Thomas, can you tell me where I can get your book in Canada.. I would dearly love to be able to get my hands on it today...and not have to wait for a couple of days for delivery.... -- Scott > http://www.ISAserver.org > > > Hi Logan, > > You must use the FW client method of publishing FTP servers on > non-standard ports. > > HTH, > Tom > www.isaserver.org/shinder <http://www.isaserver.org/shinder> > > > -----Original Message----- > From: Logan Ramirez [mailto:LoganRamirez@xxxxxxxxxxxxxx] > Sent: Tuesday, February 05, 2002 10:35 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] FTP Non-Standard Ports > > http://www.ISAserver.org > Does anyone know why it is so difficult to ftp to a non-standard port? > > Maybe it's just me... > > Back to back private DMZ setup, and FTP in both directions (from > internal network and external network into DMZ) work perfectly on > standard port 21 in both active and passive modes, however, when I try > to FTP to another port, I get either 500 INVALID PORT COMMAND or > Operation Timed Out (depending on PORT or PASV mode, respectively). > > I am testing with IE 6.0 and also with command line ftp (windows XP) > from internal network. > > I dropped a sniffer on all 3 devices, internal host, internal ISA, and > DMZ ftp server (IIS running on windows 2000 DC) and watched the packets > float across, and even in true passive mode, with an 'all ports allowed' > packet filter enabled and a 'all protocol allowed' filter, only standard > port 21 worked. > > So strange though...same testing environment, from internal host into > DMZ, and when in passive mode I see the packets generated as such for > port 21: (numbers made up for convenience) > > client 2872 --> server 21 > server 21 ---> client 2872 (with PORT command informing client of its > listening data port) > client 3154 --> server 5156 > server 5156 --> client 3154 > > for ftp to non-standard port, say 5153: > client 2872 --> server 5153 > server 5153 ---> client 2872 (with PORT command informing client of its > listening data port) > client 3154 --> server 5156 > No server response. Operation timed out. > > The packet is never seen on the FTP server, but what the heck is so > different about a client making a second request to some random high > port when it's initial request was to standard FTP port 21 versus a > client making a request to some random high port when it's initial > request was to non-standard FTP port 5153? > > I tried SP1, firewall client software (may have done this incorrectly), > making the client a secureNAT client... > > Sure could use some conversation to get more ideas flowing. > > Hope this finds all well. > > Logan > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > sandeman@xxxxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') >