Re: FTP timeout on open request
Doug, that wasn't a shot in the dark... I inserted the suggested parms ASSORTEDPARMS PROXYARP RESTRICTLOWPORTS OVERRIDEPRECEDENCE ENDASSORTEDPARMS in my PROFILE TCPIP an get connected!! Thank you all who have responded! This is a great community! Ewald
Re: FTP timeout on open request
On Friday, 10/19/2007 at 02:59 EDT, "Ponte, Doug" <[EMAIL PROTECTED]> wrote: > I don't know the details of your trace, but this looks similar to an incident > that occured here recently. This may be a shot in the dark, but it's worth a > try. Make a small change to your PROFILE TCPIP to include a parmameter called > 'OVERRIDEPRECEDENCE' under the ASSORTEDPARMS section like so: > > ASSORTEDPARMS > PROXYARP RESTRICTLOWPORTS OVERRIDEPRECEDENCE > ENDASSORTEDPARMS > > In our client's problem, FTP started giving OPEN TIMEOUTs to z/OS FTPD IP > addresses *only*...other FTP sessions opened just fine it seemed. Nothing > changed, yada yada...same thing customers always told me when I was at IBM :) > Though, I still suspect that something in z/OS TCPIP was altered that > indirectly affected the precidence values. E.g expecting an 'immediate', a '1' > whatever they use. If you have DiffServ (Differentiated Services, RFC 2475)-enabled equipment (i.e. traffic shapers), they will use the precendence fields in a way contrary to the TCP standard (RFC 793). [Great - two RFCs that conflict!] Think of OverridePrecedence as implementing RFC 2873, which relaxes the rules in RFC 793. Chucky says OverridePrecedence should be the next "unchangeable default". :-) Alan Altmark z/VM Development IBM Endicott
Re: FTP timeout on open request
Hmm. That is interesting. That would seem to preclude any firewall problems unless the FTP protocol is being filtered by source IP address. Steve Bireley BlueZone Software Integration-Emulation-Security Free Bluezone Secure FTP 1-404-364-1731 www.bluezonesoftware.com -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Ewald Roller Sent: Friday, October 19, 2007 10:54 AM To: IBMVM@LISTSERV.UARK.EDU Subject: FTP timeout on open request On my side nothing has changed. I have no access to the AIX side so I must ask the admin on monday. Another curiosity: my VSE system on the same subnet (different OSA) has no problems. Thanks Ewald
AW: FTP timeout on open request
On my side nothing has changed. I have no access to the AIX side so I must ask the admin on monday. Another curiosity: my VSE system on the same subnet (different OSA) has no problems. Thanks Ewald _ Von: Paul Raulerson [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 19. Oktober 2007 15:55 An: IBMVM@LISTSERV.UARK.EDU Betreff: Re: FTP timeout on open request I've seen that a lot when the FTP server is being run from inetd or xinetd, and requires and IDENT transaction. Did someone change your configuration, either adding an IDENT rquirement on the FTP server or removing an IDENT process on the remote machine?
Re: FTP timeout on open request
Hi Ewald, Are you getting and actual socket connection to the AIX box that is getting reset? In a packet trace you would see the SYN SYNACK ACK handshake to complete the socket connection. If not, it sounds like a firewall issue. Have there been any firewall changes that could block port 21 outbound from your side or inbound to the AIX box? Inbound to the AIX box is unlikely since ping worked. Port 21 is typically blocked by default and is a favorite of security people to disable. Steve Bireley Vice-President Product Development BlueZone Software 1-404-364-1731 www.bluezonesoftware.com BlueZone Secure FTP is Free -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Ewald Roller Sent: Friday, October 19, 2007 9:22 AM To: IBMVM@LISTSERV.UARK.EDU Subject: FTP timeout on open request Hello all... for about four weeks we have a strange FTP problem. A Servicemachine working for months and gathering data from a remote system suddenly makes problems. The FTP open to the remote system always gets a timout: ftp 128.1.2.120 ( timeout 450 trace VM TCP/IP FTP Level 440 Translate Table: STANDARD about to call BeginTcpIp Connecting to 128.1.2.120, port 21 SysAct 0 21 -2147417480 CC -1 ==> Active open to host 128.1.2.120 port 21 from host 0 port 65535 Foreign host did not respond within OPEN timeout Unable to connect to 128.1.2.120 Foreign host did not respond within OPEN timeout Command: quit SysHalt has been Called Ready; T=0.01/0.02 14:08:40 Ping and traceroute are working well. This is z/VM 4.4, the remote system is an AIX system. A tcpdump analysis by a network guru shows that the z/VM FTP is resetting the packets receiving from the open request to AIX system. But in the tcpdump-file we find no reason for this behavior. Any ideas ? Thanks Ewald Roller Rolf Benz AG & Co. KG
Re: FTP timeout on open request
Ewald, I don't know the details of your trace, but this looks similar to an incident that occured here recently. This may be a shot in the dark, but it's worth a try. Make a small change to your PROFILE TCPIP to include a parmameter called 'OVERRIDEPRECEDENCE' under the ASSORTEDPARMS section like so: ASSORTEDPARMS PROXYARP RESTRICTLOWPORTS OVERRIDEPRECEDENCE ENDASSORTEDPARMS In our client's problem, FTP started giving OPEN TIMEOUTs to z/OS FTPD IP addresses *only*...other FTP sessions opened just fine it seemed. Nothing changed, yada yada...same thing customers always told me when I was at IBM :) Though, I still suspect that something in z/OS TCPIP was altered that indirectly affected the precidence values. E.g expecting an 'immediate', a '1' whatever they use. I'd be curious if this is the same issue. Let me know. Doug The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. From: The IBM z/VM Operating System on behalf of Ewald Roller Sent: Fri 19-Oct-07 10:53 To: IBMVM@LISTSERV.UARK.EDU Subject: FTP timeout on open request On my side nothing has changed. I have no access to the AIX side so I must ask the admin on monday. Another curiosity: my VSE system on the same subnet (different OSA) has no problems. Thanks Ewald
FTP timeout on open request
On my side nothing has changed. I have no access to the AIX side so I must ask the admin on monday. Another curiosity: my VSE system on the same subnet (different OSA) has n o problems. Thanks Ewald
Re: FTP timeout on open request
I've seen that a lot when the FTP server is being run from inetd or xinetd, and requires and IDENT transaction. Did someone change your configuration, either adding an IDENT rquirement on the FTP server or removing an IDENT process on the remote machine? --- Begin Message --- Hello all... for about four weeks we have a strange FTP problem. A Servicemachine working for months and gathering data from a remote system suddenly makes problems. The FTP open to the remote system always gets a timout: ftp 128.1.2.120 ( timeout 450 trace VM TCP/IP FTP Level 440 Translate Table: STANDARD about to call BeginTcpIp Connecting to 128.1.2.120, port 21 SysAct 0 21 -2147417480 CC -1 ==> Active open to host 128.1.2.120 port 21 from host 0 port 65535 Foreign host did not respond within OPEN timeout Unable to connect to 128.1.2.120 Foreign host did not respond within OPEN timeout Command: quit SysHalt has been Called Ready; T=0.01/0.02 14:08:40 Ping and traceroute are working well. This is z/VM 4.4, the remote system is an AIX system. A tcpdump analysis by a network guru shows that the z/VM FTP is resetting the packets receiving from the open request to AIX system. But in the tcpdump-file we find no reason for this behavior. Any ideas ? Thanks Ewald Roller Rolf Benz AG & Co. KG --- End Message ---
FTP timeout on open request
Hello all... for about four weeks we have a strange FTP problem. A Servicemachine working for months and gathering data from a remote system suddenly makes problems. The FTP open to the remote system always gets a timout: ftp 128.1.2.120 ( timeout 450 trace VM TCP/IP FTP Level 440 Translate Table: STANDARD about to call BeginTcpIp Connecting to 128.1.2.120, port 21 SysAct 0 21 -2147417480 CC -1 ==> Active open to host 128.1.2.120 port 21 from host 0 port 65535 Foreign host did not respond within OPEN timeout Unable to connect to 128.1.2.120 Foreign host did not respond within OPEN timeout Command: quit SysHalt has been Called Ready; T=0.01/0.02 14:08:40 Ping and traceroute are working well. This is z/VM 4.4, the remote system is an AIX system. A tcpdump analysis by a network guru shows that the z/VM FTP is resetting the packets receiving from the open request to AIX system. But in the tcpdump-file we find no reason for this behavior. Any ideas ? Thanks Ewald Roller Rolf Benz AG & Co. KG
