[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Time Out
I asked our network guy to "make a hole" in the firewall for outbound ftp, http and https. That way the IBMi does not have to authenticate to the proxy server (which at the time was going to be hard to do).
We talked it over extensively and decided we could rely on the firewall to control that. We also opened a few other ports over the years to allow other "outbound" things like ping, dns, etc. The list continues to grow as we become comfortable with our firewall.
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Charles Wilt
Sent: Friday, July 11, 2014 7:29 AM
To: HTTPAPI and FTPAPI Projects
Subject: Re: Time Out
Probably the firewall...
TRACEROUTE will let you see if you're getting outside the i.
Many larger companies have a proxy server configured to restrict browsing inappropriate sites. The firewall is then configured to only allow outbound connections from the proxy server.
Take a look at your PC browser settings.
HTTP API provides
http_setproxy()
http_proxy_setauth()
Or you could see if the network team would add an exception for your i's IP address.
Charles
On Thu, Jul 10, 2014 at 8:42 AM, Giel van der Merwe < Giel.vanderMerwe@xxxxxxxxxx> wrote:
> I can't ping the outside addresses, would you say that it is a
> restriction on the AS400 or the firewall?
> -----Original Message-----
> From: [1]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Mike Krebs
> Sent: 27 June 2014 05:26 PM
> To: HTTPAPI and FTPAPI Projects
> Subject: RE: Time Out
> Start with the basics.
> Can the IBMi ping the 10.98.248.168?
> Can it ping external address like 98.138.252.30?
> Can it ping by name [2]www.yahoo.com?
> Can you run EXAMPLE1?
> Can you run EXAMPLE3? (this ends in 302 error now but shows https:
> works) (add a debug statement so you can see debug)
> If you can run EXAMPLE1 but not EXAMPLE3 (check which error you are
> getting), firewall restrictions on port 443.
> -----Original Message-----
> From: [3]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Giel van
> der Merwe
> Sent: Friday, June 27, 2014 2:06 AM
> To: [4]ftpapi@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Time Out
> Does anyone know how I would try and establish why I get a time-out,
> the log file looks like this
> ************Beginning of data************** HTTPAPI Ver 1.24 released
> 2012-01-23 OS/400 Ver V7R1M0
> http_persist_open(): entered
> http_long_ParseURL(): entered
> DNS resolver retrans: 2
> DNS resolver retry : 2
> DNS resolver options: x'00000136'
> DNS default domain: africa.bwm-global.com DNS server found:
> 10.98.248.168
> SetError() #7: Timeout occurred while trying to connect to server!
> ************End of Data********************
> I think it has something to with ssl but I am not sure.
> Giel van der Merwe
> #######################################################################
> ##############
> The provisions of Sections 11,12, and 13 of the Electronic
> Communications and Transactions Act, 25 of 2002, in so far as
> e-contracting is concerned is expressly excluded and contracted out by
> Barloworld South Africa (Pty) Ltd ("Barloworld") and no data message or
> electronic communication will be recognised as having legal contractual
> status as per the aforementioned provisions under any circumstances.
> All contracts concluded by Barloworld, its Business Units, Divisions
> and Subsidiaries will only be legally binding and recognised once
> reduced to physical writing and physically signed by a duly authorised
> representative of Barloworld.
> All other provisions of the Electronic Communications and Transactions
> Act, 25 of 2002 are accepted.
> #######################################################################
> ##############
> Note:
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please immediately delete it and
> all copies of it from your system, destroy any hard copies of it and
> notify the sender. You must not, directly or indirectly, use, disclose,
> distribute, print, or copy any part of this message if you are not the
> intended recipient. Avis and any of its subsidiaries each reserve the
> right to monitor all e-mail communications through its networks.
> Any views expressed in this message are those of the individual sender,
> except where the message states otherwise and the sender is authorized
> to state them to be the views of any such entity.
> Thank You.
> #######################################################################
> ##############
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubscribe, please go to:
> [5]http://www.scottklement.com/mailman/listinfo/ftpapi
>
> ----------------------------------------------------------------------
> -
>
> References
>
> 1. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
> 2. http://www.yahoo.com/?
> 3. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
> 4. mailto:ftpapi@xxxxxxxxxxxxxxxxxxxxxx
> 5. http://www.scottklement.com/mailman/listinfo/ftpapi
>
> ----------------------------------------------------------------------
> - This is the FTPAPI mailing list. To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> ----------------------------------------------------------------------
> -
>
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------