I'm having a strange issue where I cannot get our production LPAR to establish an SSH connection to the zPDT instance.

I've been connecting and still can connect to my zPDT instance from my local PC.  I finally got some software loaded on our production LPAR so now I want to SFTP down some datasets into the zPDT.

When I attempt to connect I get this message: FOTS2204 ssh: connect to host 10.10.10.2 port 22: EDC8130I Host cannot be reached. (errno2=0x76630291)

I have no problem connection to the host system the emulator is running on from the prod LPAR.

I also get the same message when I try an ftp connection.  I also get the error "EZA8262I Foreign host rejected the open attempt (8547)" when trying to telnet to the zPDT from prod LPAR.

I can successfully ping the zPDT from the prod LPAR and there are no firewall blocks happening.

Almost like this is something not configured on the zPDT and it is blocking these connection attempts.  I can successful ssh from the zPDT to the prod LPAR.

A Wireshark trace shows this sequence:

LPAR --> zPDT  (SYN)

zPDT --> LPAR (SYN, ACK)

LPAR --> zPDT (RST, ACK)

Any ideas would be appreciated.

Thanks.

From a production to ZDT z/OS there are many network components and filters involved. You'd better check it in small pieces. 

We will not be able to help or answer why all the whole way is not working. This is not supported by ZDT. 

First, From the Linux to z/OS in the ZDT instance: 

 - During the install script, you should have answered "y" for network configuration. If you did it, you must be able to ping from Linux operating system to z/OS (must be IPLed and TCP/IP started). Do tests 1 and 2 as follows: 

        1. From Linux to z/OS:     ping 10.1.1.2 

        2. From z/OS to Linux:     logon a TSO session, using PCOMM and port number 3270, option 6:    ping <linux ip address> 

- If both works, ZDT has had its network configuration completed correctly. 

- If it does not work, you may have not answered "y" for network configuration in the install. Take this action: 

        1. In the Linux, execute the script /opt/ConfigGuideSample/zdt_config_network10.sh 

        2. try the above ping tests 1 and 2 again. They should work. 

If the ping tests work, it means that ZDT is correctly installed and ready. So, additional investigation should be done, but for this part you will have to count on your support. 

We have determined that the Linux firewall is causing the issue.  With the firewall off, all is working as expected.  With the firewall on, the only thing we can do was ping.

What is the strange thing, is that our zpdt host and z/os are a 10.x.x.x IP address.  Our production mainframe network is a 206.x.x.x ip address.  I've never had any problem from my pcs which are 10.x.x.x addresses but different subnets.  When I try from the prod LPAR the firewall doesn't like that.

I have my Linux admins working to try and figure out what the difference is.  Theoretically the source IP shouldn't matter.

I'll post a solution when we figure it out.

Thanks.

Depending on the Linux package, it may have been installed with firewall active. Check in the Linux where your ZDT is installed first.