1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
<html>
<head>
<!-- put your site name between the title tags and uncomment
<title>Site Name</title>
-->
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<!-- if you use the following meta tags, uncomment them.
<META NAME="keywords" CONTENT="insert your keywords for the search engine">
<META NAME="description" CONTENT="insert the description to be displayed by the search engine. Also searched by the search engine.">
-->
<link rel="stylesheet" href="http://www.ncbi.nlm.nih.gov/corehtml/ncbi2.css">
</head>
<body bgcolor="#FFFFFF" background="http://www.ncbi.nlm.nih.gov/corehtml/bkgd.gif" text="#000000" link="#CC6600" vlink="#CC6600">
<!-- the header -->
<table border="0" width="600" cellspacing="0" cellpadding="0">
<tr>
<td width="140"><a href="http://www.ncbi.nlm.nih.gov"> <img src="http://www.ncbi.nlm.nih.gov/corehtml/left.GIF" width="130" height="45" border="0"></a></td>
<td width="360" class="head1" valign="BOTTOM"> <span class="H1">Network Configuration</span></td>
<td width="100" valign="BOTTOM"></td>
</tr>
</table>
<!-- the quicklinks bar -->
<table CLASS="TEXT" border="0" width="600" cellspacing="0" cellpadding="3" bgcolor="#000000">
<tr CLASS="TEXT" align="CENTER">
<td width="100"><a href="http://www.ncbi.nlm.nih.gov/PubMed/" class="BAR">PubMed</a></td>
<td width="100"><a href="http://www.ncbi.nlm.nih.gov/Entrez/" class="BAR">Entrez</a></td>
<td width="100"><a href="http://www.ncbi.nlm.nih.gov/BLAST/" class="BAR">BLAST</a></td>
<td width="100"><a href="http://www.ncbi.nlm.nih.gov/omim/" class="BAR">OMIM</a></td>
<td width="100"><a href="http://www.ncbi.nlm.nih.gov/Taxonomy/taxonomyhome.html" class="BAR">Taxonomy</a></td>
<td width="100"><a href="http://www.ncbi.nlm.nih.gov/Structure/" class="BAR">Structure</a></td>
</tr>
</table>
<!-- the contents -->
<table border="0" width="600" cellspacing="0" cellpadding="0">
<tr valign="TOP"> <!-- left column -->
<td width="125">
<img src="http://www.ncbi.nlm.nih.gov/corehtml/spacer10.GIF" width="125" height="1" border="0">
</td>
<!-- extra column to force things over the gif border -->
<td width="15"><img src="http://www.ncbi.nlm.nih.gov/corehtml/spacer10.GIF" width="15" height="1" border="0"> </td>
<!-- right content column -->
<td width="460">
<p> </p>
<p>
<i>Last modified:</i> $Date: 2014/05/12 16:36:07 $<br>
<i>Latest version: </i>
<a href="http://www.ncbi.nlm.nih.gov/IEB/ToolBox/NETWORK/firewall.html">
http://www.ncbi.nlm.nih.gov/IEB/ToolBox/NETWORK/firewall.html</a>
<p> When first downloaded, your NCBI application runs in stand-alone mode,
without access to the network. However, your program can also be configured
to exchange information with the NCBI (GenBank) over the Internet. The
network-aware mode of your application is identical to the stand-alone
mode, but it contains some additional useful options.
<p> Your application can only function in its network-aware mode if the
computer on which it resides has a direct Internet connection. Electronic
mail access to the Internet is insufficient. In general, if you can install
and use a WWW-browser on your system, you should be able to install and
use the network. Check with your system administrator or Internet provider
if you are uncertain as to whether you have direct Internet connectivity.
<p> To launch the configuration form, select Net Configure under the Misc
menu in Sequin or Network Entrez, or the Options menu in Cn3D. If you are using
blastcl3, you must run Sequin, Network Entrez, or Cn3D first to configure blastcl3. This is
necessary because blastcl3 has no graphical user interface.<br>
<p align="center">
<img src="firedialog.gif" align=bottom>
<br>
<p>
If you are not behind a firewall, set the <b>Connection</b> control to <b>Normal</b>.
If you also have a Domain Name Server (DNS) available, you can now simply press
<b>Accept</b>.
<p>
If DNS is not available, uncheck the <b>Domain Name Server</b> button. If you
are behind a firewall, set the <b>Connection</b> control to <b>Firewall</b>.
Both the <b>HTTP Proxy</b> and the <b>Non-transparent Proxy</b> boxes then become active.
If your site uses an HTTP proxy server, type in its address. (If you have DNS, it
can be of the form <tt>www.myproxy.myuniversity.edu</tt>; if you do not have DNS, you
should enter the numerical IP address of the form <tt>127.65.43.21</tt>.)
Once you type something in the <b>HTTP Proxy</b> box, the <b>HTTP Proxy Port</b> box
becomes active and can be filled in.
If your site has a non-transparent proxy server (a CERN-like proxy), enter
its name (or address) in the <b>Non-transparent Proxy</b> box.
Ask your network administrator for advice on the proper settings to use.
<p>
If you are in the United States, the default <b>Timeout</b> of 30 seconds should
suffice. From foreign countries with poor Internet connection to the U.S., you
can select up to 5 minutes as the timeout.
<p>
Finally, you will need to quit and restart your application in order for the network-aware
settings to take effect.
<p>
If you are behind a firewall, it must be configured correctly to access NCBI
services. Your network administrators may have done this already. If not, please
have them read the section below.
<p>
<a name="Settings"></a>
<b>The following section is intended for network administrators:</b>
<p>
Using NCBI services from behind a network security firewall requires opening
ports in your firewall. The ports to open are:
<p align="center">
<pre>
Firewall Port IP Address
--------------------------------
5860..5870 130.14.29.112
5860..5870 165.112.7.12
</pre>
<p>
If your firewall is not transparent, the firewall port number
should be mapped to the same port number on the external host.
<p>
Even though port 5860 may not be routinely made accessible to the public,
and is usually reserved for NCBI internal use only, it is recommended that
the port is kept open through the firewall just as all other ports from the range,
in case the public access will eventually be enabled on this port as well.
<p>
To see what ports are currently on, and their status, as reported within
NCBI, please refer to the following <a href="fwd_check.cgi">Firewall Daemon Presence
Check</a> page. Ports marked <b>INTERNAL</b> are solely for NCBI own use, and may be
inaccessible from your site. That, however, does not affect availability of any
services that NCBI provides through other (open) firewall ports.
<p>
TROUBLESHOOTING: You can test whether these special ports are connectable from
your host just by running simple <tt>telnet</tt> command (available on most
current systems). To know which ports, at the moment, you should be trying
from the list above (see the "Ports to open"), first check their status by visiting
<a href="fwd_check.cgi">Firewall Daemon Presence Check</a> link, then select any
up-and-running port and do the following (the example assumes port 5861 has
been shown in operational state):
<pre>
telnet 130.14.29.112 5861
</pre>
When connected, enter a line of arbitrary text (hitting the <Enter>
key alone also works): if everything is fine, the session will look as follows
(the line "test" is your input there):
<pre>
| > telnet 130.14.29.112 5861
| Trying 130.14.29.112...
| Connected to 130.14.29.112.
| Escape character is '^]'.
| test
| NCBI Firewall Daemon: Invalid ticket. Connection closed.
| Connection closed by foreign host.
</pre>
<p>
If your command cannot connect at all (e.g. it hangs then times out), or you see a different
response from what is shown above, it indicates that the port is not configured correctly.
<p>
<a href="http://www.ncbi.nlm.nih.gov/IEB/ToolBox/CPP_DOC/">NCBI C++ Toolkit</a> provides more detailed <a
href="http://www.ncbi.nlm.nih.gov/toolkit/doc/book/ch_app/#ch_app.Firewall_Daemon_FWDa">Firewall
Daemon Documentation</a>, and discusses its integration into the overall
functions of NCBI dispatching facilities.
<p>
There is also an auxiliary automated UNIX shell script
<a href="fwd_check.sh">fwd_check.sh</a> to check all of
the preset ports, and it is kept in-sync with currently
configured open ports (so remember to refresh your download
prior to actual use).
<p>
Note: Old NCBI clients used different application configuration settings and
ports than listed above. If you need to support such clients, which are now
obsolete, please contact <a href="mailto:info@ncbi.nlm.nih.gov">
<tt>info@ncbi.nlm.nih.gov</tt></a> for further information.
<p> </p>
</td>
</tr>
</table>
<!-- end of content -->
</body>
</html>
|
