Hi Gautan,

Usually the cloud administrator blocks some network functions that would be available if you were using a physical Linux machine.

You have to use the scenario 3, from the zPDT redbook Guide and Reference (SG24-8205-01), and use the NAT network functions to route the packets from outside to the z/OS instance.

For the most traditional ports 20, 21, 22 and 23, you need to take a decision: use them to access Linux and change the z/OS TCPIP configuration or vice-versa. 

Hi Adilson,

     Thanks for your response.

We dont have physical servers. Both zDnT server & License Manager are on Public Cloud using software based licensing.

We were able to test Scenario 1 & 2 in our setup. We want to assign separate fixed IP address for z/OS.

Hence, based on the flow chart given in zPDT redbook Guide and Reference, would like to configure scenario 4 or 5.

Also, we have modified TN3270, for using port 623 instead of 23 for z/OS.

However, even after following the steps given in pdf, not able to access z/OS outside Linux box.

Any help in troubleshooting the issue, is appreciated.

 

Regards

Gautam

 

 

Hi Gautam,

We are working in cloud scenarios and will be able to give some more details in a couple of days. 

Definitely in cloud scenario 4 or 5 tends not to work.

The zPDT redbook is based in physical machines where nobody else touch its configuration, specially network config.

Hi Adilson,

    Thanks for quick response.

Would definitely like to understand how did you configure zDnT in cloud. Kindly keep updating as you make progress.

So, does it mean that in cloud scenario, Linux & z/OS cannot have separate IP using scenario 4 or 5 ?

If answer to above is yes, then only option is to assign single IP for both Linux & z/OS using scenario 3.

We tried assigning Linux IP in z/OS TCPIP of scenario 4. We were able to connect z/OS outside Linux.

But, this was resulting in TSO session, putty session & xRDP getting disconnected. Due to xRDP disconnection, MSTCON is lost.

Will using scenario 3 help us to access z/OS without the issue of disconnection ?

Kindly guide us for setting up w.r.t ports & other things if scenario 3 is used.

 

Regards

Gautam 

Hi Gautam

we are not sure if it will work in all cloud because we don't have information about network restrictions for all environment. Anyway, we believe it will work for your scenario. 

After you install your zD&T, do the following:

1. Go to your Linux console and from the root user id issue the command "ifconfig". In the answer, where you find your Linux IP address there will be a name used as a ethernet interface, as follows:

[root@zdt-dev3 z]# ifconfig
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 9.26.159.32  netmask 255.255.254.0  broadcast 9.26.159.255
        inet6 fe80::8f57:9668:b67d:2457  prefixlen 64  scopeid 0x20<link>
        ether 40:f2:e9:08:4e:1a  txqueuelen 1000  (Ethernet)
        RX packets 233055  bytes 17746206 (16.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 52612  bytes 58848885 (56.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xbc580000-bc59ffff  

in my machine, the interface has the name "eno1". We will need this name later.

2. In the ibmsys1 user id, issue the command "find_io". You will see one additional interface named "tap0" as follows:

[root@zdt-dev3 z]# find_io
   
 FIND_IO for "root@zdt-dev3.canlab.ibm.com"
                                                                                                
         Interface         Current          MAC                IPv4              IPv6           
 Path    Name              State            Address            Address           Address        
------   ----------------  ---------------- -----------------  ----------------  --------------
  F0     eno1              UP, RUNNING      40:f2:e9:08:4e:1a  9.26.159.32       fe80::8f57:9668:b67d:2457%eno1  
  F1     eno2              UP, NOT-RUNNING  40:f2:e9:08:4e:1b  *                 *               
  F2     eno3              UP, NOT-RUNNING  40:f2:e9:08:4e:1c  *                 *               
  F3     eno4              UP, NOT-RUNNING  40:f2:e9:08:4e:1d  *                 *               
  F4     eno5              UP, NOT-RUNNING  5c:f3:fc:37:32:48  *                 *               
  F5     enp22s0f1         UP, NOT-RUNNING  5c:f3:fc:37:32:4c  *                 *               
  F6     enp22s0f2         UP, NOT-RUNNING  5c:f3:fc:37:32:49  *                 *               
  F7     enp22s0f3         UP, NOT-RUNNING  5c:f3:fc:37:32:4d  *                 *               
  F8     enp22s0f4         UP, NOT-RUNNING  5c:f3:fc:37:32:4a  *                 *               
  F9     enp22s0f5         UP, NOT-RUNNING  5c:f3:fc:37:32:4e  *                 *               
  FA     enp22s0f6         UP, NOT-RUNNING  5c:f3:fc:37:32:4b  *                 *               
  FB     enp22s0f7         UP, NOT-RUNNING  5c:f3:fc:37:32:4f  *                 *               
.
  *      virbr0            UP, NOT-RUNNING  52:54:00:bd:ea:43  192.168.122.1     *               
  *      virbr0-nic        DOWN             52:54:00:bd:ea:43  *                 *               
.
  A0     tap0              UP, RUNNING      36:bd:33:1b:dc:14  10.1.1.1          fe80::34bd:33ff:fe1b:dc14%tap0  
  A1     tap1              DOWN             02:a1:a1:a1:a1:a1  *                 *               
  A2     tap2              DOWN             02:a2:a2:a2:a2:a2  *                 *               
  A3     tap3              DOWN             02:a3:a3:a3:a3:a3  *                 *               
  A4     tap4              DOWN             02:a4:a4:a4:a4:a4  *                 *               
  A5     tap5              DOWN             02:a5:a5:a5:a5:a5  *                 *               
  A6     tap6              DOWN             02:a6:a6:a6:a6:a6  *                 *               
  A7     tap7              DOWN             02:a7:a7:a7:a7:a7  *                 *               
   
 End of FIND_IO
 

we will used it too and the IP address 10.1.1.1.

3.From the the root user id, create a script with the following commands: :

## /etc/init.d/iptables stop
echo 1 > /proc/sys/net/ipv4/ip_forward

# Initialize forwarding rules
iptables -F -t nat
iptables -F
iptables -F FORWARD
iptables -P FORWARD ACCEPT

##################
# NATranslations #
##################
# FTP
iptables -t nat -A PREROUTING -p tcp -m tcp -i eno1 --dport 20 -j DNAT --to-destination 10.1.1.2
iptables -t nat -A PREROUTING -p tcp -m tcp -i eno1 --dport 21 -j DNAT --to-destination 10.1.1.2
iptables -t nat -A PREROUTING -p tcp -m tcp -i eno1 --dport 20000:20100 -j DNAT --to-destination 10.1.1.2

# 3270 to z/OS port 23
iptables -t nat -A PREROUTING -p tcp -m tcp -i eno1 --dport 23 -j DNAT --to-destination 10.1.1.2

# Telnet to USS port 1023
iptables -t nat -A PREROUTING -p tcp -m tcp -i eno1 --dport 1023 -j DNAT --to-destination 10.1.1.2

 

# External connectivity to Jazz/RTC server
iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE

##################################
# Forward packets (back & forth) #
##################################
#FTP
iptables -A FORWARD -p tcp --dport 20 -d 10.1.1.2 -j ACCEPT
iptables -A FORWARD -p tcp --sport 20 -s 10.1.1.2 -j ACCEPT
iptables -A FORWARD -p tcp --dport 21 -d 10.1.1.2 -j ACCEPT
iptables -A FORWARD -p tcp --sport 21 -s 10.1.1.2 -j ACCEPT
iptables -A FORWARD -p tcp --dport 20000:20100 -d 10.1.1.2 -j ACCEPT
iptables -A FORWARD -p tcp --sport 20000:20100 -s 10.1.1.2 -j ACCEPT

# 3270 to z/OS port 23
iptables -A FORWARD -p tcp --dport 23 -d 10.1.1.2 -j ACCEPT
iptables -A FORWARD -p tcp --sport 23 -s 10.1.1.2 -j ACCEPT

# Telnet to USS port 1023
iptables -A FORWARD -p tcp --dport 1023 -d 10.1.1.2 -j ACCEPT
iptables -A FORWARD -p tcp --sport 1023 -s 10.1.1.2 -j ACCEPT

# open port 3270 for the zPDT 3278/9 emulation
iptables -I INPUT -p tcp --dport 3270 -j ACCEPT

 

4. Change the ehternet "eno1" name for the name you have on your linux machine (as you saw in the item 1).

5. Execute this script.

6. Logon into your z/OS using a a x3270 or PCOM section and 3270 port and change the HOME IP addres in the TCPIP PROF1 member to 10.1.1.2.

7. Restart your TCPIP. 

8. Try to ping some external addresses from yor z/OS. it should be able to ping.

9. Try to open a ftp session to your Linux IP address. It should open it with the z/OS. You can authenticate with the user id IBMUSER.