Firewall command examples

Your installation is using a proxy to establish a connection to the FTP server. You are not required to authenticate with the proxy, and when the connection is established, the proxy automatically logs you into the FTP server. The proxy needs the FTP server login information in the following order:

user-ID-on-FTP-server@FTP-server-host-name
password-on-FTP-server

The following firewall commands would be used:

&USER;@&HOST;
&PW;

Your installation is using a proxy to establish a connection to the FTP server. You are not required to authenticate with the proxy. After the connection is established, you are required to authenticate with the FTP server. The proxy needs the FTP server login information in the following order:

user-ID-on-FTP-server@FTP-server-host-name
USER user-ID-on-FTP-server
password-on-FTP-server

The following firewall commands would be used:

&USER;@&HOST;
USER &USER;
&PW;

Your installation is using a proxy to establish a connection to the FTP server. You are required to authenticate with the proxy. After the connection is established, the proxy automatically logs you into the FTP server. The proxy needs the proxy and FTP server login information in the following order:

user-ID-on-FTP-server@FTP-server-host-name user-ID-on-proxy-server
password-on-FTP-server password-on-proxy-server

The following firewall commands would be used:

&USER;@&HOST; &PROXY_USER;
&PW; &PROXY_PW;

Your installation is using a proxy to establish a connection to the FTP server. You are required to authenticate with the proxy, and after the connection is established, you are also required to authenticate with the FTP server. The proxy needs the proxy and FTP server login information in the following order:

user-ID-on-FTP-server@FTP-server-host-name user-ID-on-proxy-server
USER user-ID-on-FTP-server
password-on-FTP-server password-on-proxy-server

The following firewall commands would be used:

&USER;@&HOST; &PROXY_USER;
USER &USER;
&PW; &PROXY_PW;

Secure FTP is enabled in your installation and you would like to upload files to the testcase.boulder.ibm.com FTP server, which requires the FTP command channel to be unencrypted or for passive FTP mode to be used. To upload the files, complete the following actions:

1. In the FTP profile, select Specify the firewall or proxy server settings.
2. In the Firewall host field, type testcase.boulder.ibm.com
3. In the Firewall commands field, type one of the firewall commands provided in Table 1.

   Table 1. Sample firewall commands

   Firewall Commands	Description
   anonymous &EMAIL; LOCSITE FWFRIENDLY	Instructs the FTP client to use passive mode FTP and to log into the FTP server using "anonymous" as the user ID and your email address as the password. Note: If FWFRIENDLY TRUE is specified in your FTP.DATA file, you do not need to specify LOCSITE FWFRIENDLY in the firewall commands because both commands achieve the same result.
   anonymous &EMAIL; CCC	Instructs the FTP client to change the transmission mode of the control connection from the encrypted mode to the cleartext mode (unencrypted mode). It also instructs the FTP client to log into the FTP server using "anonymous" as the user ID and your email address as the password: If your installation is using active mode FTP, the CCC subcommand must be included in the firewall commands. Otherwise, this command is optional.

4. If you specified the CCC FTP subcommand in the firewall commands, complete the following actions:
   • In the FTP profile, select Use an FTP.DATA file.
   • In the FTP.DATA file name field, enter the name of the FTP.DATA file.
   • Ensure that TLSRFCLEVEL CCCNONOTIFY is specified in the FTP.DATA file. For a sample FTP.DATA file, see Figure 1.
     Figure 1. Sample FTP.DATA file

     SECURE_MECHANISM  TLS
     TLSRFCLEVEL       CCCNONOTIFY ; Indicates the CCC mechanism the sever uses
     TLSMECHANISM      FTP
     SECURE_FTP        ALLOWED  ; REQUIRED or ALLOWED
     SECURE_CTRLCONN   CLEAR    ; Minimum control connection security
     SECURE_DATACONN   PRIVATE  ; Encrypt the data channel
     KEYRING           myKeyRing
     EPSV4             TRUE