My Oracle Support Banner

OAG Response To PASV FTPS Includes The Private IP Of The OAG Host (Doc ID 1602273.1)

Last updated on MARCH 02, 2019

Applies to:

Oracle API Gateway - Version 11.1.2.1.0 and later
Information in this document applies to any platform.

Symptoms

An OAG response to PASV FTPS includes the private IP of the OAG host.
This presents a problem when the initiator of the FTPS connect is remote and uses a NAT'd IP.

An example of a message exchange initiating a FTPS transfer is Prot P PASV mode:

Note the two lines extracted from the message exchange:

EZA1736I FTP -r tls <PRIVATE IP ADDRESS> <PORT> (EXIT
227 Entering Passive Mode (<IP ADDRESS>)

The initial connect reflects the partner connecting via a NAT'D ip whereas the response with the ephemeral ports includes the host private IP which will not route from the partners network.

Here is an example of a full message exchange:

EZA1736I FTP -r tls <PRIVATE IP ADDRESS> <PORT> (EXIT)
EZY2640I Using dd:SYSFTPD=<HOSTNAME> for local site con
EZA1450I IBM FTP CS V1R13
EZA1772I FTP: EXIT has been set.
EZA1554I Connecting to: <PRIVATE IP ADDRESS> port: <PORT>.
220 Service ready for new user.
EZA1701I >>> AUTH TLS
234 Command AUTH okay; starting TLS connection.
EZA2895I Authentication negotiation succeeded
EZA1701I >>> PBSZ 0
200 Command PBSZ okay.
EZA1701I >>> PROT P
200 Command PROT okay.
EZA2906I Data connection protection is private
EZA1459I NAME (<PRIVATE IP ADDRESS>:HDHLEE):
EZA1701I >>> USER MEDS
331 User name okay, need password for MEDS.
EZA1701I >>> PASS
230 User logged in, proceed.
EZA1460I Command:
EZA1736I TYPE A
EZA1701I >>> TYPE A
200 Command TYPE okay.
EZA1460I Command:
EZA1736I PUT '<FILENAME1>' '<FILENAME2>'
EZA1701I >>> SITE FIXrecfm 700 LRECL=700 RECFM=FB BLKSIZE=27300
502 Command SITE not implemented for FIXRECFM.
EZA1701I >>> PASV
227 Entering Passive Mode (<IP ADDRESS>)
EZA1701I >>> STOR <FILENAME>
EZA1636I *** I can't open a data-transfer connection:
150 File status okay; about to open data connection.
425 Can't open data connection.
EZA1735I Std Return Code = 27425, Error Code = 00008
EZA1701I >>> QUIT
EZA2590E gsk_secure_socket_read error from getNextReply - Connection closed
EZA1475I Connection with <PRIVATE IP ADDRESS> terminated

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.