Re: FTP to/from IBM i issues -- MIDRANGE-L

Thanks for that explanation Scott. That made much more sense to me that
the various on line descriptions.

On Fri, Aug 9, 2019 at 3:57 PM Scott Klement <midrange-l@xxxxxxxxxxxxxxxx>
wrote:

Hi Brad,

Each time you transfer a file or directory listing, FTP picks from a
list of available tcp port numbers ("ephemeral ports" it calls them) and
sends information about which port it is using. The other side of the
connection attempts to connect to the system on that port. This
connection is separate from the one in which the login and the various
commands are sent.

The difference between passive and active FTP is which side listens on
the port, and which side connects to the port. In active ("regular")
FTP, the FTP client actually opens and listens to this ephemeral port,
and sends the info about the port number to the server. The server
actually opens a connection to the client on that port. That should
sound weird to you, because if you think about it, it means the FTP
server is acting as a client for that connection. This causes a lot of
problems with NAT gateways and firewalls that are designed to allow
connections to be made in just one direction.

In passive mode, the server listens on a port, and the client connects
to it to transfer the file. (Same as active, its still an ephemeral
port, its just in the opposite direction.) This typically works better
with firewalls and NAT gateways because all connections are made from
the client to the server, which is what they expect. However, it can
still be problematic because of the fact that it uses a range of
ephemeral ports -- and since the port number isn't always the same, some
connections might work, and some might fail, depending on the firewall
software.

I suspect there are two differences with FileZilla that might explain
why its different:

1) Older FTP clients (those that don't support "enhanced FTP") also send
the IP address in addition to the port number. This REALLY causes havoc
with NAT, since NAT changes the IP addresses in packets, so the NAT
gateway would need to be monitoring for FTP connections and would have
to rewrite part of the FTP session on the fly for it to work. Enhanced
FTP eliminates this, but i dont' know if the DOS command supports
enhanced FTP (probably not)

2) FileZilla may use passive mode, which the DOS FTP client doesn't
support. It might also use a different ephemeral port range (not sure
about that, though).

Ok, so that's a lot of information, and its really technical stuff.
(But since you wrote GETURI, I figured it'd make some sense to you,
since you've done some TCP programming.) But, maybe it helps you
understand the possibilities, and then you can narrow them down and try
to fix them.

Or, like Jack has been saying, you can stop using FTP. The sftp and
scp tools from OpenSSH are not only much more secure, but they do
everything on a single TCP connection (sort of the way HTTP does) so
there's no issue with the port number problems that regular FTP has.

Good Luck!

On 8/9/2019 9:02 AM, B Stone wrote:

With DOS FTP, sign on. Works great. When I do a GET or PUT it just

hangs

and never does anything.

I can use Filezilla and it works just fine, so I don't think it's any

sort

of virus protection (all I run is Windows Security).

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com