MVSFORUMS.com

[sandy]

I am dealing with requirement that server belongs to other part of company business located in other part of region , send the data to MF shop in term of flat files.

Process at our end looks like we need to create FTP ports at both ends.

1. During this process we are supplying information about dataset name.
Can anybody inform about while doing ftp setup on mf why would it require dataset name.

2. Even after such setup is done, In case of problems how can the sender identify whether access is not possible because of internal network firewall issues or firewall issues at hosting environment.

How can we test such firewall issues?

[Ravi]

1. If you are FTPing to a MF system, then it has to know the destination where it has to be placed. Mainframes needs a dataset name and it has some naming conventions or speficitaions. If the file name being FTPed is like a.txt and after connecting to mainframes directly if we use PUT a.txt then a dataset will be created with the userid you have logged into mainframes and the name of the dataset in Mainframes will be userid.a.txt with default lengths(Can be LRECL=80 or LRECL=133 or something else. Its site specific). So the file has to be created with some specific name so that everyone can access. Generally(ofcourse site specific), the USERID.* files cannot be accessed by other userid. So it has to be a the High level qualifer (HLQ) will be a group identifier.

2. You can identify the FTP return code. When you are receiving or sending data there are few return codes which FTP gives. Like 220, 230, 150 etc..

[sandy]

Thanks for the reply.

I am talking about set-up process that takes place prior to one actually successfully does ftp to-from mf.

It will be clear that while dataset names will be required for security purpose so that id's write access can be tied to dataset.

Can anybody give more information on how firewall rules can they be tested. One can ping the ip address associated with mf-box, however how to categorize problems due to internal n/w firewall rules vs problems due to some other factors outside local network.

anybody with networking expertise in this group ??

[semigeezer]

I'm not clear on what you are looking for, but from an external machine you can always run a port scanner like nmap to see if ports are available. FTP is actually a difficult protocol to set up firewall rules for because several ports need to be opened and you need to configure the server for PASV support to so that the server can specify the port, tell the client and have the client establish a connection to that dynamic port. This is not specific to z/OS, just to FTP in general. Actually, if you are not using secure FTP (encrypted FTP), then talking about FTP and security at the same time is a little pointless since FTP data including passwords are sent in clear text. Look into secure FTP (certificate based FTP supported by z/OS comm server) or another protocol like sftp or scp.