[isalist] Re: [ISAserver.org Discussion List] FTP Servers

From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: <isalist@xxxxxxxxxxxxx>
Date: Wed, 22 Mar 2006 13:31:12 -0600
http://www.ISAserver.org
-------------------------------------------------------

Yep, you're right again, working man.

I just tested it. I wonder why they allow this to be an option?

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Wednesday, March 22, 2006 1:20 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> You *can* use "server" protocols in access rules, but the 
> won't allow traffic from the internal to the external net.
> I seriously doubt that Andy has tested this with any 
> reasonable process.
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Wednesday, March 22, 2006 11:09
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
> 
> Dude,
> 'preciate ya, but I don't think that can happen. You can use 
> Server PDs in an Access Rule, so unless something is more 
> whack than what meets the eye, traces are still in order.
>  
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP 
> -- ISA Firewalls
> 
>  
> 
> 
> ________________________________
> 
>       From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
>       Sent: Wednesday, March 22, 2006 1:02 PM
>       To: ISA Mailing List
>       Subject: [isalist] Re: [ISAserver.org Discussion List] 
> FTP Servers
>       
>       
> 
>       That's OK...I'll keep you and Jim on the right track...J
> 
>        
> 
> ________________________________
> 
>       From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
>       Sent: Wednesday, March 22, 2006 3:02 PM
>       To: ISA Mailing List
>       Subject: [isalist] Re: [ISAserver.org Discussion List] 
> FTP Servers
> 
>        
> 
>       LOL! I didn't even notice that, it got lost in the noise :))
> 
>        
> 
>       Thomas W Shinder, M.D.
>       Site: www.isaserver.org <http://www.isaserver.org/> 
>       Blog: http://blogs.isaserver.org/shinder/
>       Book: http://tinyurl.com/3xqb7
>       MVP -- ISA Firewalls
> 
>        
> 
>                
> 
> ________________________________
> 
>               From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
>               Sent: Wednesday, March 22, 2006 12:57 PM
>               To: ISA Mailing List
>               Subject: [isalist] Re: [ISAserver.org 
> Discussion List] FTP Servers
> 
>               You are such a complete ass Andrew....the 
> server protocol is for publishing your own FTP servers. You 
> want to allow the FTP protocol.
> 
>                
> 
>               S
> 
>                
> 
> ________________________________
> 
>               From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
>               Sent: Wednesday, March 22, 2006 3:04 PM
>               To: ISA Mailing List
>               Subject: RE: [isalist] Re: [ISAserver.org 
> Discussion List] FTP Servers
> 
>                
> 
>               Jim,
> 
>                
> 
>               None of the workstations use the web proxy, or 
> firewall client software of ISA 2004. They use Secure NAT, 
> they are going out through ISA like if you had a dummy 
> Linksys cable DSL router.
> 
>                
> 
>               Example:
> 
>                
> 
>               ISA is on 192.168.1.1
> 
>                
> 
>               GW: for all clients on the DHCP server is 
> 192.168.1.1, again there is no web proxy setup and no 
> firewall client ware installed. 
> 
>                
> 
>               Secondly what I meant in my other comment which 
> you are so egger to twist around is that I have not tampered 
> with the default firewall settings of ISA, yes I have added 
> my own rules to the system, but if you look at the default 
> core settings for ICMP, etc they have all been left alone.
> 
>                
> 
>               Now are you going to keep acting this way if I 
> say, you know Jim I installed a new ISA server that only had 
> two rules in it, one for the FTP server to the outside using 
> the default FTP Server protocol, and the other which is the 
> default DENY rule that ISA creates? Are you going to blame on 
> the web proxy or firewall client if neither are installed or 
> being used?
> 
>                
> 
>               Lets be realistic here, if you don't know the 
> answer why ISA out of the box with two rules in it won't 
> connect to FTP servers that don't use passive mode why make a 
> fuss of it? Why not ask Bill to loan you one his boxes, 
> install ISA 2004, email me for a couple test accounts and go 
> to town, then say geez you know there is a bug or maybe 
> Microsoft doesn't care?  You have the time and certainly the 
> money to investigate it further, than I do yet you keep 
> hounding people to show you more evidence before you will get 
> off your dairy air and do something.. ;)
> 
>                
> 
>               Regards,
> 
>               Andrew
> 
>                
> 
> ________________________________
> 
>               From: isalist-bounce@xxxxxxxxxxxxx on behalf of 
> Jim Harrison
>               Sent: Wed 22/03/2006 12:33 PM
>               To: isalist@xxxxxxxxxxxxx
>               Subject: [isalist] Re: [ISAserver.org 
> Discussion List] FTP Servers
> 
>               http://www.ISAserver.org
>               -------------------------------------------------------
>                
>               No - you said:
>               "I seem to only be able to get access to FTP 
> servers using PASV modem on my workstations that are setup 
> under secure NAT".
>               This leaves the failing case hanging somewhere 
> between web proxy and firewall clients.
>               You also stated:
>               "..I have had to reinstall ISA 2004.." and 
> "Nothing on the ISA configuration level has been modified or 
> changed", which are just a bit contradictory.
>               
>               You haven't given anyone anything to work from, like:
>               - client errors
>               - ISA logs
>               - captures
>               
>               If the problem is important enough to involve 
> an entire list, its important enough to provide something 
> more than conjecture and contradiction.
>               
>               There are a great many FTP servers that 
> disallow active mode; and with good reason.
>               
>               -------------------------------------------------------
>                  Jim Harrison
>                  MCP(NT4, W2K), A+, Network+, PCG
>                  http://isaserver.org/Jim_Harrison/
>                  http://isatools.org
>                  Read the help / books / articles!
>               -------------------------------------------------------
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: http://www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> 
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Follow-Ups:

[isalist] Re: [ISAserver.org Discussion List] FTP Servers
From: Steve Moffat
[isalist] Re: [ISAserver.org Discussion List] FTP Servers

Other related posts:
