OS/390 Question regarding FTP to a Windows Server

I have a OS/390 system attempting to connect to a Serv-U FTP Server through a Kerio Winroute firewall.  The system was able to connect previously when only a Linksys router was on the network.  The firewall allows both data/admin FTP ports and PASV FTP Ports.  I tried having the OS/390 operator issue a PASV and PASSIVE command at the FTP prompt to no avail - what might I have missed?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Do you want to upload files from windows to OS/390 or vice versa?
naisnetAuthor Commented:
Thank you for the reply.  The files are being uploaded to the Windows system from OS/390.  The system connects enough to write a 0 byte length file, and then drops off.  Here is the script output:

EZA1450I IBM FTP CS V1R4                                                    
EZA1772I FTP: EXIT has been set.                                            
EZA1554I Connecting to:   xx.xx.xx.xx port: 21.                              
220 XXXXXXXXXXXXX Corporate FTP Server                                
EZA1459I NAME (                                        
EZA1701I >>> USER XXX                                              
331 User name okay, need password.                                          
EZA1789I PASSWORD:                                                          
EZA1701I >>> PASS                                                            
230 User logged in, proceed.                                                
EZA1460I Command:                                                            
EZA1736I binary                                                              
EZA1701I >>> TYPE I                                                          
200 Type set to I.                                                          
EZA1460I Command:                                                            
EZA1736I PUT 'DMP.FT.DMB40E0A.P40971.SBCH.KIXFRY.ZIP' sbhcct.zip            
EZA1701I >>> SITE VARrecfm LRECL=27998 RECFM=U BLKSIZE=27998                
501 SITE option not supported.                                              
EZA1701I >>> PORT 159,247,0,67,7,242                                        
200 PORT Command successful.                                                
EZA1701I >>> STOR sbhcct.zip                                    
150 Opening BINARY mode data connection for sbhcct.zip.          
EZA2589E Connection to server interrupted or timed out.          
EZA1636I *** I can't open a data-transfer connection:            
EZA2589E Connection to server interrupted or timed out.          
EZA1721W Server not responding, closing connection.              
EZA1735I FTP Return Code = 27150, Error Code = 00009  

If you want to create a file at OS/390 and the correct synatx is
quote site recfm=v lrecl=27998 blksize=27998
But you want to download a file from OS/390 to windows and it is no need to specify the lrecl, blksize, recfm and etc.

 EZA2589E Connection to server interrupted or timed out.              
 Explanation:  The FTP server at the specified host is no longer respon
 to the FTP client or the user has caused an interrupt (for example,  
 System Action:  The current subcommand is terminated.                
 User or Operator Response:  The server may not be responding because o
 traffic in the network. In this case a retry may be successful. The se
 may have crashed, in which case it will need to be restarted before  
 attempting communications again.                                      
 System Programmer Response:  None.  

 FTP EXIT return codes                                                      
 FTP EXIT return codes are displayed (in message EZA1735I) when the (EXIT    
 parameter is used on the FTP command and an error is detected.  The return  
 codes are composed of a subcommand code and a reply code. FTP EXIT return  
 codes have the following format:                                            
 yy        Represents the subcommand code, which is a number in the range    
           1-99.  Each subcommand has an EXIT_IF_ERROR flag that determines  
           whether FTP is exited when an error occurs if you specified EXIT  
           on the FTP command. See Table 14 below for a description of the  
           possible FTP subcommand codes.                                    
 xxx     Represents the reply code that is sent from the server. The      
          reply code is a 3-digit number. For a complete list of FTPD    
          reply codes see the z/OS Communications Server: IP and SNA    
 For example, the FTP EXIT return code 27150 indicates the following:      
 27        The PUT command failed.                                          
 150       Waiting for volume mount for dsname

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Um, PORT is active, not passive (see for ex: http://www.allaboutjake.com/network/linksys/ftp.html).
Your data should be transfered via passive mode, or you should make your kerio pass port 21 and 20 in any direction (thus allowing ftp channel establishment from any direction).

And this has nothing to do with AIX, now has it? I'm sure there is a more appropriate TA for this;).

-- Glenn
naisnetAuthor Commented:
Sorry, I didn't make myself clear - it's currently routed / firewalled by a Kerio Winroute (it used to be a linksys); the passive FTP comment was just in regard to something I tried (but didn't know anything about OS/390's ftp client); and I've successfully FTP (get/put) from: Windows XP; 2003 Server; Fedora r3 and BSD - no problems at all, which is why I'm kind of mystified at this point.

Does  file 'DMP.FT.DMB40E0A.P40971.SBCH.KIXFRY.ZIP' exist at OS/390? Maybe it is migrated by HSM.

Well... The other ones might be using PASV "by default". Have you looked at a verbose "protocol transcript" from the linux and BSD ones?
See, sure the linksys was mentioned in the link I gave, but it was _not_ the point, just an example...
If you've set the Kerio FW/proxy/router to only allow passive ftp from A to B, it'll never let the "return" PORT come through (from the windows server side).

Now, as cpc2004 says, it might be something completely different:-).

I've seen "stateful inspection" devices become thoroughly confused by other mainframe ftp implementations (MVS ones mainly, fail to remember what their called... IIRC there is only one "dftp" that everyone uses... And that one is pretty much cr*p), so if the Kerio thing does stateful inspection (usually done to "snarf" the port to open in PASV/PORT commands), you might be better off trying to use it as a simple packet filter for port 21 (command) and 20 (data).

-- Glenn

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hi John,

Do you have any update of this issue?

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.