RE: IDA Forwarding of FTP requests
- From: "Siatkowski, Jason" <jsiatkowski@xxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 15 Aug 2001 12:32:33 -0400
Ok, I removed that address range from the LAT, and I was able to configure
the server publishing rule for the FTP server. Attempting to FTP to it shows
a connected to it, and then a disconnected message immediately following it.
Also, I see a somewhat generic message in the logs as "A publishing rule is
not configured correctly". I'll continue to mess around with this. I don't
want to break the web publishing because it uses a security certificate, but
I think you've gotten me far enough along Dave, that I should continue
checking the tutorials that are online at isaserver.org. If you can think of
anything else, let me know :)
-----Original Message-----
From: David Dellanno [mailto:david@xxxxxxxxxx]
Sent: Wednesday, August 15, 2001 11:30 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IDA Forwarding of FTP requests
http://www.ISAserver.org
Yes, your NORTH IP address should not be included in your LAT, try that
first and see if you can see perform your FTP publishing rule.
-----Original Message-----
From: Siatkowski, Jason [mailto:jsiatkowski@xxxxxxxxxxxxxx]
Sent: Wednesday, August 15, 2001 11:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IDA Forwarding of FTP requests
http://www.ISAserver.org
I can make that happen, does that mean my LAT should not contain the
172.25.0.x network?
-----Original Message-----
From: David Dellanno [mailto:david@xxxxxxxxxx]
Sent: Wednesday, August 15, 2001 11:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IDA Forwarding of FTP requests
http://www.ISAserver.org
I would recommend to keep things simple, and to choose a different subnet ip
address for your lab if this is possible (example: 192.168.0.1 with mask of
255.255.255.0).
If you can not, verify your LAT, it should only have subnet 172.25.16.0 to
172.25.16.255 for this test.
-----Original Message-----
From: Siatkowski, Jason [mailto:jsiatkowski@xxxxxxxxxxxxxx]
Sent: Wednesday, August 15, 2001 11:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IDA Forwarding of FTP requests
http://www.ISAserver.org
Yes, that's correct. The lab is what I consider to be the internal network
space, and our main network is the external. So my south NIC has the
172.25.16.8 IP with mask of 255.255.240.0 and the NIC that is on the main
network, the North NIC has a 172.25.0.8 and mask of 255.255.0.0. I need to
FTP from 172.25.0.153 to the ISA server and have it forward the FTP request
to 172.25.16.10 in the lab network.
-----Original Message-----
From: David Dellanno [mailto:david@xxxxxxxxxx]
Sent: Wednesday, August 15, 2001 11:06 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IDA Forwarding of FTP requests
http://www.ISAserver.org
geeesh...I'm sorry Jason...now I'm confused
So your Lab will be the private internal network (South NIC)? and your main
network will be the public, external network (North NIC)?
-----Original Message-----
From: Siatkowski, Jason [mailto:jsiatkowski@xxxxxxxxxxxxxx]
Sent: Wednesday, August 15, 2001 10:43 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IDA Forwarding of FTP requests
http://www.ISAserver.org
Alrighty, so I have our main network which uses the range
172.25.0.1-172.25.0.255 and subnet mask of 255.255.0.0 and I have the lab
network using 172.25.16.0-172.25.16.255 subnet mask of 255.255.240.0. The
North NIC on the ISA server is 172.25.0.8 and the South NIC is 172.25.16.8.
I can't see either of these IP numbers listed when I try to publish the FTP
server. Are you saying that I need to assign a secondary IP number to the
North NIC? And thanks for explaining the North/South thingie :)
Jason
-----Original Message-----
From: David Dellanno [mailto:david@xxxxxxxxxx]
Sent: Wednesday, August 15, 2001 10:29 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IDA Forwarding of FTP requests
http://www.ISAserver.org
"Firewall interfaces are often referred to as "north" and "south", to
indicate the public and private networks, respectively. I've adopted this
style for these instructions. "...by Jim Harrison
I though I might keep the standard on this forum.
-----Original Message-----
From: Siatkowski, Jason [mailto:jsiatkowski@xxxxxxxxxxxxxx]
Sent: Wednesday, August 15, 2001 10:17 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IDA Forwarding of FTP requests
http://www.ISAserver.org
Aha, ok, what is the NORTH network card? And if I only have the two NICs and
I have them bound wrong, then why can't I see any IP addresses at all? I'd
think that your suggestion might make sense if I could see the IP address of
the internal NIC, but I don't see any.
-----Original Message-----
From: David Dellanno [mailto:david@xxxxxxxxxx]
Sent: Wednesday, August 15, 2001 10:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IDA Forwarding of FTP requests
http://www.ISAserver.org
Hi Jasan,
Verify that you have the external IP addresses binded to the (north)
network card.
-----Original Message-----
From: Siatkowski, Jason [mailto:jsiatkowski@xxxxxxxxxxxxxx]
Sent: Wednesday, August 15, 2001 10:05 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] IDA Forwarding of FTP requests
http://www.ISAserver.org
We run a test lab and we use an ISA server that hosts web servers on a
separate internal lab rack, so that we can access them from our regular
workstations in our main network. I have a requirement to FTP from our main
network to an FTP site inside the lab. However, when I attempt to publish
the FTP server, I need to select the external IP of the ISA server, and the
number that I have assigned to the external NIC (i.e. the one that is on the
same network as our workstations), there are no IPs listed! I gotta be doing
something wrong, any suggestions?
Jason Siatkowski
IDEA Industry Manager
A+ Certified Service Technician
Profile Systems, Inc.
413-737-2000 x135
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsiatkowski@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsiatkowski@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsiatkowski@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsiatkowski@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsiatkowski@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
