FTP to non-standard ports, slowly finding the light....just a lit tle more help needed

• From: Logan Ramirez <LoganRamirez@xxxxxxxxxxxxxx>
• To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 8 Feb 2002 11:08:24 -0600

***INFORMATIVE email...my actual question is near the bottom*****
 
Okay, I have written before about FTP publishing to non-standard ports:
 
The application filter in ISA takes care of all the backend NAPT when FTPing
to standard port 21, whether passive or active.
However, it offers no such help when attempting to connect to a non-standard
port.
 
NOTE: in this instance, I am FTP'ing data to a machine in the DMZ (back to
back) from an internal (LAT) client.
 
Active mode is not possible at all because ISA does not translate the port
to the FTP server, so as soon as IIS reads the PORT request, it realizes the
IP address does not match where the request came from so you get the dreaded
'500 Port Command Invalid' response.
 
HOWEVER, in PASV mode, you can make the connection and ISA will translate
the port and ip address ONLY IF YOU ALLOW THE OUTBOUND PORT OF THE SECOND
REQUEST IT MAKES (that is, the ephermal port has to be open for outbound
access on ISA).

SO, this means I need to open all ports between 1025 - 5000 for outbound
access on the internal ISA. 
I don't think that is a high security risk, so I am comfortable with doing
it, but my question to this ISALIST, is what is the easiest way to do this?
 
I really do not want to manually key in 3975 protocol entries and
definitions! 
I was thinking a packet filter, but that was not working either.
I created an ALLOW DYNAMIC local port to ALL remote and it didn't work.
 

Anyhow, I know there were several other who are experiencing this problem of
FTP to non-standard ports and so I hope this helps change that.  I would
love to talk with anyone who is having this problem...I understand it pretty
well now.
 
you know...for a seemingly robust product, there sure are alot of people who
have problems with it...
 
Logan

Other related posts:

• » FTP to non-standard ports, slowly finding the light....just a lit tle more help needed

1. Home
2. isalist
3. Archive
4. 02-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---