602SQL Documentation Index  

Firewalls and Ports while Using the TCP/IP Protocol

An Overview of Ports while Communicating to a 602SQL Server

Port numbers that a client and a server work with:

Server

A server listens to and receives search datagrams from clients that want to check if the server is running on a UDP port specified by the PORTBASE number. The very same port is user for receiving asynchronous interrupts of already connected clients.

A SQL server sends datagrams informing clients about its operation on those client addresses that sent the search datagrams earlier. The datagram is sent to the 5002 port, unless this port is already taken.

The TCP server port for connecting clients (listening port): PORTBASE+1. The ability to create a connection on this port is sufficient for client connection and its work on the server.

If the HTTP-tunneling is enabled, then the server also uses the TCP port HTTPTUNNELPORT specified in the Protocols and ports dialog (default 80).

Client

A client searching for a running server sends datagrams from any port to known server addresses and their PORTBASE ports (in order to learn that a registered server is running) and further broadcasts them on port 5001 (in order to learn whether a unregistered server is running in some network segment on the default port). Simultaneously the client receives datagrams from servers on its port 5002 (or some other port if this port is taken). Both these server operations may be disabled.

If a client waits for some server operation to complete and needs an asynchronous interrupt of this operation, then it sends a datagram from any of its ports to the server address and its PORTBASE port.

For the verification of connection to a network address the client sends packet of the ICMP_ECHO type. This operation is executed only for an explicit request.

A client creates a TCP server connection on a port PORTBASE+1 which is assigned by the operating system. This operation only is necessary for the client to work with a server. The IP address and port number of the connection established by the client can be obtained on the server by a system query _IV_LOGGED_USERS in the Net_address column.

If a server is registered by a client on port 80, then the client creates a TCP connection to the server on that port and uses the HTTP-tunneling.

If a server is registered on port 80 in a client, then the client will create a TCP connection to the server on this port and will use HTTP tunneling.

Diagnostics

The netstat console command serves for the port number verification between 602SQL server and clients both on Linux and Windows. Its syntax for Windows is
netstat -an
Its syntax for Linux is
netstat -npaA inet |grep 602sql95

A Client - Server Connection over a SOCKS Firewall

A SOCKS firewall is a product supplied by Software602 that allows connection of a local network to the Internet while selecting incoming packets for better network security against intruder attacks. The programs whose packets should pass this firewall have to be properly adjusted for that.

You have to check the Connect through a SOCKS server checkbox in the client and specify the IP address of the SOCKS firewall in the Server connection data dialog from the popup menu of an server to be connected. There's a small question mark on the control panel at such server, because the 602SQL client can't determine if the server is running.

Only one SOCKS firewall can stand between a client and a server, be it on the client computer or on the server computer. If both the client and the server are connected to the Internet through a SOCKS firewall than they have to be run on the same computer thus having direct access to the Internet.

The firewall parameters have to be adjusted so the firewall allows communication between the client address and the server address.

A restriction to this communication is that the client can't interrupt a longlasting server operation by calling the Break the client's operation from the Clients and threads tab of the Monitor window.