That is consistent with my impression. In non-passive (non FW Friendly) mode, counterintuitively the server is sometimes initiating a connection TO the client. PASV (FWFRIENDLY) mode eliminates that counterintuitive protocol, and makes things easier relative to a firewall. Hence the name, Firewall Friendly.
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Peter Vander Woude Sent: Monday, May 3, 2021 6:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Now it's easier to find stuff on the CBT Tape locsite fwfriendly sets it so that the client is the source for all connections going to the remote ftp server (in ftp terms it's a PASV mode connection). When the ftp server is running, the config on the server can specify a range of ports that it can tell the client to connect to it for the data connection, where the actual transfer occurs. As it's a defined range, the firewall can be configured that way also. When not in PASV mode, but PORT mode (default) - it's the ftp client that tells the ftp server to open the data connection, and what ip address and port the server is to connect to on the client side. This mode is more difficult (and generally not liked), as there is no way to limit what ports the client will tell the server to connect to, and the firewall folks have to open outgoing sessions on all high ports (> 1024). Peter ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
