This document provides guidance on configuring firewall settings to allow an Aldon LM(e) client to connect to an Aldon LM(e) server located on the other side of a firewall. It explains that the firewall administrator must open specific port numbers and each client must be configured with its assigned port number. It also provides instructions for configuring the client port number in different versions of Aldon LM(e).
This document provides guidance on configuring firewall settings to allow an Aldon LM(e) client to connect to an Aldon LM(e) server located on the other side of a firewall. It explains that the firewall administrator must open specific port numbers and each client must be configured with its assigned port number. It also provides instructions for configuring the client port number in different versions of Aldon LM(e).
This document provides guidance on configuring firewall settings to allow an Aldon LM(e) client to connect to an Aldon LM(e) server located on the other side of a firewall. It explains that the firewall administrator must open specific port numbers and each client must be configured with its assigned port number. It also provides instructions for configuring the client port number in different versions of Aldon LM(e).
Modified: 2/25/2014 Page 1 of 4 Tech_Note_Firewall_Considerations_LMe.docx
The purpose of this Tech Note is to share information gained from working with our customers for additional functionality to the product where the demand and or timing has not indicated that the specific functionality be added to the core product. The content for the Tech Note may be valid for a single release or range of releases of the product. As time or demand indicates the functional concept included in a Tech Note may be added to the product at which time the Tech Note will be retired.
The Tech Note represents a customization of the product by the customer to provide functionality that is not yet or not currently planned for the product. Aldon Computer Group makes no warranty, expressed or implied, with regard to this material, including fitness for use. Additionally, Aldon is not responsible for maintaining the compatibility of this information with future releases. Aldon provides this as an example only. Customers using this information do so at their own risk.
Subject: Using Aldon LM(e) with an Internal Firewall Product: Aldon LM(e) client Version(s): 4.2x, 5.x, 6.x Concept: Many computer facilities, particularly those whose servers are connected to the Internet, have in place what is known as a firewall. The purpose of the firewall is to prevent unauthorized access via the local-area network. To access a computer in a TCP/IP network, you need to know two things: the IP address of the computer and an available port number. Most firewalls function by blocking access to all port numbers except those that are authorized. If the Aldon LM(e) server and all Aldon LM(e) clients are inside the firewall, no special setup is required. However, if you are installing Aldon LM(e) in a facility where the firewall is between the Aldon LM(e) server and the client PCs, then a special setup procedure is required.
Requirements:
1. The facilitys system administrator must identify a port number for each Aldon LM(e) client to use and he must enable those port numbers in the firewall. 2. Each Aldon LM(e) client must be informed of its port number. a. The port number must be greater than 1024 but less than 32768, and it must be a port number that is not being used by anything else (like the Aldon LM(e) Dispatcher or something at your site). b. The same port number may be used on any number, or all, Aldon LM(e) clients or different numbers may be used for each Aldon LM(e) client.
Tech Note Firewall Considerations Rocket | Aldon LMe Modified: 2/25/2014 Page 2 of 4 Tech_Note_Firewall_Considerations_LMe.docx For LMe versions 6.0 or earlier:
To inform an Aldon LM(e) client which port number to specify for the LM(e) server to use, an entry must be created in the clients Windows Registry to identify the port number. To add the entry in the Windows Registry, proceed as described below: a. Click the Start button on the Taskbar, and then click Run. The Run dialog displays. b. Type REGEDIT in the Open field, or click on the down-arrow to select it from the list if it has been entered on the computer before. The Registry Editor window will display. c. Expand the nodes by clicking the plus signs until you have navigated to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Aldon\LM \ x.x. (where x.x is version of the LM(e) instance you are currently working with, e.g. 5.1) d. Right-click on x.x and select New > DWORD Value. This creates an entry in the right pane named New Value #1. Key over the New value #1 text, renaming it to LocalPort and press Enter. (The entry is not case sensitive.) e. Right-click on LocalPort, and select Modify. The Edit DWORD Value dialog displays. f. In the Base group box, select Decimal. In the Value data field, key the port number that has been assigned and then click OK. Note: Be extremely careful not to change or delete any of the other entries in the Registry Editor window, because doing so could make your PC inoperable. g. Close the Registry Editor window by clicking on the [X] in the upper right- hand corner.
Tech Note Firewall Considerations Rocket | Aldon LMe Modified: 2/25/2014 Page 3 of 4 Tech_Note_Firewall_Considerations_LMe.docx For LMe versions 6.1 or later:
The specific port specification for the LM client to use for data requests is specified with the file-transfer agent listen port (or ft-port) found in the local client configuration file (C:\Program Files (x86)\Aldon\Aldon LM 6.x\aldcs.conf). The setting below will use local port 7777 for requests to checkout, get latest, add, or checkin files/parts.
# file-transfer agent listen port; override only if a special port # needs to be used; otherwise, one will be assigned. A value of '0' # is the same as not specifying any port and means one will be # assigned. # Commandline override: --ft-port #ft-port=0 ft-port=7777
The file may be modified manually using an editor of your choice (e.g. Notepad.exe) or using the LMCS Configuration Editor (Start > All Programs > Aldon LM n.n > LMCS Configuration Editor).
Tech Note Firewall Considerations Rocket | Aldon LMe Modified: 2/25/2014 Page 4 of 4 Tech_Note_Firewall_Considerations_LMe.docx LMe Host/Client Connection Process Summary:
In general, the LocalPort is used by client and server in the following manner:
If a setting is not made on a PC (LocalPort), the IBM i or Linux host server will attempt to connect to a random port on the PC, from ANY available port on the host.
IP location as it's known to the host will be used by Aldon LMe for backchannel (e.g. Get Latest, Checkout, Checkin, etc.) requests from the LMe client.
No matter what network configuration is used, the IBM i or Linux host server has to be able to communicate to the Aldon LM(e) client based on the IP address that the System i host detects the client is connecting from.
Regarding the IP addresses used: It is not the responsibility of Aldon to make recommendations regarding the means used to locate the client and forward the requested package if it is not using the IP/alias known to the host.
We should be able to ping or telnet the PC that is initiating the connection to LMe from a command line on the host using the IP address that is used for the connection (as verified via netstat for the clients Remote IP location for entries for Local Port of 'DISPATCHER').
For example, for a connection to LMe on an IBM i during a Get Latest, using the command NETSTAT *CNN on the host and then using [F15] to subset to ip address 172.25.8.188 (per local ipconfig on the workstation) shows:
Remote Remote Local Address Port Port Idle Time State 172.25.8.188 1960 telnet 000:00:00 Established 172.25.8.188 1983 DISPAT > 000:00:01 Established 172.25.8.188 7777 41711 000:00:02 Established
Local port 'telnet' is a client access session.
Local port 'DISPAT' is the LMe client connection to the host Dispatcher port (using random ports on both the remote and host locations).
Local port 41711 is the connection for the Get Latest using my specified LocalPort or ft-port (7777) from my windows registry and a random port on the host.
For assistance, contact Rocket Software Technical Support using the support Web Portal or email.
Support Web Portal: http://www.rocketsoftware.com/support Email: support@rocketsoftware.com Telephone: US: +1.781.577.4323 Asia/Pacific: +852.317.50901 Europe: +44.203.3554864 Australia/New Zealand: +61.388.074716