Re: APPC - TCPIP...Book 2

["Brad Jensen" <brad@xxxxxxxxxxx>]

----- Original Message -----
From: <thomas@inorbit.com>
To: <midrange-l@midrange.com>
Sent: Wednesday, December 05, 2001 11:02 PM
Subject: Re: APPC - TCPIP...Book 2


> Rick:
>
> On Wed, 05 December 2001, "Rick Rayburn" wrote:
>
> > ?? Firewall. We have been told that 400 to 400 communication
does NOT need
> > any additional ports "opened" (are they already or auto
opened?) for
> > *anynet. Some have written to say ports 397 and 9216 must be
opened. Our
> > communcation contacts say not true. Word?

Uh, if you communication contacts think they can get a program to
communicate over TCP/Ip without opening a port, they don't know
much about TCP/IP. Or I don't.

Perhaps they are misunderstanding you, and thinking you want to
open the port in your programming, when the communication software
has already opened it. But it won't open it unless it is allowed
through the firewall.

I have a tendency when debugging things that seem gefleerflawed
like this, to believe the technical source with the most detailed
comments. That doesn't always work, but it does more than half the
time.

I describe the internet to people not familiar with its
technicalities using a mixed metaphor.

First of all , every resource on the internet, such as a web
server, exists at a certain ip address. Ip addresses are like
phone numbers. You call that number, you get the same guy on the
other end . (except of course dial up accounts that may dial in to
a different ISP, but they are not going to be running servers in
most cases.)

The domain names, like www.yahoo.com, are in a big online
directory that looks up the ip address for you. Your program
running over the internet has to have the ip address, and a port,

Firewalls work by  before it can reach the other end.

At that ip address, there are server programs listening to ports.
A port is like a PO Box in a post office. Any communication you
send to a particular port belongs to the server that listens to
that port. Most ports are reserved for a certain kind of server.
For example, a Telnet (terminal) server listens on port 23, and a
web server listens on port 80. So both kinds of servers can be
running on the same computer at that ip address at the same time,
and they don't get their messages confused. This is the same as a
thousand people getting their mail at the same post office.

Most servers can listen to nonstandard ports, so you could run two
web servers on the same ip address by letting the second one
listen at port 8080, and you url for the first server might be
www.yoohoo.com, while the second one would be www.yoohoo.com:8080
. You don't need the port number on the first url because it is
the default port, port 80.

By the way, and interesting aside to this is that you can see what
a web server is really saying to your browser by using telnet to
go to that port. For example, enter a url of
telnet:www.yahoo.com:80 and when telnet opens a window, type get
and the enter key and you will get an error message html page
back. (I don't remember the correct first request fro the browser
side.)

Firewalls work by filtering out unwanted or dangerous ip traffic.
For example, if you know a hacker tries to get into your address
from a certain ip address, you refuse any connection attempts from
that ip address. If you do not want anyone but local people
accessing your telnet server, you block all incoming traffic to
port 23 on that server.

I hope some of you find this useful, and that you guru guys don't
turn green from my simplifications.

Brad Jensen
Chief Honcho
Laservault AS/400 report archiving
www.elstore.com