[isalist] Re: [ISAserver.org Discussion List] FTP Servers
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Mar 2006 15:41:52 -0400
http://www.ISAserver.org
-------------------------------------------------------
Yes I tested it also before my 1st post.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Wednesday, March 22, 2006 3:31 PM
To: ISA Mailing List
Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
http://www.ISAserver.org
-------------------------------------------------------
Yep, you're right again, working man.
I just tested it. I wonder why they allow this to be an option?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Wednesday, March 22, 2006 1:20 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> You *can* use "server" protocols in access rules, but the won't allow
> traffic from the internal to the external net.
> I seriously doubt that Andy has tested this with any reasonable
> process.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Wednesday, March 22, 2006 11:09
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
>
> Dude,
> 'preciate ya, but I don't think that can happen. You can use Server
> PDs in an Access Rule, so unless something is more whack than what
> meets the eye, traces are still in order.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP
> -- ISA Firewalls
>
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> Sent: Wednesday, March 22, 2006 1:02 PM
> To: ISA Mailing List
> Subject: [isalist] Re: [ISAserver.org Discussion List] FTP
Servers
>
>
>
> That's OK...I'll keep you and Jim on the right track...J
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Wednesday, March 22, 2006 3:02 PM
> To: ISA Mailing List
> Subject: [isalist] Re: [ISAserver.org Discussion List]
> FTP Servers
>
>
>
> LOL! I didn't even notice that, it got lost in the noise :))
>
>
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> Sent: Wednesday, March 22, 2006 12:57 PM
> To: ISA Mailing List
> Subject: [isalist] Re: [ISAserver.org
> Discussion List] FTP Servers
>
> You are such a complete ass Andrew....the
> server protocol is for publishing your own FTP servers. You
> want to allow the FTP protocol.
>
>
>
> S
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
> Sent: Wednesday, March 22, 2006 3:04 PM
> To: ISA Mailing List
> Subject: RE: [isalist] Re: [ISAserver.org
> Discussion List] FTP Servers
>
>
>
> Jim,
>
>
>
> None of the workstations use the web proxy, or
> firewall client software of ISA 2004. They use Secure NAT,
> they are going out through ISA like if you had a dummy
> Linksys cable DSL router.
>
>
>
> Example:
>
>
>
> ISA is on 192.168.1.1
>
>
>
> GW: for all clients on the DHCP server is
> 192.168.1.1, again there is no web proxy setup and no
> firewall client ware installed.
>
>
>
> Secondly what I meant in my other comment which
> you are so egger to twist around is that I have not tampered
> with the default firewall settings of ISA, yes I have added
> my own rules to the system, but if you look at the default
> core settings for ICMP, etc they have all been left alone.
>
>
>
> Now are you going to keep acting this way if I
> say, you know Jim I installed a new ISA server that only had
> two rules in it, one for the FTP server to the outside using
> the default FTP Server protocol, and the other which is the
> default DENY rule that ISA creates? Are you going to blame on
> the web proxy or firewall client if neither are installed or
> being used?
>
>
>
> Lets be realistic here, if you don't know the
> answer why ISA out of the box with two rules in it won't
> connect to FTP servers that don't use passive mode why make a
> fuss of it? Why not ask Bill to loan you one his boxes,
> install ISA 2004, email me for a couple test accounts and go
> to town, then say geez you know there is a bug or maybe
> Microsoft doesn't care? You have the time and certainly the
> money to investigate it further, than I do yet you keep
> hounding people to show you more evidence before you will get
> off your dairy air and do something.. ;)
>
>
>
> Regards,
>
> Andrew
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx on behalf of
> Jim Harrison
> Sent: Wed 22/03/2006 12:33 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: [ISAserver.org
> Discussion List] FTP Servers
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> No - you said:
> "I seem to only be able to get access to FTP
> servers using PASV modem on my workstations that are setup
> under secure NAT".
> This leaves the failing case hanging somewhere
> between web proxy and firewall clients.
> You also stated:
> "..I have had to reinstall ISA 2004.." and
> "Nothing on the ISA configuration level has been modified or
> changed", which are just a bit contradictory.
>
> You haven't given anyone anything to work from, like:
> - client errors
> - ISA logs
> - captures
>
> If the problem is important enough to involve
> an entire list, its important enough to provide something
> more than conjecture and contradiction.
>
> There are a great many FTP servers that
> disallow active mode; and with good reason.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
