2.1.2 Network Security
During installation the xxxJSMLIB and QOTHPRDOWN user profiles are created with a default password of LANSA. You need to change these passwords to make your system secure.
You can restrict access to your JSM instance by using TCP/IP client address filtering.
The JSM instance can be configured to only accept connections from specified TCP/IP clients.
For example, if you are running a JSM instance on your IBM i and the LANSA or RPG client programs are running on the same machine (partition), then you can use the LOOPBACK (127.0.0.1) address.
The JSM server will listen on port 4560 and address 127.0.0.1, and only accepts clients from 127.0.0.1.
Using the LOOPBACK address, means no communication traffic extends to the physical card.
It is impossible for another machine or network scanner to access the TCP/IP interface.
tcp.port=4560
tcp.backlog=20
tcp.interface=127.0.0.1
tcp.client.address=127.0.0.1
Multihomed LOOPBACK address
You can use multiple LOOPBACK addresses for multiple JSM instances and use the same port number.
tcp.port=4560
tcp.interface=127.0.0.1
tcp.port=4560
tcp.interface=127.0.0.2
ADDTCPIFC INTNETADR('127.0.0.2') LIND(*LOOPBACK) SUBNETMASK('255.0.0.0')
GO CFGTCP
1. Work with TCP/IP interfaces
10.2.0.173 255.255.0.0 ETHLINE *ELAN
127.0.0.1 255.0.0.0 *LOOPBACK *NONE
127.0.0.2 255.0.0.0 *LOOPBACK *NONE
Remember you need to start the 127.0.0.2 interface.
PING '127.0.0.1'
PING '127.0.0.2'
ADDTCPIFC *LOOPBACK help
The interface being changed is the loopback or LOCALHOST interface.
Because processing associated with loopback does not extend to a physical line, there is no line description associated with a loopback address.
This special value must be used for any INTNETADR that has a first octet value of 127.