Email access thru firewall

On Thursday, June 18, 1998, 06:36 AM, John L. Clark wrote: We have an AS/400 setup to serve email to POP3 clients. We also have a recently installed firewall and a 56K leased line to our ISP. We have no problem sending email back and forth within the secure network or thru the firewall to the outside world. However, I cannot figure out how to configure the firewall to permit external POP3 clients to dial into thier own ISP, then send/receive email with our AS/400. I would appreciate any info anyone may have on this! Thanks, JC John, I think what you are asking about is TCP/IP port numbers and how they relate to firewalls? The port number is in every TCP/IP packet. It tells TCP what program to pass received packets to. POP3 has a port number of 110. Telnet has a port number of 23, client access uses 5110. If you want to allow users from the Internet to access POP3 but not access telnet or client access, you set the firewall to allow tcp/ip packets for port 110. You can find a list of TCP/IP port numbers in the TCP/IP configuration and reference manual. Look in the index under "Ports -well known". Outside users will also need a way to find your mail server so you need to have a registered domain and a name server that tells them what the TCP/IP address of your mail server is. This name server can be anywhere on the Internet and can be provided by your ISP. You might also want to allow port 109 for POP2 and 161 for SNMP so you can receive email from those clients. JHicks@SUZ.com

Email access thru firewall

PSBefore you can tell the firewall what ports to allow in, you have to tell the firewall what IP address inside your secure network are allowed to receive packets. You allow access to a computer in your secure network by assigning a public Internet address to the Internal IP address. In your private network, you are using private TCP/IP addresses. The outside Internet will not route these private addresses. You must tell the firewall to convert one of your public Internet addresses to the internal private address of the AS/400. Then indicate what port numbers are allowed in to that IP address. JHicks@SUZ.com

Email access thru firewall

PSBefore you can tell the firewall what ports to allow in, you have to tell the firewall what IP address inside your secure network are allowed to receive packets. You allow access to a computer in your secure network by assigning a public Internet address to the Internal IP address. In your private network, you are using private TCP/IP addresses. The outside Internet will not route these private addresses. You must tell the firewall to convert one of your public Internet addresses to the internal private address of the AS/400. Then indicate what port numbers are allowed in to that IP address. JHicks@SUZ.com

Email access thru firewall

Hi Jim - Thanks for the info. As a matter of fact, I have the firewall configured pretty much as you mentioned. I can even manage to get mail IN from the POP3 client (on the internet). But, when they try to receive their email waiting, they receive an error "Socket Error 10061". We have all of the public internet addresses, etc. I see the firewall accept the incoming request, then send a message back (although I can't see the substance of the message) I have a feeling the message going back is the rejection... so I think I may be missing a special DNS entry in the firewall... but I really am stuggling to find documentation on this part of the firewall. I appreciate your help and will post any resolution I can find to this. Thanks, JC

Email access thru firewall

I know what you mean about TCP/IP errors. You are getting the error message "socket error 10061" and asking yourself why? You can not find the error code in any of the TCP/IP configuration manuals. I have been there. The place I found socket error codes is not in any of the configuration manuals but in socket programming manuals, which you may nor may not have. Programs call the functions in the socket library to make connections or send and receive on the TCP/IP network. When the return code is 0, the called function was completed normal. When it is not 0 there is some problem. So many programmers write their code to display the number when it is not equal to 0. It would be nice if all programmers wrote applications to display a message and not just the error number. However, in the real world they often do not do this. You may never write a socket program, but I find it helpfull to have at least one manual or book on socket programming that contains the error codes. Error 10061 is "Connection Refused" and is usually caused by a PC sending a connection request to a server that does not have the service running. For example, trying to make a FTP connection to a server that does not have FTP. Since the program does not tell you what port it is trying to connect to, it may be necessary to have some kind of sniffer to examine the connection request and look at the port number in the packet. The following is a list of error codes from winsock on a PC. You can find information about sockets at WWW.SOCKETS.COM WSABASEERR (0) No Error WSAEINTR (10004) Interrupted system call WSAEBADF (10009) Bad file number WSAEACCES (10013) Permission denied WSAEFAULT (10014) Bad address WSAEINVAL (10022) Invalid argument WSAEMFILE (10024) Too many open files WSAEWOULDBLOCK (10035) Operation would block WSAEINPROGRESS (10036) Operation now in progress WSAEALREADY (10037) Operation already in progress WSAENOTSOCK (10038) Socket operation on non-socket WSAEDESTADDRREQ (10039) Destination address required WSAEMSGSIZE (10040) Message too long WSAEPROTOTYPE (10041) Protocol wrong type for socket WSAENOPROTOOPT (10042) Bad protocol option WSAEPROTONOSUPPORT (10043) Protocol not supported WSAESOCKTNOSUPPORT (10044) Socket type not supported WSAEOPNOTSUPP (10045) Operation not supported on socket WSAEPFNOSUPPORT (10046) Protocol family not supported WSAEAFNOSUPPORT (10047) Address family not supported by protocol family WSAEADDRINUSE (10048) Address already in use WSAEADDRNOTAVAIL (10049) Can't assign requested address WSAENETDOWN (10050) Network is down WSAENETUNREACH (10051) Network is unreachable WSAENETRESET (10052) Net dropped connection or reset WSAECONNABORTED (10053) Software caused connection abort WSAECONNRESET (10054) Connection reset by peer WSAENOBUFS (10055) No buffer space available WSAEISCONN (10056) Socket is already connected WSAENOTCONN (10057) Socket is not connected WSAESHUTDOWN (10058) Can't send after socket shutdown WSAETOOMANYREFS (10059) Too many references, can't splice WSAETIMEDOUT (10060) Connection timed out WSAECONNREFUSED (10061) Connection refused WSAELOOP (10062) Too many levels of symbolic links WSAENAMETOOLONG (10063) File name too long WSAEHOSTDOWN (10064) Host is down WSAEHOSTUNREACH (10065) No Route to Host WSAENOTEMPTY (10066) Directory not empty WSAEPROCLIM (10067) Too many processes WSAEUSERS (10068) Too many users WSAEDQUOT (10069) Disc Quota Exceeded WSAESTALE (10070) Stale NFS file handle WSASYSNOTREADY (10091) Network SubSystem is unavailable WSAVERNOTSUPPORTED (10092) WINSOCK DLL Version out of range WSANOTINITIALISED (10093) Successful WSASTARTUP not yet performed WSAEREMOTE (10071) Too many levels of remote in path WSAHOST_NOT_FOUND (11001) Host not found WSATRY_AGAIN (11002) Non-Authoritative Host not found WSANO_RECOVERY (11003) Non-Recoverable errors: FORMERR, REFUSED, NOTIMP WSANO_DATA (11004)* Valid name, no data record of requested type WSANO_ADDRESS (11004)* No address, look for MX record JHicks@SUZ.com