Network Configuration
PubMed Entrez BLAST OMIM Taxonomy Structure

 

Last modified: $Date: 2014/05/12 16:36:07 $
Latest version: http://www.ncbi.nlm.nih.gov/IEB/ToolBox/NETWORK/firewall.html

When first downloaded, your NCBI application runs in stand-alone mode, without access to the network. However, your program can also be configured to exchange information with the NCBI (GenBank) over the Internet. The network-aware mode of your application is identical to the stand-alone mode, but it contains some additional useful options.

Your application can only function in its network-aware mode if the computer on which it resides has a direct Internet connection. Electronic mail access to the Internet is insufficient. In general, if you can install and use a WWW-browser on your system, you should be able to install and use the network. Check with your system administrator or Internet provider if you are uncertain as to whether you have direct Internet connectivity.

To launch the configuration form, select Net Configure under the Misc menu in Sequin or Network Entrez, or the Options menu in Cn3D. If you are using blastcl3, you must run Sequin, Network Entrez, or Cn3D first to configure blastcl3. This is necessary because blastcl3 has no graphical user interface.


If you are not behind a firewall, set the Connection control to Normal. If you also have a Domain Name Server (DNS) available, you can now simply press Accept.

If DNS is not available, uncheck the Domain Name Server button. If you are behind a firewall, set the Connection control to Firewall. Both the HTTP Proxy and the Non-transparent Proxy boxes then become active. If your site uses an HTTP proxy server, type in its address. (If you have DNS, it can be of the form www.myproxy.myuniversity.edu; if you do not have DNS, you should enter the numerical IP address of the form 127.65.43.21.) Once you type something in the HTTP Proxy box, the HTTP Proxy Port box becomes active and can be filled in. If your site has a non-transparent proxy server (a CERN-like proxy), enter its name (or address) in the Non-transparent Proxy box. Ask your network administrator for advice on the proper settings to use.

If you are in the United States, the default Timeout of 30 seconds should suffice. From foreign countries with poor Internet connection to the U.S., you can select up to 5 minutes as the timeout.

Finally, you will need to quit and restart your application in order for the network-aware settings to take effect.

If you are behind a firewall, it must be configured correctly to access NCBI services. Your network administrators may have done this already. If not, please have them read the section below.

The following section is intended for network administrators:

Using NCBI services from behind a network security firewall requires opening ports in your firewall. The ports to open are:

Firewall Port        IP Address
--------------------------------
 5860..5870         130.14.29.112
 5860..5870         165.112.7.12

If your firewall is not transparent, the firewall port number should be mapped to the same port number on the external host.

Even though port 5860 may not be routinely made accessible to the public, and is usually reserved for NCBI internal use only, it is recommended that the port is kept open through the firewall just as all other ports from the range, in case the public access will eventually be enabled on this port as well.

To see what ports are currently on, and their status, as reported within NCBI, please refer to the following Firewall Daemon Presence Check page. Ports marked INTERNAL are solely for NCBI own use, and may be inaccessible from your site. That, however, does not affect availability of any services that NCBI provides through other (open) firewall ports.

TROUBLESHOOTING: You can test whether these special ports are connectable from your host just by running simple telnet command (available on most current systems). To know which ports, at the moment, you should be trying from the list above (see the "Ports to open"), first check their status by visiting Firewall Daemon Presence Check link, then select any up-and-running port and do the following (the example assumes port 5861 has been shown in operational state):

  telnet 130.14.29.112 5861
When connected, enter a line of arbitrary text (hitting the <Enter> key alone also works): if everything is fine, the session will look as follows (the line "test" is your input there):
| > telnet 130.14.29.112 5861
| Trying 130.14.29.112...
| Connected to 130.14.29.112.
| Escape character is '^]'.
| test
| NCBI Firewall Daemon:  Invalid ticket. Connection closed.
| Connection closed by foreign host.

If your command cannot connect at all (e.g. it hangs then times out), or you see a different response from what is shown above, it indicates that the port is not configured correctly.

NCBI C++ Toolkit provides more detailed Firewall Daemon Documentation, and discusses its integration into the overall functions of NCBI dispatching facilities.

There is also an auxiliary automated UNIX shell script fwd_check.sh to check all of the preset ports, and it is kept in-sync with currently configured open ports (so remember to refresh your download prior to actual use).

Note: Old NCBI clients used different application configuration settings and ports than listed above. If you need to support such clients, which are now obsolete, please contact info@ncbi.nlm.nih.gov for further information.