Hi guys,
We are trying to connect to an FTP server from our AIX server. Getting the following message
# ftp 164.52.194.12
ftp: connect: A remote host did not respond within the timeout period.
ftp> open 164.52.194.12
ftp: connect: A remote host did not respond within the timeout period.
ftp>
However, we are able to reach out to the same server from our local PC (workstation) via powershell
Windows PowerShell
Copyright (C) 2015 Microsoft Corporation. All rights reserved.
PS C:\Users\LINC> ftp
ftp> open 164.52.194.12
Connected to 164.52.194.12.
220 Microsoft FTP Service
200 OPTS UTF8 command successful - UTF8 encoding now ON.
User (164.52.194.12:(none)):
The ftp services are enabled [uncommented] in the /etc/services file
# grep -i ftp /etc/services
ftp-data 20/tcp # File Transfer [Default Data]
ftp-data 20/udp # File Transfer [Default Data]
ftp 21/tcp # File Transfer [Control]
ftp 21/udp # File Transfer [Control]
ni-ftp 47/tcp # NI FTP
ni-ftp 47/udp # NI FTP
tftp 69/udp # Trivial File Transfer
tftp 69/tcp # Trivial File Transfer
sftp 115/tcp # Simple File Transfer Protocol
sftp 115/udp # Simple File Transfer Protocol
bftp 152/tcp # Background File Transfer Program
bftp 152/udp # Background File Transfer Program
softpc 215/tcp # Insignia Solutions
softpc 215/udp # Insignia Solutions
subntbcst_tftp 247/tcp # SUBNTBCST_TFTP
subntbcst_tftp 247/udp # SUBNTBCST_TFTP
mftp 349/tcp # mftp
mftp 349/udp # mftp
ftp-agent 574/tcp # FTP Software Agent System
ftp-agent 574/udp # FTP Software Agent System
pftp 662/tcp # PFTP
pftp 662/udp # PFTP
ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
ftps-data 989/udp # ftp protocol, data, over TLS/SSL
ftps 990/tcp # ftp protocol, control, over TLS/SSL
ftps 990/udp # ftp protocol, control, over TLS/SSL
tftp-mcast 1758/tcp # tftp-mcast
tftp-mcast 1758/udp # tftp-mcast
etftp 1818/tcp # Enhanced Trivial File Transfer Protocol
etftp 1818/udp # Enhanced Trivial File Transfer Protocol
utsftp 2529/tcp # UTS FTP
utsftp 2529/udp # UTS FTP
aaftp 2794/tcp # aaftp
aaftp 2794/udp # aaftp
gsiftp 2811/tcp # GSI FTP
gsiftp 2811/udp # GSI FTP
odette-ftp 3305/tcp # ODETTE-FTP
odette-ftp 3305/udp # ODETTE-FTP
tftps 3713/tcp # TFTP over TLS
tftps 3713/udp # TFTP over TLS
exasoftport1 3920/tcp # Exasoft IP Port
exasoftport1 3920/udp # Exasoft IP Port
mftp 5402/tcp # MFTP
mftp 5402/udp # MFTP
#
The ports are open
# netstat -an|grep LIST|grep 20
tcp 0 0 *.2049 *.* LISTEN
tcp4 0 0 *.3200 *.* LISTEN
# netstat -an|grep LIST|grep 21
tcp 0 0 *.21 *.* LISTEN
Checked the inetd.conf file, ftp isn't commented out
# cat inetd.conf
## @(#)62 1.17.3.4 src/tcpip/etc/inetd.conf, tcpinet, tcpip61N, 1024A_61N 5/27/10 21:56:33
## IBM_PROLOG_BEGIN_TAG
## This is an automatically generated prolog.
##
## tcpip61N src/tcpip/etc/inetd.conf 1.17.3.4
##
## Licensed Materials - Property of IBM
##
## COPYRIGHT International Business Machines Corp. 1993,2010
## All Rights Reserved
##
## US Government Users Restricted Rights - Use, duplication or
## disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
##
## IBM_PROLOG_END_TAG
##
## COMPONENT_NAME: TCPIP inetd.conf
##
## FUNCTIONS:
##
## ORIGINS: 26 27
##
## (C) COPYRIGHT International Business Machines Corp. 1993
## All Rights Reserved
## Licensed Materials - Property of IBM
##
## US Government Users Restricted Rights - Use, duplication or
## disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
##
#######################################################################
##
## Internet server configuration database
##
## Services can be added and deleted by deleting or inserting a
## comment character (ie. #) at the beginning of a line If inetd
## is running under SRC control then the "refresh -s inetd" command
## needs to be executed for inetd to re-read the inetd.conf file.
##
## NOTE: The TCP/IP servers do not require SRC and may be started
## by invoking the service directly (i.e. /etc/inetd). If inetd
## has been invoked directly, after modifying this file, send a
## hangup signal, SIGHUP to inetd (ie. kill -1 "pid_of_inetd").
##
## NOTE: The services with socket type of "sunrpc_tcp" and "sunrpc_udp"
## require that the portmap daemon be running.
## Also please use ## to designate comments in this file so that
## the smit commands can edit this file correctly.
##
## NOTE: When using IPv6 services, specify "tcp6" or "udp6" for the
## protocol. "tcp" and "udp" are interpreted as IPv4.
##
## service socket protocol wait/ user server server program
## name type nowait program arguments
##
ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd -d
telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd -a
shell stream tcp6 nowait root /usr/sbin/rshd rshd
#kshell stream tcp nowait root /usr/sbin/krshd krshd
login stream tcp6 nowait root /usr/sbin/rlogind rlogind
#klogin stream tcp nowait root /usr/sbin/krlogind krlogind
exec stream tcp6 nowait root /usr/sbin/rexecd rexecd
#comsat dgram udp wait root /usr/sbin/comsat comsat
#uucp stream tcp nowait root /usr/sbin/uucpd uucpd
#bootps dgram udp wait root /usr/sbin/bootpd bootpd /etc/bootptab
##
## Finger, systat and netstat give out user information which may be
## valuable to potential "system crackers." Many sites choose to disable
## some or all of these services to improve security.
##
#finger stream tcp nowait nobody /usr/sbin/fingerd fingerd
#systat stream tcp nowait nobody /usr/bin/ps ps -ef
#netstat stream tcp nowait nobody /usr/bin/netstat netstat -f inet
#
#tftp dgram udp6 SRC nobody /usr/sbin/tftpd tftpd -n
#talk dgram udp wait root /usr/sbin/talkd talkd
ntalk dgram udp wait root /usr/sbin/talkd talkd
#
# rexd uses very minimal authentication and many sites choose to disable
# this service to improve security.
#
#rquotad sunrpc_udp udp wait root /usr/sbin/rpc.rquotad rquotad 100011 1
#rexd sunrpc_tcp tcp wait root /usr/sbin/rpc.rexd rexd 100017 1
#rstatd sunrpc_udp udp wait root /usr/sbin/rpc.rstatd rstatd 100001 1-3
#rusersd sunrpc_udp udp wait root /usr/lib/netsvc/rusers/rpc.rusersd rusersd 100002 1-2
#rwalld sunrpc_udp udp wait root /usr/lib/netsvc/rwall/rpc.rwalld rwalld 100008 1
#sprayd sunrpc_udp udp wait root /usr/lib/netsvc/spray/rpc.sprayd sprayd 100012 1
#pcnfsd sunrpc_udp udp wait root /usr/sbin/rpc.pcnfsd pcnfsd 150001 1-2
#echo stream tcp nowait root internal
#discard stream tcp nowait root internal
#chargen stream tcp nowait root internal
daytime stream tcp nowait root internal
time stream tcp nowait root internal
#echo dgram udp wait root internal
#discard dgram udp wait root internal
#chargen dgram udp wait root internal
daytime dgram udp wait root internal
time dgram udp wait root internal
## The following line is for installing over the network.
#instsrv stream tcp nowait netinst /u/netinst/bin/instsrv instsrv -r /tmp/netinstalllog /u/netinst/scripts
#imap2 stream tcp nowait root /usr/sbin/imapd imapd
#pop3 stream tcp nowait root /usr/sbin/pop3d pop3d
caa_cfg stream tcp6 nowait root /usr/sbin/clusterconf clusterconf >>/var/adm/ras/clusterconf.log 2>&1
dtspcd stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd
cmsd sunrpc_udp udp wait root /usr/dt/bin/rpc.cmsd cmsd 100068 2-5
ttdbserver sunrpc_tcp tcp wait root /usr/dt/bin/rpc.ttdbserver rpc.ttdbserver 100083 1
wsmserver stream tcp nowait root /usr/websm/bin/wsmserver wsmserver -start
xmquery dgram udp wait root /usr/bin/xmtopas xmtopas -p3
#
Upon checking the firewall status , we are getting the following message
# lsfilt -a
Can not open device /dev/ipsec4_filt.
Please suggest what approach to take /checks to do in order to connect via FTP? Any specific firewall related checks we need to do ?
OS configuration:
# oslevel -r
6100-07
# uname -0a
uname: Not a recognized flag: 0
Usage: uname [-snlrvmaxupfFMWS:T:L]
# uname -a
AIX prdsap1 1 6 00F71E294C00
# oslevel -s
6100-07-00-0000
#
Regards,
Bruno