Enabling XDB access via FTP protocol is just a matter of setting a valid port value in the ftp-port parameter inside xdbconfig.xml (theoretically). Typically this value will not be 21, the standard FTP port, because that would conflict with the main FTP server, if any, so the suggested value in many examples is 2100. That is the value i used. If you carefully read the Oracle documentation there is a note about setting XDB FTP on port 21.
I was ready to test my connection and i wanted to try it out with the built-in FTP client of Windows but at first i failed to understand how to specify the port number, so, after a couple of unsuccessful attempts, i gave up with ftp.exe and i went straight to Filezilla.
But even with Filezilla, i hit soon a major problem because it wasn't able to list the root folder after connecting to XDB. Here is the error message that you can receive in such situation:
Transfer channel can't be opened.
Reason: A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed
because connected host has failed to respond.
Then a bell rang in my head and i changed the configuration from "Default" to Active Mode.
Using FTP in active mode is mentioned in the documentation, as i found out after a while.
Whether you can get FTP to work in passive mode or not is hard to say. The documentation says that it depends on the presence of either localhost or 127.0.0.1 as HOSTNAME in listener.ora, however i tried using passive mode on a server having listener.ora pointing to an address other than 127.0.0.1 and it didn't work.
After setting active mode, Filezilla started working eventually, however i find that the default 60 seconds session timeout is far too short and the "keep alive" method of Filezilla is giving some troubles, so i disabled it.
Once i got filezilla to work, i went back to ftp.exe. I just couldn't believe that i could not specify a port. Indeed there is a way, but not from the command line (as far as i know), from the command prompt execute ftp.exe, then from the ftp prompt, enter:
open host portin my case this is:
open localhost 2100It may take a while for the connection to be established, but then it should work.
So far so good, but what about FTP access from another computer?
Well, it all depends on the firewall(s) in between and/or the firewall rules. When there are no active firewalls between client and server, then you just need to repeat the set up already explained, the only difference being the XDB server IP address.
However, if there are active firewalls, then it may be tricky to configure the firewall rules for the FTP protocol in active mode, because you don't know exactly on which port XDB is going to
talk back to your client. The communication will occur on some port above 1023, but i am not aware of any parameter in xdbconfig.xml where one can force this random port to be chosen in a given range, thus the only option is to open up the whole range between 1024 and 65535.
I made a test on my Mac and after disabling the firewall, i could connect to XDB without problems. Unfortunately disabling the firewall altogether doesn't seem the best idea these days.
Given this situation, the best option is probably to set up a tunnelled FTP connection through SSH. May be this will be the subject of a future posting...
At this point i can draw some conclusions:
- the best option, provided it works flawlessly, is to set up a WebDAV connection to XDB. WebDAV worked out-of-the-box in my case, (save the problem i had when i saved the xdbconfig.xml file on my Mac...) and makes no distinction between local or remote access from a configuration point of view. It's also "firewall friendly" because it uses the same port as Oracle Apex, which means that if Apex is working from a remote machine, then WebDAV access to XDB should be working as well (see the note about HTTP(S) when working on Windows XP SP2).
- Ftp works well when client and server reside on the same machine but it can be troublesome when the client is located on a remote machine and there are firewalls in between.