Make AS400 reachable from Internet through NS

NethServer Version: 7.7.1809 subscr.
Module: firewall

Hi mates,

never had dealed with this, but now I’ve the request to make my AS400 reachable from the internet.
A specific application from Fiat should reache the AS400 in my internal lan on a specific port.
AS400 and GREEN are in the same LAN.

Fiat-Server (from outside) <==> Nethserver Gateway <==> AS400

So I made a portforwarding from RED to AS400 (firewall object) on that specific port.

Question: Do I also have to make a rule to accept TCP traffic from RED to AS400 with a serviceobject on this specific port? (@mrmarkuz)

TIA Ralf

No, the portforwarding should be enough.

1 Like

Thanks for your quick response!! :+1:

1 Like

I suggest to use at least a VPN client connection. AFAIK AS400 do not encrypt data between client and server.

1 Like

Or at least only accept traffic from FIAT’s IP on your Firewall.
I do assume they use a fixed IP…


This won’t ease any issue about data sniffing between your ISP and the other side. And this could collide with GDPR…

I quite and fully agree with the VPN.

But try as a small KMU to get a big conglomerate to move… (FIAT falls under that league in my opinion)
Invisible elefants in the room - they have the same issues…


You can always try to make FCA sign some legal papers for assuming risks and sanctions…
Even from NL should comply with GDPR

@Andy_Wismer and @pike thanks for your suggestion.

  1. Yes, they do use a fixed IP and I restriced it to this IP.
  2. It’s https-traffic, so datasniffing shouldn’t be able.
  3. VPN is not an option. As you said: Try to move a large company… :woozy_face:

Stay healthy, mates!

1 Like

This detail was not in the initial post… and waves all my concerns.