Tech Note Firewall Considerations Rocket | Aldon LMe

Modified: 2/25/2014 Page 1 of 4 Tech_Note_Firewall_Considerations_LMe.docx

The purpose of this Tech Note is to share information gained from working with
our customers for additional functionality to the product where the demand and
or timing has not indicated that the specific functionality be added to the core
product. The content for the Tech Note may be valid for a single release or
range of releases of the product. As time or demand indicates the functional
concept included in a Tech Note may be added to the product at which time
the Tech Note will be retired.

The Tech Note represents a customization of the product by the customer to
provide functionality that is not yet or not currently planned for the product.
Aldon Computer Group makes no warranty, expressed or implied, with regard to
this material, including fitness for use. Additionally, Aldon is not responsible for
maintaining the compatibility of this information with future releases. Aldon
provides this as an example only. Customers using this information do so at their
own risk.

Subject:
Using Aldon LM(e) with an Internal Firewall
Product: Aldon LM(e) client
Version(s): 4.2x, 5.x, 6.x
Concept: Many computer facilities, particularly those whose servers are
connected to the Internet, have in place what is known as a
firewall. The purpose of the firewall is to prevent unauthorized
access via the local-area network. To access a computer in a TCP/IP
network, you need to know two things: the IP address of the
computer and an available port number. Most firewalls function by
blocking access to all port numbers except those that are authorized.
If the Aldon LM(e) server and all Aldon LM(e) clients are inside the
firewall, no special setup is required. However, if you are installing
Aldon LM(e) in a facility where the firewall is between the Aldon
LM(e) server and the client PCs, then a special setup procedure is
required.

Requirements:

1. The facilitys system administrator must identify a port number for each
Aldon LM(e) client to use and he must enable those port numbers in the
firewall.
2. Each Aldon LM(e) client must be informed of its port number.
a. The port number must be greater than 1024 but less than 32768,
and it must be a port number that is not being used by anything
else (like the Aldon LM(e) Dispatcher or something at your site).
b. The same port number may be used on any number, or all, Aldon
LM(e) clients or different numbers may be used for each Aldon
LM(e) client.

Tech Note Firewall Considerations Rocket | Aldon LMe
Modified: 2/25/2014 Page 2 of 4 Tech_Note_Firewall_Considerations_LMe.docx
For LMe versions 6.0 or earlier:

To inform an Aldon LM(e) client which port number to specify for the LM(e) server to
use, an entry must be created in the clients Windows Registry to identify the port
number. To add the entry in the Windows Registry, proceed as described below:
a. Click the Start button on the Taskbar, and then click Run. The Run dialog
displays.
b. Type REGEDIT in the Open field, or click on the down-arrow to select it
from the list if it has been entered on the computer before. The Registry
Editor window will display.
c. Expand the nodes by clicking the plus signs until you have navigated to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Aldon\LM \ x.x.
(where x.x is version of the LM(e) instance you are currently working
with, e.g. 5.1)
d. Right-click on x.x and select New > DWORD Value. This creates an entry
in the right pane named New Value #1. Key over the New value #1 text,
renaming it to LocalPort and press Enter. (The entry is not case sensitive.)
e. Right-click on LocalPort, and select Modify. The Edit DWORD Value
dialog displays.
f. In the Base group box, select Decimal. In the Value data field, key the
port number that has been assigned and then click OK.
Note: Be extremely careful not to change or delete any of the other
entries in the Registry Editor window, because doing so could make
your PC inoperable.
g. Close the Registry Editor window by clicking on the [X] in the upper right-
hand corner.


Tech Note Firewall Considerations Rocket | Aldon LMe
Modified: 2/25/2014 Page 3 of 4 Tech_Note_Firewall_Considerations_LMe.docx
For LMe versions 6.1 or later:

The specific port specification for the LM client to use for data requests is
specified with the file-transfer agent listen port (or ft-port) found in the local client
configuration file (C:\Program Files (x86)\Aldon\Aldon LM
6.x\aldcs.conf). The setting below will use local port 7777 for requests to
checkout, get latest, add, or checkin files/parts.

# file-transfer agent listen port; override only if a special port
# needs to be used; otherwise, one will be assigned. A value of '0'
# is the same as not specifying any port and means one will be
# assigned.
# Commandline override: --ft-port
#ft-port=0
ft-port=7777

The file may be modified manually using an editor of your choice (e.g.
Notepad.exe) or using the LMCS Configuration Editor (Start > All Programs
> Aldon LM n.n > LMCS Configuration Editor).


Tech Note Firewall Considerations Rocket | Aldon LMe
Modified: 2/25/2014 Page 4 of 4 Tech_Note_Firewall_Considerations_LMe.docx
LMe Host/Client Connection Process Summary:

In general, the LocalPort is used by client and server in the following manner:

If a setting is not made on a PC (LocalPort), the IBM i or Linux host server will
attempt to connect to a random port on the PC, from ANY available port on the
host.

IP location as it's known to the host will be used by Aldon LMe for backchannel
(e.g. Get Latest, Checkout, Checkin, etc.) requests from the LMe client.

No matter what network configuration is used, the IBM i or Linux host server has to
be able to communicate to the Aldon LM(e) client based on the IP address that
the System i host detects the client is connecting from.

Regarding the IP addresses used: It is not the responsibility of Aldon to
make recommendations regarding the means used to locate the client
and forward the requested package if it is not using the IP/alias known to
the host.

We should be able to ping or telnet the PC that is initiating the connection to
LMe from a command line on the host using the IP address that is used for the
connection (as verified via netstat for the clients Remote IP location for entries
for Local Port of 'DISPATCHER').

For example, for a connection to LMe on an IBM i during a Get Latest, using the
command NETSTAT *CNN on the host and then using [F15] to subset to ip
address 172.25.8.188 (per local ipconfig on the workstation) shows:

Remote Remote Local
Address Port Port Idle Time State
172.25.8.188 1960 telnet 000:00:00 Established
172.25.8.188 1983 DISPAT > 000:00:01 Established
172.25.8.188 7777 41711 000:00:02 Established

Local port 'telnet' is a client access session.

Local port 'DISPAT' is the LMe client connection to the host Dispatcher port (using
random ports on both the remote and host locations).

Local port 41711 is the connection for the Get Latest using my specified
LocalPort or ft-port (7777) from my windows registry and a random port on
the host.

For assistance, contact Rocket Software Technical Support using the support Web Portal or email.

Support Web Portal: http://www.rocketsoftware.com/support
Email: support@rocketsoftware.com
Telephone:
US: +1.781.577.4323 Asia/Pacific: +852.317.50901
Europe: +44.203.3554864 Australia/New Zealand: +61.388.074716