I'm trying to setup ftp access for an employee who is connecting to an AIX server. I've configured JSAM to open up ports 20, 21, and 23. This user is able to login via FTP and change directories and such. When he tries to download a file he gets the following error:
501 IP Address for data destination doesn't match client's.
Any ideas on how to make this work?
I don't think you can make FTP work through JSAM. The address of the server is passed in the payload of the FTP setup packet, and JSAM does not capture or manipulate it, so the error you are seeing makes sense.
I do understand that passive FTP works through WSAM. You may want to give that a try.
Did you use passive FTP?
FTP is old, but it is not simple. Very few modern applications require that the server make a TCP connection to the client, but FTP does. Of course, NAT broke this. That's why passive FTP was created.
And very few applications embed the server address in the payload of a packet.