November 14, 2011

iSeries Access Through a Firewall | IBM i (OS/400, i5/OS)

Servers

Ports

Descriptions

Port Mapper

449

Port Mapper returns the port number for the requested server.

Sign-on

8476 (9476)

Sign-on is used for every iSeries Access connection to authenticate users and to change passwords. It is also used to retrieve Application Administration settings.

Central

8470 (9470)

Central is used when an iSeries Access license is required. It's also used for downloading conversion tables.

Data Queue

8472 (9472)

Data Queue allows access to the iSeries data queues, used for passing data between applications.

Database

8471 (9471)

Database is used for accessing the OS/400 database.

Remote Command

8475 (9475)

Remote Command is used for sending commands from a PC to an iSeries and for program calls.

File

8473 (9473)

File is used for accessing any part of the OS/400 file system.

Print

8474 (9474)

Print is used to access printers known to the OS/400.

Web Admin

2001 (2010)

Web Admin is used to access Web applications served by the iSeries.

DDM

446 (448)

DDM is used to access data via DRDA. It's also used for record-level access.

Telnet

23 (992)

Telnet is used to access 5250 emulation.

Netserver

137, 138, 139, 8474

Netserver allows access to the OS/400 Integrated File System (IFS) from Windows PCs.

USF

8480

USF (or Ultimedia) is used for multimedia data. (Note: This server is being removed in a future release.)

LDAP

389 (636)

LDAP provides a network directory service.

Management Central

5555 5544 5577 (5566)

Management Central is used to manage multiple iSeries 400s in a network.

Figure 1: These are the ports associated with the servers used by iSeries Access for Windows.
Figure 2 lists some common iSeries Access functions and the servers that they utilize. Using Figure 1 and Figure 2, you should be able to determine which ports you need to open on your firewall. Also, these two tables are available on the iSeries Access Web site, in the Information APARs section. Select II12227. This page is kept up-to-date with the latest information on iSeries Access port usage. There could be additions to this table at any time, although it's likely that changes will be seen only on release boundaries.

Client Access Function

Servers Used

PC5250 display and printer emulation

Sign-on, Central, Telnet

Data transfer

Sign-on, Central, Database

Base iSeries Navigator support

Sign-on, Remote Command

All iSeries Navigator functions

Sign-on, Remote Command, File, Print, Database, Web Admin, Management Central, USF, Netserver, LDAP, Data Queue

ODBC

Sign-on, Database

OLE DB

Sign-on, Database, DDM, Remote Command, Data Queue

AFP Viewer

Sign-on, Print

Client Access Install from iSeries

Netserver

Incoming Remote Command

Uses no specific server, and iSeries port will vary. PC-side port is 512.

Fax support

Sign-on, Print

via mcpressonline.com

Notes

Servers	Ports	Descriptions
Port Mapper	449	Port Mapper returns the port number for the requested server.
Sign-on	8476 (9476)	Sign-on is used for every iSeries Access connection to authenticate users and to change passwords. It is also used to retrieve Application Administration settings.
Central	8470 (9470)	Central is used when an iSeries Access license is required. It's also used for downloading conversion tables.
Data Queue	8472 (9472)	Data Queue allows access to the iSeries data queues, used for passing data between applications.
Database	8471 (9471)	Database is used for accessing the OS/400 database.
Remote Command	8475 (9475)	Remote Command is used for sending commands from a PC to an iSeries and for program calls.
File	8473 (9473)	File is used for accessing any part of the OS/400 file system.
Print	8474 (9474)	Print is used to access printers known to the OS/400.
Web Admin	2001 (2010)	Web Admin is used to access Web applications served by the iSeries.
DDM	446 (448)	DDM is used to access data via DRDA. It's also used for record-level access.
Telnet	23 (992)	Telnet is used to access 5250 emulation.
Netserver	137, 138, 139, 8474	Netserver allows access to the OS/400 Integrated File System (IFS) from Windows PCs.
USF	8480	USF (or Ultimedia) is used for multimedia data. (Note: This server is being removed in a future release.)
LDAP	389 (636)	LDAP provides a network directory service.
Management Central	5555 5544 5577 (5566)	Management Central is used to manage multiple iSeries 400s in a network.

Client Access Function	Servers Used
PC5250 display and printer emulation	Sign-on, Central, Telnet
Data transfer	Sign-on, Central, Database
Base iSeries Navigator support	Sign-on, Remote Command
All iSeries Navigator functions	Sign-on, Remote Command, File, Print, Database, Web Admin, Management Central, USF, Netserver, LDAP, Data Queue
ODBC	Sign-on, Database
OLE DB	Sign-on, Database, DDM, Remote Command, Data Queue
AFP Viewer	Sign-on, Print
Client Access Install from iSeries	Netserver
Incoming Remote Command	Uses no specific server, and iSeries port will vary. PC-side port is 512.
Fax support	Sign-on, Print