I need to cast my mind back here but one of the issues I used to run into is that the firewalls hadn't been configured to be ftp stateful on the secure control port. I would have thought that 990 would have been added as a default by now but it's worth checking. If you're the client and you're running PASV then the onus is going to be on the servers firewall to be FTP stateful - yours shouldn't matter assuming you have no outward connection restrictions. If you're active both firewalls need to be stateful. If the server's working for other connections then they've obviously sorted it out on their end. And of course you'll HAVE to use CCC.

On 8/2/2012 4:38 PM, brad.lovelady@xxxxxxxxxxxxxx wrote:
Thanks, how did you get it to use 991? I do have 990/989 opened through the FW, but I am not selecting 989, it's the active FTP transfer port that my iSeries is using by default. What is weird is I can see 989 open on the server system in NETSTAT, but it just sits there are never transfers data. I think the FW has logic that blows this up because it cannot "see" the packets.

***********************************
Bradford Lovelady

Operating Systems Engineer
Technology Infrastructure Services

Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209
MAC W2691-010
Tel 205-938-1999 l Cell 205-826-2834

brad.lovelady@xxxxxxxxxxxxxx


Wells Fargo Confidential

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Chris Bipes
Sent: Thursday, August 02, 2012 9:24 AM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: FTPS firewall compatibility

Once you connect have you tried to go into passive mode. SEND PASV? I see you are using active mode but has your firewall admin opened up 989 and it that open at the remote end? We here use 990/991 combo.

-----Original Message-----

All,

I cannot get FTPS to work on our firewalled iSeries systems. We are using active mode FTP, with and without clear command channel. The control port does function (990), but anything that sends or retrieves data over the transfer port (989) just stalls. I know it has something to do with the FW not being able to see information in the encrypted packets, but "ccc" clear command channel is supposed to remedy that right? SFTP would work because everything goes over the secure shell port, but our application uses the native iSeries FTP. So I am stuck trying to use FTPS only. Anyway, I am tired of unsuccessful trial and error. Does anyone out there have advice on this subject? Surely I cannot be the only guy using iSeries behind a FW.

***********************************
Bradford Lovelady



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.