Notes through a firewall

Posted on 2000-02-29
Last Modified: 2013-12-18
I have an internet notes server on one side of a Firewall that needs to talk to 3 notes servers on the other side. I can open up port 1352 to talk to one of the servers, however, I can only direct one port to one IP address. Can I get notes to talk to another notes server on a different port Number
Question by:philsmicronet
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2

Expert Comment

ID: 2571788
You can´t setup notes to use diffrent ports but couldn´t you let the 3 servers on the inside initiate the replication or what you want to do ?


Expert Comment

ID: 2574366
If indeed your firewall will only permit one inbound IP address to be mapped to a given port (1352) then you may want to use 'passthrough.'  Passthrough connections allow Notes communication *through* a specified server.  

Rough approximation of Steps ...
1.  Modify the server doc of server currently reachable on the inside of the FW to permit passthrough connections.  You will need to add your internet server and any external other servers/users you wish to the field labeled "Route Through" in the Security/Passthrough section of the server doc.

2.  Modify the server docs of the other two internal servers to accept passthrough connections.  You will need to add the same community of servers/users as mentioned in step 1 to the field labeled "Access this server" in the same Security/Passthrough section.

3.  Create (or rewrite as needed) passthrough connection documents from your internet server to the two internal servers that are now reachable *through* the first server.

-- Rhonda

Author Comment

ID: 2574518
I have seen on that it does seem to be possible, however, no one has listed the steps involved.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 2574929
Yes - changing the port is possible -- but not recommended.  Have you considered the other ramifications changing Notes port may have on your overall communication architecture?

Accepted Solution

rfharris earned 100 total points
ID: 2574940
If you are really, really sure you want and need to change the port ... instructions below.  

Changing the Notes Specific TCP/IP Port Number

How can an administrator correctly change the Notes TCP/IP Port Number under Windows 95 or Windows NT 4.0 platforms?

(Note the term "Notes is used throughout this document, however, this procedure also applies to the Lotus Domino 4.5x Server Powered by Lotus Notes).

Changing the TCP port address on a Notes server is a two-step process.

1. Modify the services file located on NT in \WINNT\System32\drivers\etc\ (or for Windows 95, the \WIN95\ directory).

2. Add the line PORTNAME_TCPIPAddress= to the NOTES.INI file.

1.1) Editing the Services File: TCP Ports Used by Notes

By default, Notes servers use the TCP port 1352 when listening for Notes Client connections.  This port number was assigned to Lotus Notes by the Internet Assigned Number Authority (IANA), so it is unlikely to conflict with any other application on the network.  Notes clients, on the other hand, use dynamic port numbers which the TCP/IP network software chooses from a range of numbers that are made available for this purpose.  A client that connects to a Notes server connects to server port 1352.

To use a different port number for servers, configure the TCP/IP service "lotusnotes" in the manner appropriate to the network. This is generally done by adding a line to a file named SERVICES, which is normally located in a directory called \etc\ .

The configuration line should resemble the following:

Lotusnotes portnumber/tcp # LotusNotes \

....where portnumber is the TCP port of your choice.  It is very important to edit this file on every Notes Client and Notes Server that is communicating.

For example: To have the Notes Server use port 5000, you would add the following line to the SERVICES file:

Lotusnotes      5000/tcp      #LotusNotes

Note that the SERVICES file has no extension, much like the IP host file.  Once you open the SERVICES file with a text editor (such as Notepad) you will see how the file is constructed.

2.1) Edit the NOTES.INI File of Each Server or Partitioned Server to Include:
....where PORTNAME is the port name as defined in FILE, TOOLS, USER PREFERENCES, PORTS on the Notes Server's workstation, and IPaddress is the TCP/IP address of a specific partitioned Notes Server.  For example:

If the port name were "TCPIP" and the IP address of the machine were and you wanted it to use port 5000, the line added to the NOTES.INI would be:


NOTE:  Recall that on a LAN the Portname and the driver used for that portname are not directly correlated.  You could call the port SPX and still use the TCP driver - but for clarity, ease of configuration, and logic, no administrator does this.

Once these two steps are complete, you will need to recycle the Notes Server for the changes to take effect.  To test that you are using a different port, try to replicate a database via the Notes Server console replicate command.  Replicate to a target server that you were previously able to replicate to (before you alter the target server's configuration). You should not be able to replicate.

Supporting Information:

See the Lotus Domino System Administrators Help Guide:
*About Notes and TCP/IP

*Setting up Notes and multiple TCP/IP ports

Author Comment

ID: 2574999
I tested the Pass through and this works fine. I'm sorry, but my other comment was not directed to you, I actually attempted to award you the points with the passthrough comment but something went wrong


Expert Comment

ID: 2575025
Glad to hear you have the passthrough working.  It is a terrific feature -- but very underused.  

You may want to keep an eye on the "server in the middle" for resource allocation and performance.  The hit from passthrough isn't bad (from my experience) but it gets some sys admin types nervous.  I have found that planning each passthrough connection as if it were two simultaneous connections is "close enough" for my server loadbalancing guestimates.


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question