× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2012

RE: FTPS firewall compatibility

Let me add some more context.

Both the client and server are 6.1 iSeries behind unique FWs. We are using active mode FTP whenever the client is originating behind a FW. Passive or active will work when the client is originating from the LAN. Unsecure transmissions between FW to FW iSeries work just fine (port 20/21), and secure (port 989/990) work to either system when the client originates from the anywhere in the company LAN or when I initiate FTPS from a FW system to any other iSeries in the LAN. It only fails when I try to initiate FTPS from FW to FW iSeries. I am 100% sure this is a FW rule issue, but I don't know how to explain this to our FW team.

***********************************
Bradford Lovelady

Operating Systems Engineer
Technology Infrastructure Services

Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209
MAC W2691-010
Tel 205-938-1999 l Cell 205-826-2834

brad.lovelady@xxxxxxxxxxxxxx


Wells Fargo Confidential

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.  Thank you for your cooperation.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Chris Bipes
Sent: Thursday, August 02, 2012 9:57 AM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: FTPS firewall compatibility

First to be clear your iSeries is acting as the client? The FTP server on the iSeries at V6R1 does not have any place to set passive mode parms which is your public IP and data port range.

If you are the client, can you connect from a PC client to the remote server? The remote server generally has 2 or more ports open for clients to establish connections. 990 is the implicit FTPS port. You can also connect to port 21 and issue the AUTH TLS command for an explicit FTPS connection.

Here is a link to a wiki on the subject: http://en.wikipedia.org/wiki/File_Transfer_Protocol



-----Original Message-----

Thanks, how did you get it to use 991? I do have 990/989 opened through the FW, but I am not selecting 989, it's the active FTP transfer port that my iSeries is using by default. What is weird is I can see 989 open on the server system in NETSTAT, but it just sits there are never transfers data. I think the FW has logic that blows this up because it cannot "see" the packets.

***********************************
Bradford Lovelady


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.