Article - CS365860
After a network change locking down ports, Implementer promotions to receiver failed with FTP "425 Not able to open data connection"
Modified: 21-Nov-2024
Applies To
- Implementer 10.1 to 12.6
- Important note:
- TCP/IP communications must be set up and working successfully. Other than what is required for Implementer, PTC does not assume responsibility for configuring or troubleshooting communications. Implementer assumes that the port assigned by the system is open.
To determine if a remote system is accessible (at the most basic level), from the host system issue the command PING <remote_system>. If you need assistance with configuring TCP/IP, see your network administrator.
- This article is provided as a courtesy to help customers work around the issue reported in the Description
- TCP/IP communications must be set up and working successfully. Other than what is required for Implementer, PTC does not assume responsibility for configuring or troubleshooting communications. Implementer assumes that the port assigned by the system is open.
- Implementer provides data area IMFTPPASV to control standard Passive Mode
- The default value "*YES" uses passive mode
- The value "*NO" uses non-passive mode and causes Implementer to insert the subcommand "SENDPASV 0" in the FTP script
- Implementer does not provide any means to control Extended Passive Mode
- When either passive mode is enabled, system assigns a random port between 1024 and 65535
- When both passive modes are disabled, system uses the port defined for FTP (typically 21)
- With the exception of the IMFTPPASV data area provided by Implementer to control standard Passive Mode, Implementer has no means to control the range of ports required to be opened for either passive modes or to enable/disable Extended Passive Mode
- PTC provides the following information for customer's convenience only
- Beginning with OS 7.1, IBM provides the new QIBM_FTP_PORT_RANGE environment variable
- Used to specify a small range of ports that standard and extended passive mode will be restricted to use
- Keep those ports defined by the range open
- IBM PTF may be required to enable this functionality
- See "Changing the ephermal port range for FTP and FTPS on the IBM i"
- Current link is https://www.ibm.com/support/pages/changing-ephermal-port-range-ftp-and-ftps-ibm-i
- If link is no longer valid, search for QIBM_FTP_PORT_RANGE
- IBM provides a method to disable standard Passive Mode and/or Extended Passive Mode at the system level
- See "Disabling EPASV/EPORT in the iSeries FTP Client at R610 and above"
- Current link is https://www.ibm.com/support/pages/disabling-extended-passive-andor-extended-port-ibmi
- If link is no longer valid, search for QTMFTPEPSV
- See "Disabling EPASV/EPORT in the iSeries FTP Client at R610 and above"
- Beginning with OS 7.1, IBM provides the new QIBM_FTP_PORT_RANGE environment variable
Description
- Promotions to receiver fail after network administrators close comm ports on remote system
- By default, IBM i FTP uses extended passive mode and standard passive mode
- Both modes assign random ports above 1023
- With appropriate job logging turned on, job log shows
- 229 Entering Extended Passive Mode (|||nnnnn|).
- where 'nnnnn' is a random port number between 1024 and 65535)
- 425 Not able to open data connection.
- 229 Entering Extended Passive Mode (|||nnnnn|).
This is a printer-friendly version of Article 365860 and may be out of date. For the latest version click CS365860