http://www.ISAserver.org ------------------------------------------------------- Intended to support FWC-based publishing a la Proxy 2.. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Wednesday, March 22, 2006 11:31 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers http://www.ISAserver.org ------------------------------------------------------- Yep, you're right again, working man. I just tested it. I wonder why they allow this to be an option? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Wednesday, March 22, 2006 1:20 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers > > http://www.ISAserver.org > ------------------------------------------------------- > > You *can* use "server" protocols in access rules, but the won't allow > traffic from the internal to the external net. > I seriously doubt that Andy has tested this with any reasonable > process. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Wednesday, March 22, 2006 11:09 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers > > Dude, > 'preciate ya, but I don't think that can happen. You can use Server > PDs in an Access Rule, so unless something is more whack than what > meets the eye, traces are still in order. > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP > -- ISA Firewalls > > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat > Sent: Wednesday, March 22, 2006 1:02 PM > To: ISA Mailing List > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers > > > > That's OK...I'll keep you and Jim on the right track...J > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Wednesday, March 22, 2006 3:02 PM > To: ISA Mailing List > Subject: [isalist] Re: [ISAserver.org Discussion List] > FTP Servers > > > > LOL! I didn't even notice that, it got lost in the noise :)) > > > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat > Sent: Wednesday, March 22, 2006 12:57 PM > To: ISA Mailing List > Subject: [isalist] Re: [ISAserver.org > Discussion List] FTP Servers > > You are such a complete ass Andrew....the > server protocol is for publishing your own FTP servers. You > want to allow the FTP protocol. > > > > S > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > Sent: Wednesday, March 22, 2006 3:04 PM > To: ISA Mailing List > Subject: RE: [isalist] Re: [ISAserver.org > Discussion List] FTP Servers > > > > Jim, > > > > None of the workstations use the web proxy, or > firewall client software of ISA 2004. They use Secure NAT, > they are going out through ISA like if you had a dummy > Linksys cable DSL router. > > > > Example: > > > > ISA is on 192.168.1.1 > > > > GW: for all clients on the DHCP server is > 192.168.1.1, again there is no web proxy setup and no > firewall client ware installed. > > > > Secondly what I meant in my other comment which > you are so egger to twist around is that I have not tampered > with the default firewall settings of ISA, yes I have added > my own rules to the system, but if you look at the default > core settings for ICMP, etc they have all been left alone. > > > > Now are you going to keep acting this way if I > say, you know Jim I installed a new ISA server that only had > two rules in it, one for the FTP server to the outside using > the default FTP Server protocol, and the other which is the > default DENY rule that ISA creates? Are you going to blame on > the web proxy or firewall client if neither are installed or > being used? > > > > Lets be realistic here, if you don't know the > answer why ISA out of the box with two rules in it won't > connect to FTP servers that don't use passive mode why make a > fuss of it? Why not ask Bill to loan you one his boxes, > install ISA 2004, email me for a couple test accounts and go > to town, then say geez you know there is a bug or maybe > Microsoft doesn't care? You have the time and certainly the > money to investigate it further, than I do yet you keep > hounding people to show you more evidence before you will get > off your dairy air and do something.. ;) > > > > Regards, > > Andrew > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx on behalf of > Jim Harrison > Sent: Wed 22/03/2006 12:33 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: [ISAserver.org > Discussion List] FTP Servers > > http://www.ISAserver.org > ------------------------------------------------------- > > No - you said: > "I seem to only be able to get access to FTP > servers using PASV modem on my workstations that are setup > under secure NAT". > This leaves the failing case hanging somewhere > between web proxy and firewall clients. > You also stated: > "..I have had to reinstall ISA 2004.." and > "Nothing on the ISA configuration level has been modified or > changed", which are just a bit contradictory. > > You haven't given anyone anything to work from, like: > - client errors > - ISA logs > - captures > > If the problem is important enough to involve > an entire list, its important enough to provide something > more than conjecture and contradiction. > > There are a great many FTP servers that > disallow active mode; and with good reason. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx