friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiq_5.4.0.1/preventftpports.htm

81 lines
5.4 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Prevent access to File Transfer Protocol ports" />
<meta name="DC.Relation" scheme="URI" content="rzaiqsecpreventaccess.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="preventftpports" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Prevent access to File Transfer Protocol ports</title>
</head>
<body id="preventftpports"><a name="preventftpports"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Prevent access to File Transfer Protocol ports</h1>
<div><div class="section">To prevent File Transfer Protocol (FTP) from starting,
and to prevent someone from associating a user application, such as a socket
application, with the port that the iSeries™ normally uses for FTP, follow
these steps:</div>
<ol><li class="stepexpand"><span>In iSeries Navigator,
expand <span class="menucascade"><span class="uicontrol">your iSeries Server</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Servers</span> &gt; <span class="uicontrol">TCP/IP</span></span> .</span></li>
<li class="stepexpand"><span>Right-click <span class="uicontrol">TCP/IP Configuration</span> and select <span class="uicontrol">Properties</span>.</span></li>
<li class="stepexpand"><span>In the <span class="uicontrol">TCP/IP Configuration Properties</span> window,
click the <span class="uicontrol">Port Restrictions</span> tab.</span></li>
<li class="stepexpand"><span>On the <span class="uicontrol">Port Restrictions</span> page, click <span class="uicontrol">Add</span>.</span></li>
<li class="stepexpand"><span>On the <span class="uicontrol">Add Port Restriction</span> page, specify
the following information:</span> <ul><li><span class="uicontrol">User name</span>: Specify a user profile name that is
protected on your iSeries. (A protected user profile is a user profile
that does not own programs that adopt authority and does not have a password
that is known by other users.) By restricting the port to a specific user,
you automatically exclude all other users.</li>
<li><span class="uicontrol">Starting port</span>: 20</li>
<li><span class="uicontrol">Ending port</span>: 21</li>
<li><span class="uicontrol">Protocol</span>: TCP</li>
</ul>
</li>
<li class="stepexpand"><span>Click <span class="uicontrol">OK</span> to add the restriction.</span></li>
<li class="stepexpand"><span>On the <span class="uicontrol">Port Restrictions</span> page, click <span class="uicontrol">Add</span> and
repeat the procedure for the UDP protocol.</span></li>
<li class="stepexpand"><span>Click <span class="uicontrol">OK</span> to save your port restrictions
and close the <span class="uicontrol">TCP/IP Configuration Properties</span> window.</span></li>
<li class="stepexpand"><span>The port restriction takes effect the next time that you start
TCP/IP. If TCP/IP is active when you set the port restrictions, you should
end TCP/IP and start it again.</span></li>
</ol>
<div class="section"><div class="note"><span class="notetitle">Notes:</span> <ul><li>The port restriction takes effect the next time that you start TCP/IP.
If TCP/IP is active when you set the port restrictions, you should end TCP/IP
and start it again.</li>
<li>The Internet Assigned Numbers Authority (IANA) website provides information
about assigned port numbers at <a href="http://www.iana.org" target="_blank">http://www.iana.org</a>.</li>
<li>If ports 20 or 21 are restricted to a user profile other than QTCP, attempting
to start the FTP server will cause it to immediately end with errors.</li>
<li>This method works only for completely restricting an application such
as the FTP server. It does not work for restricting specific users. When a
user connects to the FTP server, the request uses the QTCP profile initially.
The system changes to the individual user profile after the connection is
successful. Every user of the FTP server uses QTCP's authority to the port.</li>
</ul>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiqsecpreventaccess.htm" title="You can block the File Transfer Protocol (FTP) port by reading this topic.">Prevent File Transfer Protocol server access</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink