FTP over SSL issue

230 pts.
Tags:
AIX
AS/400
FTP
FTPS
NAT
SSL
V5R2
Hello Guys, I am going into an issue and I don't really know how to solve it. I am trying to estabilish FTP over SSL connection between a V5R2 AS400 and a AIX in a vendor company. The connection has been established NATing the IP address flowing the over the internet. The problem isL when I try to send a file and it opens the passive mode connection for data transfer, the AIX server responds with its local IP (192.168.xxx.xxx), not with its NATed IP. This make my connection not to work and I don't know what to do to solve it. I would appreciate some help. Thanks in advance

Software/Hardware used:
Software

Answer Wiki

Thanks. We'll let you know when a new response is added.

Perhaps I’m not understanding the problem, but this is working as designed (i.e., according to spec).

When you open a passive data connection to an FTP server, vanilla or SSLed, you’re telling the remote host to forgo the process of connecting back to *your* machine with the PORT command, as the RFC and STD docs specify, and to open another port itself (i.e., on the remote host) for the data channel. Unless the remote machine is aware that it is directly connected to the Internet (or a dedicated connection, such as a frame relay circuit and whatnot) then all it can do is define the PASV response information using its own IP.

There’s two ways around this: Have the remote FTPS host directly connected to the Internet (and make sure it’s locked down tight), or arrange to have a firewall implemented between the ‘net and this remote host, that is able to do packet inspection and do the address translation without the hosts at either end having to know anything about it.

I know that Nokia’s firewalls do such translation, because it’s how we make our non-Internet-connected transfer hosts available to our clients. I’m sure Nokia isn’t the only one capable of doing this…

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • petkoa
    Hi Brunocl, Probably you established FTP-session over ssh-tunnel? This is tricky, just because of the problem you encountered. There is a java-based ssh client (mindterm) which has a "helper" for FTP-tunneling, but I'm not sure could it be used on AS400 (not, most probably). Better use sftp or scp, which come wth ssh-suite and work over a single port unlike the FTP. Good luck, Petko A.
    3,120 pointsBadges:
    report
  • Brunocl
    Hello guys, Thanks for your quick answers. The problem is I am not using SSH because the AS400 version V5R2 does not support it. I am using the AS400 FTP over SSL native application. About the firewall, we have worked on that to perform the IP translation but as this is an encripted connection it is not able to "read"the package and make the translation properly. Any other ideas?
    230 pointsBadges:
    report
  • petkoa
    Any VPN solution, then? BR, Petko A.
    3,120 pointsBadges:
    report
  • Brunocl
    Hi Petkoa, No way. The customer wants to use a secure FTP connection. Does anyone knows any third party software to provide SSH on V5R2?
    230 pointsBadges:
    report
  • petkoa
    Hi, googled for "SSH on V5R2" and got several pages of links - you can try them either. I found these useful: http://www.ibmsystemsmag.com/print/print.aspx?print_page=%2Fibmi%2Fjuly05%2Fdeveloper%2F8845printp1.aspx&string_referer=/ibmi/july05/developer/8845p4.aspx and http://forums.systeminetwork.com/isnetforums/showthread.php?t=48939 Good luck, Petko
    3,120 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following