Hi Rob -

>Do you think that 446 is the port to open up?

When I saw port 446 I did some further research.  446 is the DRDA port.  As
I already mentioned, 447 is DDM without SSL and 448 is DDM with SSL.  When
you start the DDM TCP server, it listens on all three ports.

If you look at CRTDDMF, you will see that the default for port is *DRDA.
When this is mapped to the service table, it becomes port 446.

For non-SSL connections you can use either port 446 or 447 on the CRTDDMF
command.  IBM recommends that you use 446 for clear and 447 for VPN:
http://publib.boulder.ibm.com/pubs/html/as400/v4r5/ic2924/info/db2/rbae5mst1
12.htm

I would suggest that you have port 447 opened through the firewall, and
specify PORT(447) on the CRTDDMF command for all files pointing to that
external customer.  Use CHGDDMF to change the port for any existing files
pointing to that customer.  Continue to use the default of PORT(*DRDA) for
your DDM files for internal use.

Having the firewall opened for 447 and *not* for 446 will help insure that
only the files that you specify wanting going outside your LAN will do so,
both from the programming point of view and from the firewall point of view.

Ken
Southern Wine and Spirits of Nevada, Inc.
Opinions expressed are my own and do not necessarily represent the views of
my employer or anyone in their right mind.

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].