[isalist] Re: [ISAserver.org Discussion List] FTP Servers
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Mar 2006 15:55:12 -0400
Must be something silly....I have no issues with either mode. Either
with or without the FW client.
350 Restarting at 0. Send STORE or
RETRIEVE.
COMMAND:> PASV
227 Entering Passive Mode
(66,220,30,30,10,175)
COMMAND:> LIST
STATUS:> Connecting FTP data socket 66.220.30.30:2735...
150 Opening ASCII mode data connection
for /bin/ls.
226 Transfer complete.
STATUS:> Directory listing completed.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Andrew English
Sent: Wednesday, March 22, 2006 3:53 PM
To: ISA Mailing List
Subject: RE: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
Ah no.
FTP and FTP Server are in the rule. I have even tried it with just FTP
and received the same response. It's only when I enable PASV and the
port ranges does the connection work.
Regards,
Andrew
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison
Sent: Wed 22/03/2006 2:19 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
http://www.ISAserver.org
-------------------------------------------------------
You *can* use "server" protocols in access rules, but the won't allow
traffic from the internal to the external net.
I seriously doubt that Andy has tested this with any reasonable process.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Wednesday, March 22, 2006 11:09
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
Dude,
'preciate ya, but I don't think that can happen. You can use Server PDs
in an Access Rule, so unless something is more whack than what meets the
eye, traces are still in order.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA
Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
Sent: Wednesday, March 22, 2006 1:02 PM
To: ISA Mailing List
Subject: [isalist] Re: [ISAserver.org Discussion List] FTP
Servers
That's OK...I'll keep you and Jim on the right track...J
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Wednesday, March 22, 2006 3:02 PM
To: ISA Mailing List
Subject: [isalist] Re: [ISAserver.org Discussion List] FTP
Servers
LOL! I didn't even notice that, it got lost in the noise :))
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
Sent: Wednesday, March 22, 2006 12:57 PM
To: ISA Mailing List
Subject: [isalist] Re: [ISAserver.org Discussion List]
FTP Servers
You are such a complete ass Andrew....the server
protocol is for publishing your own FTP servers. You want to allow the
FTP protocol.
S
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
Sent: Wednesday, March 22, 2006 3:04 PM
To: ISA Mailing List
Subject: RE: [isalist] Re: [ISAserver.org Discussion
List] FTP Servers
Jim,
None of the workstations use the web proxy, or firewall
client software of ISA 2004. They use Secure NAT, they are going out
through ISA like if you had a dummy Linksys cable DSL router.
Example:
ISA is on 192.168.1.1
GW: for all clients on the DHCP server is 192.168.1.1,
again there is no web proxy setup and no firewall client ware installed.
Secondly what I meant in my other comment which you are
so egger to twist around is that I have not tampered with the default
firewall settings of ISA, yes I have added my own rules to the system,
but if you look at the default core settings for ICMP, etc they have all
been left alone.
Now are you going to keep acting this way if I say, you
know Jim I installed a new ISA server that only had two rules in it, one
for the FTP server to the outside using the default FTP Server protocol,
and the other which is the default DENY rule that ISA creates? Are you
going to blame on the web proxy or firewall client if neither are
installed or being used?
Lets be realistic here, if you don't know the answer why
ISA out of the box with two rules in it won't connect to FTP servers
that don't use passive mode why make a fuss of it? Why not ask Bill to
loan you one his boxes, install ISA 2004, email me for a couple test
accounts and go to town, then say geez you know there is a bug or maybe
Microsoft doesn't care? You have the time and certainly the money to
investigate it further, than I do yet you keep hounding people to show
you more evidence before you will get off your dairy air and do
something.. ;)
Regards,
Andrew
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim
Harrison
Sent: Wed 22/03/2006 12:33 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: [ISAserver.org Discussion List]
FTP Servers
http://www.ISAserver.org
-------------------------------------------------------
No - you said:
"I seem to only be able to get access to FTP servers
using PASV modem on my workstations that are setup under secure NAT".
This leaves the failing case hanging somewhere between
web proxy and firewall clients.
You also stated:
"..I have had to reinstall ISA 2004.." and "Nothing on
the ISA configuration level has been modified or changed", which are
just a bit contradictory.
You haven't given anyone anything to work from, like:
- client errors
- ISA logs
- captures
If the problem is important enough to involve an entire
list, its important enough to provide something more than conjecture and
contradiction.
There are a great many FTP servers that disallow active
mode; and with good reason.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
