[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 149
  • Last Modified:

FTP Server IBM i - Passive Modus and IP Address

Hi,

A customer is using the IBM i (V5R4) as a FTP server (with exit points programs caring about security).
The server was accessible from internet even in passive modus but since the firewall was changed, we cannot access it.
According with the IT Staff from the customer (and Cisco support, the new firewall provider):

“the server has to provide the public IP address when going into passive
mode for the transfer to work that's why you're getting that error.
You'll need to speak to vendor of the server for alternatives for it to
provide the public address.”

Unfortunately, I cannot find the way to change this setting in IBM i (I don´t even know it this is possible)

Anybody with experience?
0
jaimosky
Asked:
jaimosky
1 Solution
 
max_the_kingCommented:
Hi,
i've been there before ...

what i figured out is that iSeries implements its own ftp passive redirection in that gives its real IP address to the requested ftp client instead giving it the natted (public IP) address. This way, after succesfully open connection, it cannot transfer data.
The only workaround i found was to connect via vpn-client from the ftp client: this way, even in PASV mode, the real internal IP address wouldn't change, and it successfully transfer data to and from the client.

I don't know if you can find a better solution ...

hope thish helps
max
1
 
jaimoskyAuthor Commented:
Apparently it is possible to perform it in the firewall, the IT staff was not well informed.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now