[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FTPAPI
Sender: "Elbert Cook" <elbert@xxxxxxxxxxxxxxx>
Thanks for the explanation of passive.
But if its a firewall issue, I can't find the problem.
My pc is connected to the same switch, going into the same Firewall
appliance and DSL modem as our Iseries.
I can transfer the file using my PC no problem, but the Iseries times out.
The banks network guy just called, and he says the problem is the way the do
NAT on their end, and that no AS400's or System 390's can connect.
He said the way they NAT, IBM views as an attack, where as most pc ftp
software programs don't care.
Anyway he says they are looking at the NAT situation on their end.
Thanks for the help.
They recently add a https web page for transfering the files. So I'm going
to try and connect using your HTTPAPI service programs.
----- Original Message -----
From: "Scott Klement" <klemscot@xxxxxxxxxxxx>
To: <ftpapi@xxxxxxxxxxxxx>
Sent: Monday, August 23, 2004 12:09 PM
Subject: Re: FTPAPI
> Sender: Scott Klement <klemscot@xxxxxxxxxxxx>
>
>
> Hi Elbert,
>
> > I connect to their FTP server and get a secure connection on port 20021.
> > I supply or userid and password.
> >
> > If I do a DIR or PUT, the connection eventually times-out.
>
> This is a firewall issue. Each time you try to do a "DIR" or "LS" or
> transfer a file (either PUT or GET) it makes a separate connection to the
> server.
>
> In passive mode, the server tells the FTP program what port to connect to,
> and then the FTP program connects to the server's port, receives/sends the
> file or directory list, and disconnects.
>
> In standard (non-passive, or "active") mode FTP, the client actually sends
> a port number to the server, and the server makes a connection back to the
> client.
>
> Your firewall isn't allowing these connections through, and that's why the
> timeout is occurring.
>
> To troubleshoot this further.
>
> a) Start an FTP session. After you've typed the userid and password, type
> DEBUG 1
>
> b) type DIR. It should show something like this:
>
> > DIR
> >>> PASV
> 227 Entering Passive Mode (192,168,5,7,192,0)
>
> The word "PASV" means that you're working in passive mode.
> The numbers in parenthesis are the IP address and port that the client
> is attempting to connect to. In this example, the IP address is
> 192.168.5.7. It should be the same address as the FTP server. The
> final numbers are the two bytes that make up the port number.
> 192 * 256 + 0 = 49152, so it's attempting to connect to port 49152 on
> the FTP server.
>
> c) Here's a standard FTP example of the same thing:
>
> > dir
> >>> PORT 192,168,5,4,55,157
> 200 PORT command successful.
>
> In standard FTP, the FTP client is sending an IP address and port and it
> expects the server to connect back. So this time, it'll be an INCOMING
> firewall rule that needs to be added (which is why passive is the
> default, so that people don't need to open more incoming ports)
>
> the number following the "PORT" subcommand is, again, the IP addess
> followed by 2 bytes for the port. In this case, the port is
> 55 * 256 + 157 = 14237
>
> The really fun part about it is that the port number can/will be different
> with every file transfer or directory listing. Usually, there's a range
> of port numbers that's used, but on a busy FTP server, that can be a very
> large range.
>
> Good Luck
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubsribe from the list send mail
> to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
> -----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------