OAG Response To PASV FTPS Includes The Private IP Of The OAG Host
(Doc ID 1602273.1)
Last updated on OCTOBER 07, 2022
Applies to:
Oracle API Gateway - Version 11.1.2.1.0 and laterInformation in this document applies to any platform.
Symptoms
An OAG response to PASV FTPS includes the private IP of the OAG host.
This presents a problem when the initiator of the FTPS connect is remote and uses a NAT'd IP.
An example of a message exchange initiating a FTPS transfer is Prot P PASV mode:
Note the two lines extracted from the message exchange:
EZA1736I FTP -r tls <PRIVATE IP ADDRESS> <PORT> (EXIT
227 Entering Passive Mode (<IP ADDRESS>)
The initial connect reflects the partner connecting via a NAT'D ip whereas the response with the ephemeral ports includes the host private IP which will not route from the partners network.
Here is an example of a full message exchange:
EZA1736I FTP -r tls <PRIVATE IP ADDRESS> <PORT> (EXIT)
EZY2640I Using dd:SYSFTPD=<HOSTNAME> for local site con
EZA1450I IBM FTP CS V1R13
EZA1772I FTP: EXIT has been set.
EZA1554I Connecting to: <PRIVATE IP ADDRESS> port: <PORT>.
220 Service ready for new user.
EZA1701I >>> AUTH TLS
234 Command AUTH okay; starting TLS connection.
EZA2895I Authentication negotiation succeeded
EZA1701I >>> PBSZ 0
200 Command PBSZ okay.
EZA1701I >>> PROT P
200 Command PROT okay.
EZA2906I Data connection protection is private
EZA1459I NAME (<PRIVATE IP ADDRESS>:HDHLEE):
EZA1701I >>> USER MEDS
331 User name okay, need password for MEDS.
EZA1701I >>> PASS
230 User logged in, proceed.
EZA1460I Command:
EZA1736I TYPE A
EZA1701I >>> TYPE A
200 Command TYPE okay.
EZA1460I Command:
EZA1736I PUT '<FILENAME1>' '<FILENAME2>'
EZA1701I >>> SITE FIXrecfm 700 LRECL=700 RECFM=FB BLKSIZE=27300
502 Command SITE not implemented for FIXRECFM.
EZA1701I >>> PASV
227 Entering Passive Mode (<IP ADDRESS>)
EZA1701I >>> STOR <FILENAME>
EZA1636I *** I can't open a data-transfer connection:
150 File status okay; about to open data connection.
425 Can't open data connection.
EZA1735I Std Return Code = 27425, Error Code = 00008
EZA1701I >>> QUIT
EZA2590E gsk_secure_socket_read error from getNextReply - Connection closed
EZA1475I Connection with <PRIVATE IP ADDRESS> terminated
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |