Re: Ports to block to limit the use of Client access Data transfer Facility -- MIDRANGE-L

On Mon, 23 May 2005 rob@xxxxxxxxx wrote:

Is 449 used for the file transfer, or just to allow CA to communicate?  If
just to allow CA to communicate and transfer is on another port, I'd guess
there'd be no problem leaving 449 open.

Port 449 is the "server mapper" port - basically it is supposed to tell client access what ports to use for it's other activities. But it is kind of stupid since when configuring a session you enter in the port to use for 5250 (23 or 992). It is supposed to default to whatever the server connection you are uses is configured, but even that doesn't work very well. It is stupid for another reason: it doesn't know what ports may or may not be open on your firewall, so it maps to the same ones everytime. But since they are the same everytime, why have a mapper at all?

If you need to do data transfer and all the other bells and whistles that come with client access then you probably have a good reason need these additional ports. But if you only want 5250 access, it is probably smarter and safer to block all ports but 23 or 992 and use something besides client access.

James Rich

It's not the software that's free; it's you.
	- billyskank on Groklaw

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.