Kbase 20188: NameServer Client Port Range Minimum & Maximum
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
10/15/2008 |
|
Status: Verified
GOAL:
How to set the NameServer client port range minimum and maximum
GOAL:
What are maxNSClientPort and minNSClientPort
FACT(s) (Environment):
Progress 9.1B
Progress 9.1C
Progress 9.1D
FIX:
The Progress WebSpeed Messenger communicates with the NameServer via User Datagram Protocol (UDP). When it initiates the connection, the messenger sends a UDP packet to the known NameServer port. Upon receipt of the packet, the NameServer sends another UDP packet (a response) back to the messenger.
When there is a firewall between the WebSpeed Messenger and the NameServer, it might be necessary to open all UDP ports into the machine running the Messenger. This is because of the broadcast nature of the UDP protocol that is being used to communicate between the WebSpeed Messenger and the NameServer.
The opening of all of the 65,000 UDP ports, although not necessarily a security risk, is typically a manual and time consuming job. Progress Version 9.1B and higher introduces NameServer client port range minimum (minNSClientPort) and NameServer client port range maximum (maxNSClientPort). These values specify an range of UDP ports that are allowed for use on the client side when communicating with a NameServer.
With this addition, a firewall administrator can now restrict the UDP response from NameServer to client, to the range of ports specified in the properties file and thereby reduce the number of UDP ports that are open in the firewall.
To use this feature, specify maxNSClientPort and minNSClientport under messenger section in ubroker.properties file. The value for these two properties must be a number between 1024 and 65535 inclusive (or 0) and minNSClientPort must be less than maxNSCClientPort.
For additional information, see the comments section of the ubroker.properties file.