http://www.ISAserver.org ------------------------------------------------------- It's not - it just wasn't' disabled, either... <sigh> ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Wednesday, March 22, 2006 13:30 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers http://www.ISAserver.org ------------------------------------------------------- Got it. I didn't think that was supported. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Wednesday, March 22, 2006 3:27 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers > > http://www.ISAserver.org > ------------------------------------------------------- > > Intended to support FWC-based publishing a la Proxy 2.. > > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Wednesday, March 22, 2006 11:31 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers > > http://www.ISAserver.org > ------------------------------------------------------- > > Yep, you're right again, working man. > > I just tested it. I wonder why they allow this to be an option? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: Wednesday, March 22, 2006 1:20 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > You *can* use "server" protocols in access rules, but the > won't allow > > traffic from the internal to the external net. > > I seriously doubt that Andy has tested this with any reasonable > > process. > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > > Sent: Wednesday, March 22, 2006 11:09 > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers > > > > Dude, > > 'preciate ya, but I don't think that can happen. You can use Server > > PDs in an Access Rule, so unless something is more whack than what > > meets the eye, traces are still in order. > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org <http://www.isaserver.org/> > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP > > -- ISA Firewalls > > > > > > > > > > ________________________________ > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat > > Sent: Wednesday, March 22, 2006 1:02 PM > > To: ISA Mailing List > > Subject: [isalist] Re: [ISAserver.org Discussion List] > FTP Servers > > > > > > > > That's OK...I'll keep you and Jim on the right track...J > > > > > > > > ________________________________ > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > > Sent: Wednesday, March 22, 2006 3:02 PM > > To: ISA Mailing List > > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers > > > > > > > > LOL! I didn't even notice that, it got lost in the noise :)) > > > > > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org <http://www.isaserver.org/> > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > > > > ________________________________ > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat > > Sent: Wednesday, March 22, 2006 12:57 PM > > To: ISA Mailing List > > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP > > Servers > > > > You are such a complete ass Andrew....the server protocol is > > for > > publishing your own FTP servers. You want to allow the FTP protocol. > > > > > > > > S > > > > > > > > ________________________________ > > > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > > Sent: Wednesday, March 22, 2006 3:04 PM > > To: ISA Mailing List > > Subject: RE: [isalist] Re: [ISAserver.org Discussion List] FTP > > Servers > > > > > > > > Jim, > > > > > > > > None of the workstations use the web proxy, or firewall client > > software of ISA 2004. They use Secure NAT, they are going out > > through ISA like if you had a dummy Linksys cable DSL router. > > > > > > > > Example: > > > > > > > > ISA is on 192.168.1.1 > > > > > > > > GW: for all clients on the DHCP server is 192.168.1.1, again > > there > > is no web proxy setup and no firewall client ware installed. > > > > > > > > Secondly what I meant in my other comment which you are so > > egger > > to twist around is that I have not tampered with the default > > firewall settings of ISA, yes I have added my own rules to the > > system, but if you look at the default core settings for ICMP, etc > > they have all been left alone. > > > > > > > > Now are you going to keep acting this way if I say, you know > > Jim I > > installed a new ISA server that only had two rules in it, one for > > the FTP server to the outside using the default FTP Server protocol, > > and the other which is the default DENY rule that ISA creates? Are > > you going to blame on the web proxy or firewall client if neither > > are installed or being used? > > > > > > > > Lets be realistic here, if you don't know the answer why ISA > > out > > of the box with two rules in it won't connect to FTP servers that > > don't use passive mode why make a fuss of it? Why not ask Bill to > > loan you one his boxes, install ISA 2004, email me for a couple test > > accounts and go to town, then say geez you know there is a bug or > > maybe Microsoft doesn't care? You have the time and certainly the > > money to investigate it further, than I do yet you keep hounding > > people to show you more evidence before you will get off your dairy > > air and do something.. ;) > > > > > > > > Regards, > > > > Andrew > > > > > > > > ________________________________ > > > > From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison > > Sent: Wed 22/03/2006 12:33 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP > > Servers > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > No - you said: > > "I seem to only be able to get access to FTP servers using PASV > > modem on my workstations that are setup under secure NAT". > > This leaves the failing case hanging somewhere between web > > proxy > > and firewall clients. > > You also stated: > > "..I have had to reinstall ISA 2004.." and "Nothing on the ISA > > configuration level has been modified or changed", which are just a > > bit contradictory. > > > > You haven't given anyone anything to work from, like: > > - client errors > > - ISA logs > > - captures > > > > If the problem is important enough to involve an entire list, > > its > > important enough to provide something more than conjecture and > > contradiction. > > > > There are a great many FTP servers that disallow active mode; > > and > > with good reason. > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > All mail to and from this domain is GFI-scanned. > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx