Solved

AIX 5.1 FTP stopped working!  Waiting for welcome message

Posted on 2011-03-14
17
927 Views
Last Modified: 2013-11-17
Today randomly can not access FTP.  I can telnet to server fine, but not FTP.  
I tried stopping and starting the ftp subserver, but no luck.

If I telnet to AIX, then FTP to itself, it works fine.  But when I FTP from windows, I never get the welcome message.


Only thing different today, is that our domain/exchange server, is down due to the fact we are migrating from SBS 2003 to SBS 2008.

I dont understand at all, how this could effect FTP from windows computers to the AIX, but it is the only different thing going on right now.

Any ideas?
0
Comment
Question by:Xetroximyn
  • 10
  • 7
17 Comments
 

Author Comment

by:Xetroximyn
ID: 35134490
FYI -- I tried to FTP from command line from our redhat box, and it will NOT work.

The AIX has two network interfaces.
192.168.1.7  (basically everything goes through here)
192.1.1.7  (This is a different small network, just used for the AIX, and our dialer to communicate)

If I telnet to the dialer on the 192.1.1 network, and try to ftp to the AIX at 192.1.1.7, then it works.

I am stumped.

Any ideas?
0
 

Author Comment

by:Xetroximyn
ID: 35134504
correction -- when I FTP from the redhat box to 192.168.1.7 is DOES work.  It just took a LONG time (45-75 seconds) for the welcome message to come up, and for it to prompt me for user and password.    
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 35136054
Hi,

it seems that your inactive Domain Server would normally act as a Name Server for your domain, and that ftpd is not able to look up the DNS name of the client machine (or has to wait for the timeout).

Verify this by (temporarily) adding the hostname of the Windows client to /etc/hosts on AIX.
Please check beforehand that AIX's /etc/netsvc.conf contains "local" in the "hosts=" entry (best at the first position, before bind).

wmp

0
 

Author Comment

by:Xetroximyn
ID: 35138095
Thanks!

so confused though.....  I didnt think FTP used DNS at all.  FTP servers look up the name of the client?  Is that standard or an AIX thing?

And dont understand why it would work from redhat, but not from windows.

Anyway -- the domain server (old one) is up right now.  Apparently there were problems with the migration, so it will be finished later.   At which point, I will need FTP to work on the AIX.

Since it is working now, I cant do the troubleshooting with the hosts file.  (and come time, I cant easily put info in the hosts file for all the people who need FTP access)

How would I change the AIX dns settings?  Like so it uses our sonicwall instead of domain server for DNS or something like that?

0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 35138191
DNS is configured in /etc/resolv.conf

Here is a detailed explanation:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.files/doc/aixfiles/resolv.conf.htm

Basically it's the entry:

nameserver xxx.xxx.xxx.xxx

which you must customize.

wmp
0
 

Author Comment

by:Xetroximyn
ID: 35138311
Thanks!  So if I change resolv.conf, so I have to restart something for it to take effect, or is it immediate?  

And if I have to restart something like inetd, would that interfere with telnet sessions in progress?

0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 35138335
It's immediate!

The resolver routines check /etc/resov.conf at each call, they don't store anything.

And even if you had to refresh (not restart) inetd, running sessions would not be affected.

0
 

Author Comment

by:Xetroximyn
ID: 35138406
awesome -- thanks!

And just to confirm -- telnet does not use any DNS does it?  (just making sure, since I thought FTP did not use any DNS)

I just want to make sure any changes I make to DNS to troubleshoot FTP, I wont end up potentially locking my self out of telnet too!
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 35138761
The fact that telnet works is probably due to the "-c" flag of telnetd being used.

Check with lssrc -ls inetd on AIX.

If you see "telnetd -c" at the end of the "telnet" line you're actually suppressing reverse lookups, which I assume.

But if you configure a working name server in /etc/resolv.conf you can't do anything wrong, can you?

Further, you can always check by opening a second telnet session after making changes, leaving the first session running.
This way you could revert the changes using the first session should the second one fail to initialize.

By the way, ftpd also has the "-c" flag. To suppress reverse lookups once and for all you could add the "-c" flag to the appropriate line in /etc/inetd.conf:

ftp   stream  tcp6  nowait  root  /usr/sbin/ftpd    ftpd -c

Issue "refresh -s inetd" and you're done.

(OK, the above assumes that you're using IBM's own ftpd and not a third party product).

wmp
0
 

Author Comment

by:Xetroximyn
ID: 35138885
Sweet!  Ill just use the -c flag!  thanks!  

Just curious -- what is the point of reverse name lookups anyway?

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 35139096
Please check with "man ftpd" beforehand!

I just reread your Q and noticed that it's AIX 5.1 (really?)

Im actually not quite sure if the ftpd of AIX 5.1 already had the "-c" flag!

Reverse lookup is used to put the hostname instead of the IP address into the log and to make sure that the client comes from a well-known host and isn't using some spoofed IP.

wmp
0
 

Author Comment

by:Xetroximyn
ID: 35139370
Yep - no -c flag.... just has
/usr/sbin/ftpd [ -d ] [ -f ] [ -ff ] [ -k ] [ -l ] [ -t TimeOut ] [ -T MaxTimeOut ] [ -s ] [ -u OctalVal ]

So there is no way I can prevent it from doing the reverse lookups huh?

I guess I will try pointing it at the router and see how it goes.  

p.s. yep -- your eyes do not deveive you.  5.1 -- really....  We didn't every upgrade because of software that only ran on 5.1 and we would have to pay something ridiculous for new version.

Funny though -- we pay all this extra money to IBM for support, and they suck at supporting 5.1, because nobody remembers it.

Anyway -- IBM will no longer offer ANY support for AIX 5.1 after the end of this month.   So we will be migrating soon!   I cant wait!





0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 35139411
>>  I cant wait! <<

Me neither! If you need assistance in migrating - let me know!

wmp
0
 

Author Comment

by:Xetroximyn
ID: 35139509
strange.  

the -c flag actually does work!  I guess the ftpd I have is more updated than the man documentation.

I changed resolv to point to sonicwall -- which did not work.  but then with it not working, I put the -c flag back in, and it started working right away!  

But just to fix it for both ways I also tried pointing the resolv.conf to the redhat server, and that works fine.  

Thanks for all your help!

0
 

Author Comment

by:Xetroximyn
ID: 35139618
Just saw you last post -- thanks!  I will surely be talking to you if there are problems migrating....  

Though I am more used to redhat myself - in a way I am almost sad we are migrating to redhat instead of current AIX.  You have got to be the single most helpful, and knowledgeable SME I have ever had the pleasure of getting help from in ANY forum.  You have saved me so many times while I have been working with this ancient AIX 5.1 box over the last year and a half. You are more helpful than IBM's support!

Since you seem to be such an AIX expert, I am guessing I wont see you as much, when my questions begin to be about redhat/general linux questions.  

Anyway -- THANKS for ALL your help, not just in this thread, but all my AIX threads.  You are awesome!

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 35139710
Good luck to you and thanks for the nice compliments!

I'm not quite unfamiliar with Linux, mabe wel'll meet again!

All the best and always have fun!

Norbert (the wmp)





0
 

Author Closing Comment

by:Xetroximyn
ID: 35141911
Thanks!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now