Ariel Application.
- From: Phill Hardstaff <phillh@xxxxxxx>
- To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 12 Jun 2002 13:47:07 +1100
Anybody on the list ever try to get an application called Ariel to work with
ISA ? This is used by Libraries to transfer documents, uses Port 419 and a
load of ports between 1025 and 5000, from their support I got this below,
any help apprecitaed, if someone has already gone through this I don't want
to have to reinvent the wheel.
Ariel website http://www.rlg.org
##########
Ariel does not use the normal FTP port, but instead uses its own registered
port, which should not be used by any non-Ariel system. Also, except when
used for store-and- forward operations, something rarely done, an Ariel
server RECEIVES documents, it does not transmit them. The transmitter is a
client and is presumably under the control of someone inside the firewall.
I do not believe that configuring a firewall to pass Ariel traffic opens any
security hole.
Ariel's registered port numbers are:
419 -- Document port
421 -- Store-and-forward server port
422 -- Operator access port
As a client, Ariel uses 419 as it's remote port and a local port in the
range 1024- 5000 (choosen by whatever WinSock you are using) to establish
the FTP command connection. The Ariel server uses the client's local port
(the one in the range 1024-5000) as it's remote port and 419 as it's local
port. The Ariel server opens the data connection using a remote port
specified by the client (in the FTP PORT command) and a local port in the
range 1024-5000. Here's an example of the port usage [ports given in the
form (local-port,remote-port)]:
FTP command connection (initiated by client)
client (1025,419) <--> server (419,1025)
FTP data connection (initiated by server)
server (2978,4567) <--> client (4567,2978)
If your Ariel machine was the client in this example, your firewall would
have to pass "outbound" data on ports 419 and 2978 and "inbound" data on
ports 1025 and 4567. If your Ariel was the server (assuming you wanted to
receive from other sites), then your firewall would have to pass "inbound"
data on ports 419 and 2978 and "outbound" data on ports 1025 and 4567.
In other words, for Ariel to be fully functional, your firewall would have
to pass data on ports 419 and 1024-5000 in both directions. Port 421 is
used only if your machine is set up as a "store and forward" server; port
422 is used only if you have operator access enabled; port 420 is not used
by Ariel.
Any help apprecitaed, if someone has already gone through this I don't want
to have to reinvent the wheel.
Phill
Phill Hardstaff
MCSA, CCNA, A+, Network+, Inet+, Server+, CIW Assoc.
Senior Support Engineer
Secretariat of the Pacific Community
B.P. D5
Noumea Cedex - 98848
New Caledonia
Other related posts:
