It's a funny old world. No sooner than I submitted the original post, I received a fresh FTP "failure" to debug.
Cutting to the chase, the current consensus is that the firewalls are preventing the remote server to connect to the manframe client. WE cannot lnow until the firewall guy is back in town, We are left Secured, but non-functional. The Unix/Windows vsFTP server defaults to PORT mode Active transfers unless modified to allow PASV tranfers. A PORT transfer requests the creation of a port on the partner from anywhere in the range of ports, A PASV transfer requests what port to use for its connection. Our system is set up to allow PASV connections. These have been restricted to a certain range of IP ports. These ports have been blessed to receive incoming connections. =-=-=-=- The failing Unix server is requesting the establishment of port from the RESTRICTED range of LOWPORTS (1-2023).. Our FTP configuration restricts theee lowports to tasks that we define. My obsolete and soon to be dismissed mainframe skills have isolated the problem AND the change to the Unix config file that should lead us out of this failure to communicate. We should know next week when the firewall/Unix team can be bothered to help. =-=-=-=-=- This situation gave me flashbacks to the TV show "24" Jack: Chloe, open a port to the DOD for that information. (paraphased) Chloe: I'll do whatever you want me to, Jack (Literal) =-=-=-=- Let's look a little closer at this. Why was the port closed in the first place? Is it fine to default your network to denying life saving information? If the block can be dropped at the drop of a phone call, what good is it? Did the Zero Trust squad just put Jack's life and the world in danger? Whatever they are up to it can all be blown away by a line level employee. =-=-=-= Full security reduces full functionality. Choose Wisely. Every decision has impacts and consequences. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
