LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-17-2016, 10:29 AM   #1
etcetera
Member
 
Registered: Aug 2004
Posts: 436

Rep: Reputation: 17
Problems with FTP with the SSL option turned on


This more of a general FTP /SSL /Unix Networking question than a specific Linux question.


I am connecting to the mainframe, specifying port 990 which should then switch to 989 data port.

Used to connect via ftp now they turned off the ftp access, upgraded to ftps and I must use ftp with the SSL/TLS option turned on.

I have the FTPS keys setup correctly and invoke the command with the -z options. I connect on the 990 port, which is the default for FTP with SSL and authenticate.
However when I try to move the data, I get timeouts. ftps is just an alias to ftp with -z options pointing to various certs.



I engaged the network team both on our side and on the mainframe side. On my end, the network team says:

"We do not see 989 traffic from either side."

The mainframe side says they see the traffic from 990, try to open 989 by sending sync,sync,sync requests that do not get answered from our side and time out. Our people are saying they don't see any requests.

The network team says the 989 port has been opened in the internal firewalls bi-directionally. So it's not being blocked according to them, the FTP server people say the same thing that 989 is not blocked. 990 is obviously open since I can authenticate.

How does one go about troubleshooting this problem?

# ftps
Connected to xx.xxx.xx.xx.
220- IBM at xxxxxxxxxxx, 10:34 on 2016-11-17.
220-By using this IS (which includes any device attached to this IS),
220-you consent to the following conditions:
234 Security environment established - ready for negotiation
[TLSv1/SSLv3, cipher EXP-RC4-MD5, 128 bits]
Name (xx.xxx.xx.xx:xxxxx):xxxxx
331 Send password please.
Password:
230 xxxx is logged on. Working directory is "xxxxx.".
200 Protection buffer size accepted
200 Data connection protection set to private
TLS/SSL protection of data connections on.
Remote system type is MVS.
ftp>
ftp> ls
200 Port request OK.
425 Unable to open data connection.
ftp>
 
Old 11-18-2016, 04:19 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,467

Rep: Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553
Does ftps support "passive" mode? If so then you might want to try that on your client.
 
Old 11-18-2016, 07:24 AM   #3
etcetera
Member
 
Registered: Aug 2004
Posts: 436

Original Poster
Rep: Reputation: 17
Passive mode worked. Amazing. Why did it work and why wasn't bidirectional (default) mode working?
 
Old 11-18-2016, 07:29 AM   #4
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,467

Rep: Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553
Quote:
Originally Posted by etcetera View Post
Why did it work and why wasn't bidirectional (default) mode working?
To be honest I'm no FTPS expert, could be a something between your client and the mainframe implementation that doesn't like negotiating the alternative port, could be firewall that doesn't understand that you're using FTPS instead of FTP and thus refuses to negotiate the alternative port, without knowing a lot more about these things it's difficult to say.

At least you've got it working
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Webmin error Failed to save SSL option mikesjays Linux - Software 7 11-06-2017 10:40 PM
[SOLVED] Lynis tells me I have (removed?) PHP option register_globals option is turned on OtagoHarbour Linux - Security 6 06-08-2014 12:39 PM
Does FTP have Auth SSL option? kristo5747 Linux - Software 1 10-18-2012 04:04 PM
LXer: Why isnít SSL turned on by default for all websites? LXer Syndicated Linux News 0 08-22-2011 06:51 PM
courier-imap-ssl Unknown option '-pid=' debian 4.0 KOT Debian 1 03-22-2009 01:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration