Configuring TCP/IP Port Restrictions, Paolo | IBM SC41-5420-04

the specified port. If no match is found, the requesting program is not allowed to use the specified port. If any port in the 1-1023 range is restricted, the following message is posted:

Port restriction added but may affect TCP/IP processing

If no user profiles are associated with a specific port, there are no restrictions.

It is not necessary to configure port restrictions unless you are writing your own TCP/IP applications and you want to reserve the use of the applications to certain user profiles.

Note: For an installation in which user-written programs use ports other than the well-known ports, you can consider restricting the use of the well-known ports to the user profiles running the server application. As an example, for File Transfer Protocol (FTP), this would be user profile QTCP.

Configuring TCP/IP Port Restrictions

To configure TCP/IP port restrictions, type option 4 on the Configure TCP/IP menu. The Work with TCP/IP Port Restrictions display is shown (Figure 55).

		Work with TCP/IP Port Restrictions
				System: SYSNAM03
Type options, press Enter.
1=Add	4=Remove
	--Port Range---			User
Opt	Lower	Upper	Protocol	Profile
_	_____	*ONLY	____	__________
	1050	1059	*TCP	PAOLO

Bottom

F3=Exit F5=Refresh F6=Print list F12=Cancel F17=Top F18=Bottom

Figure 55. Work with TCP/IP Port Restrictions Display

Type option 1 (Add) at the input-capable top list entry to get to the Add TCP/IP Port Entry (ADDTCPPORT) display shown in Figure 56 on page 64. You can go directly to this display by typing ADDTCPPORT on any command line and pressing F4.

Chapter 2. TCP/IP: Operation, Management, and Advanced Topics 63

Image 77

IBM SC41-5420-04 manual Configuring TCP/IP Port Restrictions, Paolo

Contents

TCP/IP Configuration and Reference Page TCP/IP Configuration and Reference Fifth Edition May Contents Index About TCP/IP Configuration and Reference SC41-5420 Vi OS/400 TCP/IP Configuration and Reference V5R1 Operations Navigator Prerequisite and related information Viii OS/400 TCP/IP Configuration and Reference V5R1 Page OS/400 TCP/IP Configuration and Reference V5R1 Summary of changes Xii OS/400 TCP/IP Configuration and Reference V5R1 What you need to know before you can configure TCP/IP Configuring TCP/IP Gathering Information About your Network Planning for TCP/IP Installation and Configuration Line Description Parameters Checklist TCP/IP Planning Checklists Interfaces to Local TCP/IP Networks Local TCP/IP Host Information Checklist 25 / Remote System Information Installing the TCP/IP Application Programs Tcpadm Using the TCP/IP Administration Menu Using the Configure TCP/IP Menu Cfgtcp Configure TCP/IP Menu Configuring TCP/IP using the Command Line Interface Configuring TCP/IP using the EZ-Setup WizardServices table Protocol table Configuring a TCP/IP Interface Configuring a Line DescriptionImportant Note Internet address Line description Subnet maskAssociated local interface Automatic start Do you need to add routes at all? Configuring TCP/IP Routes Maximum Transmission Unit MTU size Route destination Dftroute None Preferred binding interfaceAdding TCP/IP routes NO, *YES Multiple Default RoutesNormal Configuring TCP/IP Remote System Information Configuring TCP/IP attributesIP Datagram Forwarding Adding Remote System Information Lind 15, *LIND, *TRANSMIT PVCNone NONE, *REQUEST, *ACCEPT Adding an Entry to the Host Table Configuring TCP/IP Host Table Entries Work with TCP/IP Host Table Display DNS BernMacian Localhost SYSNAM890Loopback AnyNet/400 Appc over TCP/IP Configuring the Local Domain and Host Name Local Domain Name System DNS Server Dspmsg Qsysopr Dspmsg Qtcp Starting TCP/IP and TCP/IP Servers Job Name Description TCP/IP Jobs End TCP/IP Endtcp Verifying the TCP/IP Connection Successful Ping Messages Verifying Additional TCP/IP Connections Verify TCP/IP Connection Vfytcpcnn Verify TCP/IP Connection Verify TCP/IP Connection Ping Verifying TCP/IP Connections with Host Name-ExampleVERBOSE, *QUIET COMP, *ESCAPE Verifying TCP/IP Connections with Internet Address-Example Saving Your TCP/IP Configuration Configuring TCP/IP 32 OS/400 TCP/IP Configuration and Reference V5R1 Work with TCP/IP Network Status Menu Network Status Work with TCP/IP Network Status Work with TCP/IP Interface StatusWork with TCP/IP Interface Status Internet Network Line Starting TCP/IP Interfaces Opt Address Mask ServiceInternet Subnet Type Maxthrput Ending TCP/IP Interfaces Route Subnet Next Opt Destination Mask Hop Available Display TCP/IP Route InformationDisplay TCP/IP Route Information Work with TCP/IP Connection Status Route Type Opt Destination ServiceType Source Bottom Remote Local Opt Address Port User Bytes Out Work with TCP/IP Connection StatusRemote Local Opt Address Port Idle Time State ALL Ending TCP/IP ConnectionsRemote Local Opt Address Port Type TCP Confirm End of TCP/IP Connections Working with Configuration Status Display Multicast Groups Displaying TCP/IP Network Status InformationOpt Description Status Job Trnline Active Trnlinet Trnlitcp Qtcpip Host Group Hardware Address Displaying TCP/IP InterfacesDisplay Multicast Host Groups Display TCP/IP Interface Status Displaying Associated RoutesTrlan MSB Route Subnet Next Opt Destination Mask Hop Displaying Route Details OptionDisplay Associated Routes Direct Displaying TCP/IP Route InformationDisplay TCP/IP Route Details Display TCP/IP Route Information, Display 1 Display TCP Connection Status Displaying TCP/IP Connections Display TCP/IP Connection Status, Display 2 Displaying Connection Totals Display TCP/IP Connection Totals TCP/IP Host Tables Host File Formats Managing TCP/IP Host TablesHost Table Information with *AIX Files Host Table Information with *NIC Files Host Table Information with *AS400 Files Tips for Merging Host TablesMerging TCP/IP Host Tables Managing the Host Table from a Central Site Merge the File Dead Gateway Processing Negative Advice from TCP or the Data Link Layer Multihoming Function How IP Responds to Negative Advice Multihoming Single Host, Single Network, Single Line Per physical LAN only Multihoming TCP/IP Network Example The Multihoming function Loopback None Type of Service TOSX25LINE TOS Example Multiple Routes TCP/IP Port Restriction Paolo Configuring TCP/IP Port Restrictions Gerry UDP, *TCPOnly Related Tables and the Host Table Configure Related Tables Menu Work with Service Table Entry Display IBM Using X.25 PVC instead of SVC Multicast Restrictions Chglintrn Lindtrnline FCNADRC00000040000 70 OS/400 TCP/IP Configuration and Reference V5R1 TCP/IP Protocol Support Provided by IOP Base Pool SizeTCP/IP Jobs Outbound batching of TCP and UDP datagrams Running TCP/IP Only Performance Considerations Merge Host Table Performance 74 OS/400 TCP/IP Configuration and Reference V5R1 Line type Configuration command Source Service Access Point Configuration StepsCreating the Line Description Line Description Name Determining the Maximum Size of Datagrams Setting the Maximum Transmission Unit 78 OS/400 TCP/IP Configuration and Reference V5R1 TCP/IP Exit Points and Exit Programs Appendix B. TCP/IP Application Exit Points and Programs TCP/IP Application Exit Points OS/400 Registration Facility Adding Your Exit Program to the Registration Facility Creating Exit Programs QAPP0100 Select your exit point Add your exit program Select the Add Exit Program option Yourlib Removing Exit Programs TCP/IP Application Request Validation Exit Point Interface Exit Point Interfaces for TCP/IP Application Exit PointsRequired Parameter Group Application identifier User profile Operation identifierRemote IP address Length of remote IP address Allow operation Usage NotesLength of operation-specific information QSYS.LIB file system pathnames are always in uppercase Point Command stringLength of command string Character conversion option Command processor identifier Qshell interpreter not installed 92 OS/400 TCP/IP Configuration and Reference V5R1 Copyright IBM Corp Trademarks Programming Interface Information DB2 96 OS/400 TCP/IP Configuration and Reference V5R1 Index Special Characters Interface Qtgtelnets Qtsmtpsrvr Page SC41-5420-04