----- Original Message ----- From: <firstname.lastname@example.org> To: <email@example.com> Sent: Wednesday, December 05, 2001 11:02 PM Subject: Re: APPC - TCPIP...Book 2 > Rick: > > On Wed, 05 December 2001, "Rick Rayburn" wrote: > > > ?? Firewall. We have been told that 400 to 400 communication does NOT need > > any additional ports "opened" (are they already or auto opened?) for > > *anynet. Some have written to say ports 397 and 9216 must be opened. Our > > communcation contacts say not true. Word? Uh, if you communication contacts think they can get a program to communicate over TCP/Ip without opening a port, they don't know much about TCP/IP. Or I don't. Perhaps they are misunderstanding you, and thinking you want to open the port in your programming, when the communication software has already opened it. But it won't open it unless it is allowed through the firewall. I have a tendency when debugging things that seem gefleerflawed like this, to believe the technical source with the most detailed comments. That doesn't always work, but it does more than half the time. I describe the internet to people not familiar with its technicalities using a mixed metaphor. First of all , every resource on the internet, such as a web server, exists at a certain ip address. Ip addresses are like phone numbers. You call that number, you get the same guy on the other end . (except of course dial up accounts that may dial in to a different ISP, but they are not going to be running servers in most cases.) The domain names, like www.yahoo.com, are in a big online directory that looks up the ip address for you. Your program running over the internet has to have the ip address, and a port, Firewalls work by before it can reach the other end. At that ip address, there are server programs listening to ports. A port is like a PO Box in a post office. Any communication you send to a particular port belongs to the server that listens to that port. Most ports are reserved for a certain kind of server. For example, a Telnet (terminal) server listens on port 23, and a web server listens on port 80. So both kinds of servers can be running on the same computer at that ip address at the same time, and they don't get their messages confused. This is the same as a thousand people getting their mail at the same post office. Most servers can listen to nonstandard ports, so you could run two web servers on the same ip address by letting the second one listen at port 8080, and you url for the first server might be www.yoohoo.com, while the second one would be www.yoohoo.com:8080 . You don't need the port number on the first url because it is the default port, port 80. By the way, and interesting aside to this is that you can see what a web server is really saying to your browser by using telnet to go to that port. For example, enter a url of telnet:www.yahoo.com:80 and when telnet opens a window, type get and the enter key and you will get an error message html page back. (I don't remember the correct first request fro the browser side.) Firewalls work by filtering out unwanted or dangerous ip traffic. For example, if you know a hacker tries to get into your address from a certain ip address, you refuse any connection attempts from that ip address. If you do not want anyone but local people accessing your telnet server, you block all incoming traffic to port 23 on that server. I hope some of you find this useful, and that you guru guys don't turn green from my simplifications. Brad Jensen Chief Honcho Laservault AS/400 report archiving www.elstore.com
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.