[isalist] Re: [ISAserver.org Discussion List] FTP Servers
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Mar 2006 12:58:56 -0600
Why make a fuss if you don't provide captures?
We and diddle around for months and never come to a conclusion until
captures are provided. This is a critical skill that you must master,
otherwise you're just an weak empiricist and everything network centric
ends up being "magic" to you. It's not magic and the tools are free, as
is the education. All you need to invest in is time.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
Sent: Wednesday, March 22, 2006 1:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: [ISAserver.org Discussion List] FTP
Servers
Jim,
None of the workstations use the web proxy, or firewall client
software of ISA 2004. They use Secure NAT, they are going out through
ISA like if you had a dummy Linksys cable DSL router.
Example:
ISA is on 192.168.1.1
GW: for all clients on the DHCP server is 192.168.1.1, again
there is no web proxy setup and no firewall client ware installed.
Secondly what I meant in my other comment which you are so egger
to twist around is that I have not tampered with the default firewall
settings of ISA, yes I have added my own rules to the system, but if you
look at the default core settings for ICMP, etc they have all been left
alone.
Now are you going to keep acting this way if I say, you know Jim
I installed a new ISA server that only had two rules in it, one for the
FTP server to the outside using the default FTP Server protocol, and the
other which is the default DENY rule that ISA creates? Are you going to
blame on the web proxy or firewall client if neither are installed or
being used?
Lets be realistic here, if you don't know the answer why ISA out
of the box with two rules in it won't connect to FTP servers that don't
use passive mode why make a fuss of it? Why not ask Bill to loan you one
his boxes, install ISA 2004, email me for a couple test accounts and go
to town, then say geez you know there is a bug or maybe Microsoft
doesn't care? You have the time and certainly the money to investigate
it further, than I do yet you keep hounding people to show you more
evidence before you will get off your dairy air and do something.. ;)
Regards,
Andrew
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison
Sent: Wed 22/03/2006 12:33 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: [ISAserver.org Discussion List] FTP
Servers
http://www.ISAserver.org
-------------------------------------------------------
No - you said:
"I seem to only be able to get access to FTP servers using PASV
modem on my workstations that are setup under secure NAT".
This leaves the failing case hanging somewhere between web proxy
and firewall clients.
You also stated:
"..I have had to reinstall ISA 2004.." and "Nothing on the ISA
configuration level has been modified or changed", which are just a bit
contradictory.
You haven't given anyone anything to work from, like:
- client errors
- ISA logs
- captures
If the problem is important enough to involve an entire list,
its important enough to provide something more than conjecture and
contradiction.
There are a great many FTP servers that disallow active mode;
and with good reason.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
Other related posts:
