• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 525
  • Last Modified:

AIX 5.3 on P550, Can't access internet FTP sites...

Hi,

I know little or nothing about UNIX or AIX, so I apologize in advance.  We have just installed a new P550 server running AIX 5.3 to facilitate our billing needs.  Our application is IDX and we also use Express Bill to send out billing statements.  We are trying to send our statements through Express Bill using FTP, but for some reason, we can't connect to their FTP site.  So I tried connected to Microsoft's FTP site and it failed also.  On our old Billing server (RS6000), it can still connect fine to Express Bill's and Microsoft's FTP site (we have the old server still running, just not in production).  Any other machine in the network can get to Express Bill's FTP site also.  So, it is something with this machine.  I have checked and doubled checked the network settings and from what I can tell, they seem correct.  The default gateway is correct, actually, all of the settings are identical to our old Billing system (accept for the ip address, of course).  And actually, the new server has the old server's ip address now so that we didn't have to change anything on the workstation client's end.  I tried adding a static route to make sure it looked to our PIX firewall as a gateway when going to this site, also, but that didn't help neither.

Basically, the way it's physically setup is that it is connected to an Allied Telesyn 8024m switch, just like all of the other servers are.  And that switch is connected to the Firewall, which is connected to the Internet Router.  I don't think that the router or firewall are causing the problem because any other computer on the network can access the FTP site just fine.  So it must be something in the network configuration or something that is stopping it from being able to see the FTP site.

Sorry about the long explanation, but I wanted to try and make it as detailed as possible.

Any ideas?  Thanks.

Mark
0
mark-wa
Asked:
mark-wa
  • 3
  • 2
1 Solution
 
Kent OlsenData Warehouse Architect / DBACommented:
Hi mark-wa,

Several things come quickly to mind that should be checked.  Let's start with some background information.


From the AIX system, can you ping other devices in your network?  In your subnet?  Outside your network?

Do other IP services work when originated from AIX?  (Can you telnet/ssh to another system?)

Do other IP services work on the AIX system?  Can you telnet/ssh into the system or are you limited to a console session?



Kent
0
 
mark-waAuthor Commented:
Hi Kent,

I can ping other devices in the network fine.  I can't ping anything outside of the network because our internet router has ICMP packets turned off.  I don't have any control over that router neither because it belongs to our ISP.

I can telnet from this box and to this box.  I am not limited to the console.  

Thanks Kent.

Mark
0
 
Kent OlsenData Warehouse Architect / DBACommented:

This may be an active/passive FTP issue.

I suspect that after you initiate the FTP connection on your end, the connection is dropped and the system that you want to access is then initiating a connection back to you.  Essentially, the client and server roles are being reversed.  This is a common practive that allows the server to do things like load balancing.

It's also easy to test.  :)

1)  Ask your network administrator what rules are in place for incoming FTP connections.  Have him make sure that the firewall is allowing FTP connections to your new server.

2)  Check the firewall's log file.  Attempt to connect to the server from the P550.  Tell your network administrator what time you tried to connect and what address you were connecting to.  If this is an active/passive FTP issue, the log will show that immediately after you tried to connect, and inbound FTP connection was refused.


Good Luck!
Kent
0
 
mark-waAuthor Commented:
Hi Kent,

I am the net admin for our company.  We used to outsource support for our old Billing (AIX) server, but we are going to start supporting it ourselves.  I will be going through some AIX training classes eventually, but this issue will hopefully be resolved before that happens.  The FTP server I am trying to get to is not ours, it is one of our software vendor's FTP server (Express Bill is the vendor).  Our firewall is allowing FTP in and out.

I am not sure how to check to see if this is an active/passive FTP issue.  Is there a way to find out if my AIX server is setup for active or passive FTP?  Again, my AIX server is connecting to another vendor's FTP server over the internet.  Thanks Kent.

Mark
0
 
Kent OlsenData Warehouse Architect / DBACommented:

Hi Mark,

What typically happens is that you start and FTP session from your host address to the target address.  The target address passes the connection attempt to another server and then tries to establish the FTP connection FROM the site that you wanted to access, but from a different IP address.  If you're allowing all FTP traffic both ways (a dangerous thing) the active/passive connection issue shouldn't be a problem.

Again, this is easy to check if your firewall is logging all of the rejected connections.  Simply look at the log at the time you attempted to establish the FTP connection and see if there is an inbound connection was rejected immediately after you attempted to connect.


Also, check the etc/services file to make sure that FTP is enabled.  If the lines defining FTP on port 21 are NOT commented you should be in good shape.

If they are commented, remove the comment tag (#), and restart the daemon with:

refresh -s ftpd


Kent

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now