Back out ECO6 and see if the behavior changes?

I'd almost assume this isn't ECO6, but stranger things have happened.

Backing the ECO out would confirm or deny the theory that some change(s) within ECO6 were involved here.

I would certainly assume that a firewall would have to know which host addresses and ports would receive an incoming FTP connection -- hopefully in a DMZ. FTP itself is particularly ugly at the firewall, which is where the passive transfer mechanism arose. Most folks now use or are migrating to ftps or sftp, or a VPN-based link.

The first of many hits on a Google search for:

ftp firewall passive

are all around getting this stuff to work, and around security discussions. You're not alone here, by any stretch.

Start here:
http://slacksite.com/other/ftp.html
http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html

IP network and routing problems seldom fit within the confines of the ITRC forums 46x16 text input box. Various organizations around -- full disclosure: Hoffmanlabs is one -- can assist with these situations and with OpenVMS and TCP/IP Services networking.

Stephen Hoffman
HoffmanLabs

Hell Zahid,

First - prove that ECO06 didn't cause the problem. Fire up a spare Alpha with the previous configuration if you can. That way you won't affect a production environment.

Second, if you still have trouble then use the spare Alpha to diagnose what's happening if you can. You may need to hang a network analyser off the switch to see what's really going on. Depending on how "failsafe IP" is working in terms of flipping the IP address between physical interfaces you might also need to check how the switch (or switches) are configured.

Lots of "fun".

Cheers, Colin (www.xdelta.co.uk).