IBM Support

TCP/IP Ports Required for IBM i Access and Related Functions

Troubleshooting


Problem

This document provides information on which TCP/IP ports are required to have access when using IBM i Access Client Solutions.

Resolving The Problem

The following table lists the ports that IBM i Access and related functions use for communication with the IBM i OS System:
 
PC Function
Server Name
Port Non-SSL Port SSL
  • Server Mapper
  • as-svrmap
  • 449
  • ---
  • License Management
  • as-central
  • 8470
  • 9470
  • Database Access
  • as-database
  • 8471
  • 9471
  • Data Queues
  • as-dtaq
  • 8472
  • 9472
  • IFS Access using
    Access/Navigator
  • as-file
  • 8473
  • 9473
  • Network Printers
  • as-netprt
  • 8474
  • 9474
  • Remote Command
  • as-rmtcmd
  • 8475
  • 9475
  • Signon Verification
  • as-signon
  • 8476
  • 9476
  • Telnet (5250 Emulation)
  • telnet
  • 23
  • 992
  • Navigator for i (Heritage version)
  • as-nav
  • 2004
  • 2005
  • New Navigator for i
  • as-new-nav
  • 2002
  • 2003
  • Digital Certificate Manager
  • as-admin3-http
  • 2006
  • 2007
  • HTTP Administration
  • as-admin
  • 2001
  • 2010
  • DDM/DRDA
  • DDM/DRDA
  • 446
  • 448
  • NetServer
  • netbios >
  • 137
  • ---
  • NetServer 
  • netbios >
  • 139
  • ---
  • NetServer (CIFS)
  • CIFS
  • 445
  • ---
  • Secure Shell
  • ssh
  • 22
  • ---
  • Service Tools Server
  • as-sts
  • 3000
  • ---

If any of the above ports are restricted by using a firewall or any other mechanism, IBM i Access or related functions might fail to operate. For assistance with configuring ports or working with a firewall beyond the above information, contact the firewall provider or obtain a consulting agreement.
Note:
The following ports are common to most IBM i Access Client products such as ODBC, Telnet, and other specific functions:
Port 449 is used to look up service by name and return the port number.
Ports 8470 and 9470(TLS/SSL) are used for host code page translation tables and licensing functions.
Ports 8475 and 9475(TLS/SSL) are used to check for application administration restrictions.
Ports 8476 and 9476(TLS/SSL) are used for checking signon verification to authenticate.
depending on your needs you may only need the above ports and the port(s) for your function/application.

For the ports used by the Console, see document N1015344, IBM iSeries Port Assignments with Operations Console.
For a list of currently listening IPv4 daemons on the IBM i, run the following SQL statement:
SELECT LOCAL_PORT, LOCAL_PORT_NAME, BIND_USER, IDLE_TIME 
FROM QSYS2.NETSTAT_INFO
where LOCAL_ADDRESS = '0.0.0.0';
Other options are the CL command NETSTAT OPTION(*CNN) or to review the output from WRKSRVTBLE OUTPUT(*PRINT).

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CMAAA2","label":"Communications-\u003ETCP"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]

Historical Number

13642023

Document Information

Modified date:
04 December 2023

UID

nas8N1019667