HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Unix to VMS passive FTP

 

Unix to VMS passive FTP

We have just upgraded one of two systems which are a master/standby pair. the 7.2-1 vms systems receives files from a unix box via passive FTP, no problem there, the 7.3-2 vms system now gives a "Disallowing data connection for 10.xx.xx.xx" message and the transfer fails. The readme file for TCPIP 5.4 mentions possibly using logicals to get round this, but has anyone else seen this behaviour?
regards
Mike
4 REPLIES
Ian Miller.
Honored Contributor

Re: Unix to VMS passive FTP

which logical are you thinking of ?
http://h71000.www7.hp.com/doc/732final/6526/6526pro_036.html#ftp_logicals_tab
____________________
Purely Personal Opinion

Re: Unix to VMS passive FTP

Hallo,
I was looking at tcpip$ftp_allow_port_redirect
TCPIP$FTP_ALLOW_PORT_REDIRECT

Just tried defineing /sys /exec xxx "TRUE"

As the release notes do not give an example, I´m assumig true is correct?
Andy Bustamante
Honored Contributor

Re: Unix to VMS passive FTP

We saw an issue FTP issue with FTP data connections after this upgrade (to TCPIP 5.4).

Earlier versions of TCPIP would accept connections where the source port was something other than port 20. This behavior was caused by firewalls rewriting the source port. Prior to TCPIP 5.4 this didn't matter, if the connection made it through the firewall, ftp data was accepted.

Is there a firewall between the systems? You can check that the ftp data connection is originating on port 20 with TCPTRACE.
If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net

Re: Unix to VMS passive FTP

HI,

Defining the 4 "allow" logicals has fixed the problem, but I will try the tcptrace. Security isn´t a risk here but I would like to understand the implications further. Thanks for your input.