[isalist] Re: [ISAserver.org Discussion List] FTP Servers

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 22 Mar 2006 15:30:08 -0600

http://www.ISAserver.org
-------------------------------------------------------

Got it. I didn't think that was supported. 

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Wednesday, March 22, 2006 3:27 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Intended to support FWC-based publishing a la Proxy 2.. 
> 
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Wednesday, March 22, 2006 11:31
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Yep, you're right again, working man.
> 
> I just tested it. I wonder why they allow this to be an option?
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Wednesday, March 22, 2006 1:20 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
> > 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >   
> > You *can* use "server" protocols in access rules, but the 
> won't allow 
> > traffic from the internal to the external net.
> > I seriously doubt that Andy has tested this with any reasonable 
> > process.
> > 
> > -------------------------------------------------------
> >    Jim Harrison
> >    MCP(NT4, W2K), A+, Network+, PCG
> >    http://isaserver.org/Jim_Harrison/
> >    http://isatools.org
> >    Read the help / books / articles!
> > -------------------------------------------------------
> >  
> > 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > Sent: Wednesday, March 22, 2006 11:09
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
> > 
> > Dude,
> > 'preciate ya, but I don't think that can happen. You can use Server 
> > PDs in an Access Rule, so unless something is more whack than what 
> > meets the eye, traces are still in order.
> >  
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org <http://www.isaserver.org/>
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP
> > -- ISA Firewalls
> > 
> >  
> > 
> > 
> > ________________________________
> > 
> >     From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> >     Sent: Wednesday, March 22, 2006 1:02 PM
> >     To: ISA Mailing List
> >     Subject: [isalist] Re: [ISAserver.org Discussion List] 
> FTP Servers
> >     
> >     
> > 
> >     That's OK...I'll keep you and Jim on the right track...J
> > 
> >      
> > 
> > ________________________________
> > 
> >     From: isalist-bounce@xxxxxxxxxxxxx 
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> >     Sent: Wednesday, March 22, 2006 3:02 PM
> >     To: ISA Mailing List
> >     Subject: [isalist] Re: [ISAserver.org Discussion List] 
> > FTP Servers
> > 
> >      
> > 
> >     LOL! I didn't even notice that, it got lost in the noise :))
> > 
> >      
> > 
> >     Thomas W Shinder, M.D.
> >     Site: www.isaserver.org <http://www.isaserver.org/> 
> >     Blog: http://blogs.isaserver.org/shinder/
> >     Book: http://tinyurl.com/3xqb7
> >     MVP -- ISA Firewalls
> > 
> >      
> > 
> >              
> > 
> > ________________________________
> > 
> >             From: isalist-bounce@xxxxxxxxxxxxx 
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> >             Sent: Wednesday, March 22, 2006 12:57 PM
> >             To: ISA Mailing List
> >             Subject: [isalist] Re: [ISAserver.org 
> > Discussion List] FTP Servers
> > 
> >             You are such a complete ass Andrew....the 
> > server protocol is for publishing your own FTP servers. You 
> > want to allow the FTP protocol.
> > 
> >              
> > 
> >             S
> > 
> >              
> > 
> > ________________________________
> > 
> >             From: isalist-bounce@xxxxxxxxxxxxx 
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
> >             Sent: Wednesday, March 22, 2006 3:04 PM
> >             To: ISA Mailing List
> >             Subject: RE: [isalist] Re: [ISAserver.org 
> > Discussion List] FTP Servers
> > 
> >              
> > 
> >             Jim,
> > 
> >              
> > 
> >             None of the workstations use the web proxy, or 
> > firewall client software of ISA 2004. They use Secure NAT, 
> > they are going out through ISA like if you had a dummy 
> > Linksys cable DSL router.
> > 
> >              
> > 
> >             Example:
> > 
> >              
> > 
> >             ISA is on 192.168.1.1
> > 
> >              
> > 
> >             GW: for all clients on the DHCP server is 
> > 192.168.1.1, again there is no web proxy setup and no 
> > firewall client ware installed. 
> > 
> >              
> > 
> >             Secondly what I meant in my other comment which 
> > you are so egger to twist around is that I have not tampered 
> > with the default firewall settings of ISA, yes I have added 
> > my own rules to the system, but if you look at the default 
> > core settings for ICMP, etc they have all been left alone.
> > 
> >              
> > 
> >             Now are you going to keep acting this way if I 
> > say, you know Jim I installed a new ISA server that only had 
> > two rules in it, one for the FTP server to the outside using 
> > the default FTP Server protocol, and the other which is the 
> > default DENY rule that ISA creates? Are you going to blame on 
> > the web proxy or firewall client if neither are installed or 
> > being used?
> > 
> >              
> > 
> >             Lets be realistic here, if you don't know the 
> > answer why ISA out of the box with two rules in it won't 
> > connect to FTP servers that don't use passive mode why make a 
> > fuss of it? Why not ask Bill to loan you one his boxes, 
> > install ISA 2004, email me for a couple test accounts and go 
> > to town, then say geez you know there is a bug or maybe 
> > Microsoft doesn't care?  You have the time and certainly the 
> > money to investigate it further, than I do yet you keep 
> > hounding people to show you more evidence before you will get 
> > off your dairy air and do something.. ;)
> > 
> >              
> > 
> >             Regards,
> > 
> >             Andrew
> > 
> >              
> > 
> > ________________________________
> > 
> >             From: isalist-bounce@xxxxxxxxxxxxx on behalf of 
> > Jim Harrison
> >             Sent: Wed 22/03/2006 12:33 PM
> >             To: isalist@xxxxxxxxxxxxx
> >             Subject: [isalist] Re: [ISAserver.org 
> > Discussion List] FTP Servers
> > 
> >             http://www.ISAserver.org
> >             -------------------------------------------------------
> >              
> >             No - you said:
> >             "I seem to only be able to get access to FTP 
> > servers using PASV modem on my workstations that are setup 
> > under secure NAT".
> >             This leaves the failing case hanging somewhere 
> > between web proxy and firewall clients.
> >             You also stated:
> >             "..I have had to reinstall ISA 2004.." and 
> > "Nothing on the ISA configuration level has been modified or 
> > changed", which are just a bit contradictory.
> >             
> >             You haven't given anyone anything to work from, like:
> >             - client errors
> >             - ISA logs
> >             - captures
> >             
> >             If the problem is important enough to involve 
> > an entire list, its important enough to provide something 
> > more than conjecture and contradiction.
> >             
> >             There are a great many FTP servers that 
> > disallow active mode; and with good reason.
> >             
> >             -------------------------------------------------------
> >                Jim Harrison
> >                MCP(NT4, W2K), A+, Network+, PCG
> >                http://isaserver.org/Jim_Harrison/
> >                http://isatools.org
> >                Read the help / books / articles!
> >             -------------------------------------------------------
> > 
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > ------------------------------------------------------
> > List Archives: http://www.freelists.org/archives/isalist/  
> > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp 
> > ISA Server Articles and Tutorials: 
> > http://www.isaserver.org/articles_tutorials/ 
> > ISA Server Blogs: http://blogs.isaserver.org/ 
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com 
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> > Report abuse to listadmin@xxxxxxxxxxxxx 
> > 
> > 
> > 
> ------------------------------------------------------
> List Archives: http://www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: http://www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> 
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: