Notes through a firewall

I have an internet notes server on one side of a Firewall that needs to talk to 3 notes servers on the other side. I can open up port 1352 to talk to one of the servers, however, I can only direct one port to one IP address. Can I get notes to talk to another notes server on a different port Number
Who is Participating?

Improve company productivity with a Business Account.Sign Up

rfharrisConnect With a Mentor Commented:
If you are really, really sure you want and need to change the port ... instructions below.  

Changing the Notes Specific TCP/IP Port Number

How can an administrator correctly change the Notes TCP/IP Port Number under Windows 95 or Windows NT 4.0 platforms?

(Note the term "Notes is used throughout this document, however, this procedure also applies to the Lotus Domino 4.5x Server Powered by Lotus Notes).

Changing the TCP port address on a Notes server is a two-step process.

1. Modify the services file located on NT in \WINNT\System32\drivers\etc\ (or for Windows 95, the \WIN95\ directory).

2. Add the line PORTNAME_TCPIPAddress= to the NOTES.INI file.

1.1) Editing the Services File: TCP Ports Used by Notes

By default, Notes servers use the TCP port 1352 when listening for Notes Client connections.  This port number was assigned to Lotus Notes by the Internet Assigned Number Authority (IANA), so it is unlikely to conflict with any other application on the network.  Notes clients, on the other hand, use dynamic port numbers which the TCP/IP network software chooses from a range of numbers that are made available for this purpose.  A client that connects to a Notes server connects to server port 1352.

To use a different port number for servers, configure the TCP/IP service "lotusnotes" in the manner appropriate to the network. This is generally done by adding a line to a file named SERVICES, which is normally located in a directory called \etc\ .

The configuration line should resemble the following:

Lotusnotes portnumber/tcp # LotusNotes \

....where portnumber is the TCP port of your choice.  It is very important to edit this file on every Notes Client and Notes Server that is communicating.

For example: To have the Notes Server use port 5000, you would add the following line to the SERVICES file:

Lotusnotes      5000/tcp      #LotusNotes

Note that the SERVICES file has no extension, much like the IP host file.  Once you open the SERVICES file with a text editor (such as Notepad) you will see how the file is constructed.

2.1) Edit the NOTES.INI File of Each Server or Partitioned Server to Include:
....where PORTNAME is the port name as defined in FILE, TOOLS, USER PREFERENCES, PORTS on the Notes Server's workstation, and IPaddress is the TCP/IP address of a specific partitioned Notes Server.  For example:

If the port name were "TCPIP" and the IP address of the machine were and you wanted it to use port 5000, the line added to the NOTES.INI would be:


NOTE:  Recall that on a LAN the Portname and the driver used for that portname are not directly correlated.  You could call the port SPX and still use the TCP driver - but for clarity, ease of configuration, and logic, no administrator does this.

Once these two steps are complete, you will need to recycle the Notes Server for the changes to take effect.  To test that you are using a different port, try to replicate a database via the Notes Server console replicate command.  Replicate to a target server that you were previously able to replicate to (before you alter the target server's configuration). You should not be able to replicate.

Supporting Information:

See the Lotus Domino System Administrators Help Guide:
*About Notes and TCP/IP

*Setting up Notes and multiple TCP/IP ports
You can´t setup notes to use diffrent ports but couldn´t you let the 3 servers on the inside initiate the replication or what you want to do ?

If indeed your firewall will only permit one inbound IP address to be mapped to a given port (1352) then you may want to use 'passthrough.'  Passthrough connections allow Notes communication *through* a specified server.  

Rough approximation of Steps ...
1.  Modify the server doc of server currently reachable on the inside of the FW to permit passthrough connections.  You will need to add your internet server and any external other servers/users you wish to the field labeled "Route Through" in the Security/Passthrough section of the server doc.

2.  Modify the server docs of the other two internal servers to accept passthrough connections.  You will need to add the same community of servers/users as mentioned in step 1 to the field labeled "Access this server" in the same Security/Passthrough section.

3.  Create (or rewrite as needed) passthrough connection documents from your internet server to the two internal servers that are now reachable *through* the first server.

-- Rhonda
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

philsmicronetAuthor Commented:
I have seen on that it does seem to be possible, however, no one has listed the steps involved.
Yes - changing the port is possible -- but not recommended.  Have you considered the other ramifications changing Notes port may have on your overall communication architecture?
philsmicronetAuthor Commented:
I tested the Pass through and this works fine. I'm sorry, but my other comment was not directed to you, I actually attempted to award you the points with the passthrough comment but something went wrong

Glad to hear you have the passthrough working.  It is a terrific feature -- but very underused.  

You may want to keep an eye on the "server in the middle" for resource allocation and performance.  The hit from passthrough isn't bad (from my experience) but it gets some sys admin types nervous.  I have found that planning each passthrough connection as if it were two simultaneous connections is "close enough" for my server loadbalancing guestimates.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.