RE: Outbound FTP Question
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 12 Oct 2005 07:51:33 -0500
Hi Paul,
What FTP sites aren't working for you?
Thanks!
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, October 12, 2005 7:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Outbound FTP Question
http://www.ISAserver.org
Ok some more info.
I have checked the FTP filter and the read-only is not tagged
I have run ethereal on the external interfaces of the working
and non-working ISA servers and performed the same FTP command from the
same workstation going to both firewalls.
The working firewall displays everything that you would expect
it to display when it's working
The non-working firewall displays nothing, that's correct it
doesn't see any traffic on the external interface at all.
I reran ethereal on the internal interface on the non-working
firewall this time and all it showed me was 5 communications to port
1745. If I disable the firewall client and run a test again I see 3
lines detecting FTP traffic.
Every time on the non-working firewall FTP receives a time out
request.
Please help, I'm going nuts here !!!
Paul Crisp
Snr Network Support Analyst
________________________________
From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx]
Sent: 12 October 2005 09:21
To: [ISAserver.org Discussion List]
Subject: [isalist] Outbound FTP Question
http://www.ISAserver.org
I know before you all say it, I've read Stefaan's article about
FTP on the ISAServer.org site, but my query is slightly different.
Ok, this could get a little confusing so please bear with me:
Workstation subnet = 192.168.5.0
Firewall A subnet = 192.168.2.0
Firewall B subnet = 192.168.1.0
Basically we have three sites and all sites are connected via
leased lines or line of sight technology.
Ok, I've got two ISA 2004 servers, one running with Win 2003
(Firewall A) and the other running with Win 2000 (Firewall B). Both
servers are working fine apart from this Outbound FTP problem.
I have configure a workstation as a firewall client and when I
point to Firewall A I cannot FTP to an external site using a simple FTP
from the command prompt and I get the following message -
If I configure the workstation firewall client to point to
Firewall B, the FTP from a command prompt works without a problem
Both firewalls have exactly the same firewall policy give or
take Firewall A has a few extra publishing rules. I have double checked
all this (mind you this was very late at night, so could have missed
something) but I cannot understand why FTP does not work through
Firewall A
Can anyone give me any pointers of where to start to look
please?
Regards
Paul Crisp
Snr Network Support Analyst
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: pcrisp@xxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
