Re: FTP. Man I am feeling dumb!

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 23 Aug 2001 10:28:05 -0700

Actually, ISA can be an FTP proxy, but only for download functionality.  The
web proxy doesn't "do" FTP "put".  If you want to publish FTP and have full
functionality, you need to use server publishing, which doesn't "proxy".

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: "Steve Calderoni" <scalderoni@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 23, 2001 10:00 AM
Subject: [isalist] Re: FTP. Man I am feeling dumb!


http://www.ISAserver.org


Ok, That article makes sense. In that scenario the proxy server would
replace the existence of a NAT router. Trying to avoid that too.

Is it a correct statement that MS ISA has no ability to be a FTP proxy? All
the clients I have downloaded for test have Proxy options and can connect to
the ISA server. The request is simply ignored by the ISA server. Not even
logged.



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, August 23, 2001 9:28 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: FTP. Man I am feeling dumb!

http://www.ISAserver.org


I love bouncing facial hair...  ;-)

Take a read here for the details of your dilemma:
http://www.isaserver.org/pages/tutorials/isanetworks.htm

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: "Steve Calderoni" <scalderoni@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 23, 2001 7:55 AM
Subject: [isalist] Re: FTP. Man I am feeling dumb!


http://www.ISAserver.org


Name resolution is enabled internally for external address. You did just
raise my eyebrow though. I think I have been asking the wrong question. You
see the ISA server and the test workstations are in different subnets.

Example:

Workstation config:

IP: 10.20.30.5
Mask: 255.255.255.0
Gateway: 10.20.30.1

ISA config:

IP: 10.20.40.2
Mask: 255.255.255.0
Gateway: 10.20.40.1

At home I simply specify the ISA server as my gateway and all is happy as a
SecureNAT and Proxy without client. What would be the config to allow
systems in different subnets that are on different switches to allow them to
use the SecureNAT feature?

Do I need to add a special route for external addressing?

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, August 23, 2001 8:43 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: FTP. Man I am feeling dumb!

http://www.ISAserver.org


If you're not using the FW client, the client machine has to be a secureNAT
client and you just point the FTP app to the destination server.  Name
resolution has to be functional internally, though.

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: "Steve Calderoni" <scalderoni@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 23, 2001 7:06 AM
Subject: [isalist] Re: FTP. Man I am feeling dumb!


http://www.ISAserver.org


Just re-asking the question in case someone might have the answer:

If you don't want to use the firewall client what is the basic configuration
for an FTP client such as WS-FTP32 Pro or CuteFTP? I can't get any FTP
clients except a browser to work.

Any advice is appreciated.

Thanks

-----Original Message-----
From: Greg Foulks [mailto:greg.foulks@xxxxxxxx]
Sent: Wednesday, August 22, 2001 8:42 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: FTP. Man I am feeling dumb!

http://www.ISAserver.org


I believe that if you are using the Firewall Client... you shouldn't have to
make any proxy setting changes in your FTP client. The Firewall Client
should take care of everything for you...

I run the Firewall Client and have not had to make any FTP client
configuration changes.

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


-----Original Message-----
From: Steve Calderoni [mailto:scalderoni@xxxxxxxxxxxxx]
Sent: Wednesday, August 22, 2001 10:26 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: FTP. Man I am feeling dumb!


http://www.ISAserver.org


I guess my question is more client oriented. If I go to ftp://ftp.mcafee.com
in Internet Explorer or Netscape it works. I can get dir listings and
download files. When I use WS-FTP32 or CuteFTP, however, the client connects
to the server (in this case 10.20.30.20:8080) and then stops with a message
that says "Socket connected. Waiting for welcome message". The client then
times out and fails the connection.

Within the clients there are numerous settings for firewall and proxy. There
are "SITE hostname", "Transparent", "USER with no logon", "Proxy OPEN" and
"USER remoteID@remoteHost fireID," just to name a few.

What is the configuration of the client to allow it to work through a proxy?
Under IE I had to change the browser to communicate in PORT mode rather than
PASV.

Since the browser works I am inclined to believe that the server is
configured properly. It is the client config that is killing me.

Thanks
-----Original Message-----
From: jay vaughan [mailto:jay@xxxxxxxxxx]
Sent: Tuesday, August 21, 2001 5:03 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: FTP. Man I am feeling dumb!

http://www.ISAserver.org


>http://www.ISAserver.org
>What do I have to set up on the ISA server side to allow clients such as
>WC-FTP32 and CuteFTP to work through it? What are the settings for the
>client? Proxy OPEN? On the ISA side I have (well I think I have) enabled
>FTP. Even set up a Proto Def that has a secondary of port 20. I have two
>servers I am testing with. One is Integrated and one is Cache Mode. I know
>(to an extent) that FTP works as far as the server is concerned because I
>can FTP through IE 5.5 and 6.0.

FTP uses two well known ports (services): ports 20, and 21.  One is
used for 'control', and the other is used for 'transfer' - if you can
get into an FTP site and issue commands to view directory listings,
etc, but are unable to download/upload, it's usually because the
'transfer' channel is  blocked by a firewall.

Add a protocol rule that allows FTP, using the default ISA protocol
definitions for FTP.  I wouldn't advise setting up an IP filter -
just use the built-in protocol definitions to allow FTP transfers.

--


j.

--
  jv - Jay Vaughan - seclorum@xxxxxxx - jay@xxxxxxxxxx

  ~... threads rolling, keep the threads rolling ...~

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scalderoni@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scalderoni@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scalderoni@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scalderoni@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: