Firewall Issues - Erlanger Chart Room
Firewall Issues - Erlanger 2000
Firewall Issues - Erlanger Chart Room
ECR uses a private protocol based on verified requests from a client machine to servers hosted by Phil Erlanger Research Co., Inc. These servers are themselves protected by firewalls and constantly update virus monitoring software from outside interference. Only authorized users may connect to the service, and only transactional data is transferred from server to client (ie., no email, no web pages, etc). The protocol requires only a single port to be opened to the ECR server - the client program uses any available local port. (Erlanger IP Address 108.20.57.149 and Port 3990). The client program is a C++ app delivered as a self-installing package, and requires no manual configuration other than supplying a valid user name and password.
ECR has a backup server at IP Address 34.198.36.85, same port or port 80.. This address should also be opened in your firewall in case the primary server does not respond.
ECR has the capability to select the single port to be used by the ECR server. Right click on ECR's desktop icon and append to the target address one of the following:
For our corporate clients having issues with port 3990, you could enter:
ecr1.erlangerresearch.com:80, ecr2.erlangerresearch.com:80
For our corporate clients having issues with port 80, you could enter:
ecr1.erlangerresearch.com:3990, ecr2.erlangerresearch.com:3990
Firewall Issues - Erlanger 2000
Depending on your firewall program, it should be fairly simple to open a port to allow Erlanger 2000 to communicate with its servers. The following table gives you the information you need:
| IP | Physical Location | ISP |
| 209.213.76.100 | Acton, MA | meganet.net |
| 209.213.76.104 | Acton, MA | meganet.net |
| 209.213.90.89 | Acton, MA (backup server) | meganet.net |
| Server Port | Control Local | TCP Local |
| 5000 | 4000 | 4001 |
The range of ports that are used by Erlanger 2000 that should be open include:
- 4000 - 4002 - user must open these ports for incoming data packets
- 5000 - 5902 - user must open these ports for outgoing data requests
In addition to the above, we incorporate an internal login authorization routine that is run on a separate server. It is necessary to open your firewall for the following (it may be necessary to set up a static route to this server). Here is the pertinent information:
- Authorization server IP address: 209.213.76.100
- Backup Authorization server IP address: 209.213.90.89
- Authorization server subnet mask: 255.255.255.224
- Authorization server TCP port: 25403
QFeed uses direct TCP/IP connections to the Continuum Server network in order to ensure the fastest, most reliable connection to the data source. This is just the sort of connection firewalls are designed to prevent in order to protect computers behind the firewall from unwanted intrusion attempts from the Internet.
You can run QFeed through a proxy server or a firewall, but you must secure the cooperation of your firewall or Internet security administrator. The administrator must open a port in the firewall router or proxy server to allow QFeed to establish a connection to the outside world. The risk associated with opening up this port are small because it will be communicating with a single server in the Continuum network using connections opened from within your organization. QFeed normally uses the following ports:
Standard QFeed port: 23100, requires TCP/IP connections
Standard firewall port: 24100, requires TCP/IP connections
Continuum Ping or "Echo"
ContinuumClient sends and receives UDP ping packets to our servers on port 56398 or lower. Every new instance of ContinuumClient (created by other applications connecting to QFeed) will attempt to open port 56398 to send and receive listen for pings. If it can't, it listens on 56397, etc. This prevents ping collisions on that port. If this port is not open, the "echo" statistic reported in the ContinuumClient.ini file will be 65534 - the max reading - indicating it cannot reach that server on a ping.
Note from Erlanger : What the above paragraph basically says is, if it is possible for there to be more than one instance of an open Qfeed connection, a connection to the next lowest port will be attempted. Thus, if you have 25 clients, you should have open ports ranging from 56398 to 56373 (56398 minus 25). We recommend opening as a minimum range:
- 56398 to 56389
Steps to configuring QFeed to run behind a firewall
1) Have your system administrator configure the proxy server or firewall router to open up port 24100 and have traffic through that port directed at one or more of our Continuum Routers:
| Name | IP | Physical Location | ISP |
| herndon-r05.quote.com | 209.143.250.25 | Herndon, VA | Frontier |
| boston-r01.quote.com | 64.14.75.21 | Boston, MA | |
| boston-r02.quote.com | 64.14.75.22 | ||
| boston-r03.quote.com | 64.14.75.23 | ||
| boston-r04.quote.com | 64.14.75.24 | ||
| boston-r05.quote.com | 64.14.75.25 | ||
| boston-r06.quote.com | 64.14.75.26 | ||
| boston-r08.quote.com | 64.14.75.28 | ||
| boston-r09.quote.com | 64.14.75.29 | ||
| boston-r10.quote.com | 64.14.75.30 | ||
| snyvale-r01.quote.com | 64.210.188.21 | Sunnyvale, CA | |
| snyvale-r02.quote.com | 64.210.188.22 | ||
| snyvale-r04.quote.com | 64.210.188.24 | ||
| snyvale-r05.quote.com | 64.210.188.25 | ||
| snyvale-r06.quote.com | 64.210.188.26 | ||
| snyvale-r07.quote.com | 64.210.188.27 | ||
| snyvale-r08.quote.com | 64.210.188.28 | ||
| snyvale-r09.quote.com | 64.210.188.29 | ||
| sterling-r01.quote.com | 209.202.228.21 | Sterling | |
| sterling-r02.quote.com | 209.202.228.22 | ||
| sterling-r03.quote.com | 209.202.228.23 | ||
| sterling-r04.quote.com | 209.202.228.24 | ||
| sterling-r05.quote.com | 209.202.228.25 | ||
| sterling-r06.quote.com | 209.202.228.26 | ||
| sterling-r07.quote.com | 209.202.228.27 | ||
| sterling-r08.quote.com | 209.202.228.28 | ||
| sterling-r09.quote.com | 209.202.228.29 | ||
| sterling-r10.quote.com | 209.202.228.30 | ||
Which server you choose depends on your location, internet traffic conditions between you and the server, current server and router loads, and ISP inter-connectivity (or, peering) between your ISP and the several that we use.
To determine which server is best you can use the traceroute command ("tracert" in DOS) to see how many 'hops' or waypoints exist in the Internet route between your location and the servers. Ping time is also important. A better tool for doing both pinging and tracerouting with a very nice visual display is a shareware program called Ping Plotter .
2) Install your QFeed and try to run it. Continuum Client will create a file called ContinuumClient.ini in the same directory as Erlanger2000. This is where it stores information about the Continuum network of servers. Edit this file so that it has the following lines in it:
AutoUpdateServerList=false
Server=YourProxyServerName:24100
Replace YourProxyServerName with the name of your proxy server or firewall router. If you must use a different port than 24100, change that number to the port you wish to use in the line of the ContinuumClient.ini and contact us at phil@erlanger.com to let us know.
Save this file in your Program Files/Erlanger/erlanger2000/ directory with the name ContinuumClient.ini. You should now be able to launch your application and log in to the QFeed data services.
Known Issues
QFeed is incompatible with the WinGate proxy/firewall software.