Howard Rifkind wrote>>>>>>>>>>>>>>>>>>>>>. Howard Rifkind <[EMAIL PROTECTED]> wrote:We would like to install Secure FTP in our maiframes TCP/IP configuration and I have no idea how to do this.
Would some one be kind enough to point me in the right direction where to start and what manuals to check out, and what to be aware of. I'm not really prime time with TCP/IP. Thanks. <<<<<<<<<<<<<<<< Howard, Something to be aware of when using SSL/TLS with FTP is how these sessions will make it through a firewall. If your users will be coming through the Internet to your mainframe FTP server, you may have some difficulty unless you plan for it up front. The FTP protocol requires two connections, a Control connection and a Data connection. Normally, a firewall scans the data on the control port looking for the PASV response from the server that tells the client how to connect the data port. Since the data stream is encrypted, the firewall cannot get this information. This issue is further compounded when you add Network Address Translation in the firewall. To handle the first case, your FTP server must be able to define a narrow range of ports that it will assign as data ports for the data connection. This can be one or more ports. These ports must then be open on the firewall. The PASV response from the host will contain the IP address and port the client to which the client will connect the data port. The firewall will have an open range of ports to accommodate the data connection. If NAT it enabled in the firewall, then the FTP server will send back its true IP address and port, in the PASV response, rather than the public IP address and port. Since the firewall cannot see the PASV response, it cannot fix it on way as it does with clear text FTP. To get around this, some FTP clients and servers support EPSV rather than PASV. In this case, the FTP server only returns the port number and the client assumes the IP address to be the same as the control port. In other cases, the FTP client can be configured to always connect the data connection to the same IP as the control connection. Both of these situations can be handled using a Secure FTP Proxy server that sits in front of a non secure FTP server. Good Luck! Steve Bireley Vice-President Product Development Seagull Software www.seagullsoftware.com Seagull Free FTP BlueZone Secure FTP BlueZone Terminal Emulation Seagull Security Server ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
