RE: FTP High Port

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 4 Nov 2004 06:01:51 -0800

You have two choices:
1 - get rid of PF #5
2 - remove ISA Server
..that rule allows literally anything on the Internet to hit your ISA.

Q1 - where did you lace the wspcfg.ini?
Q2 - did you install the FW client on the FTP server?
Q3 - where are you testing from; behind ISA or from outside?
Q4 - what is the client OS / SP?

I1 - remove all those packet filters; the "valid" ones conflict with the
server publishing rule 


  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 

-----Original Message-----
From: stevec@xxxxxxxxxxx [mailto:stevec@xxxxxxxxxxx] 
Sent: Thursday, November 04, 2004 3:26 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] FTP High Port

http://www.ISAserver.org


I have read the articles on publishing FTP on a high port with ISA 2000.
Using IE 6 as an FTP client, logon works but then clients get a timeout
error when reading the "/" directory.

Can anyone tell me what I'm missing:

1. Created wspcfg.ini on the FTP server:
[G6FTPServer]
ServerBindTcpPorts=27707,20
LocalBindTcpPorts=20  
Persistent=1
KillOldSession=1
ForceCredentials=1

2. Made protocol definition on ISA - Port 27707, TCP, Inbound, secondary
connection 1025-5000 TCP Inbound.

3. Made packet filter on ISA -  TCP, Inbound, Local port "Fixed Port",
Port
27707, Remote port "All ports".

4. Made packet filter on ISA - TCP, Inbound, Local port "Fixed Port",
Port
20, Remote Port "All ports".

5. Made packet filter on ISA - TCP, Both, Local port "Dynamic", Remote
Port
"All ports".

6.  Server-published FTP Server port 27707.



Thanks.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 11-2004