[isalist] Re: [ISAserver.org Discussion List] FTP Servers
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Mar 2006 13:51:19 -0800
http://www.ISAserver.org
-------------------------------------------------------
It's not - it just wasn't' disabled, either...
<sigh>
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Wednesday, March 22, 2006 13:30
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
http://www.ISAserver.org
-------------------------------------------------------
Got it. I didn't think that was supported.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Wednesday, March 22, 2006 3:27 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Intended to support FWC-based publishing a la Proxy 2..
>
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Wednesday, March 22, 2006 11:31
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Yep, you're right again, working man.
>
> I just tested it. I wonder why they allow this to be an option?
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Wednesday, March 22, 2006 1:20 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > You *can* use "server" protocols in access rules, but the
> won't allow
> > traffic from the internal to the external net.
> > I seriously doubt that Andy has tested this with any reasonable
> > process.
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > Sent: Wednesday, March 22, 2006 11:09
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
> >
> > Dude,
> > 'preciate ya, but I don't think that can happen. You can use Server
> > PDs in an Access Rule, so unless something is more whack than what
> > meets the eye, traces are still in order.
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org <http://www.isaserver.org/>
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP
> > -- ISA Firewalls
> >
> >
> >
> >
> > ________________________________
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> > Sent: Wednesday, March 22, 2006 1:02 PM
> > To: ISA Mailing List
> > Subject: [isalist] Re: [ISAserver.org Discussion List]
> FTP Servers
> >
> >
> >
> > That's OK...I'll keep you and Jim on the right track...J
> >
> >
> >
> > ________________________________
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > Sent: Wednesday, March 22, 2006 3:02 PM
> > To: ISA Mailing List
> > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP Servers
> >
> >
> >
> > LOL! I didn't even notice that, it got lost in the noise :))
> >
> >
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org <http://www.isaserver.org/>
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> >
> >
> > ________________________________
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
> > Sent: Wednesday, March 22, 2006 12:57 PM
> > To: ISA Mailing List
> > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP
> > Servers
> >
> > You are such a complete ass Andrew....the server protocol is
> > for
> > publishing your own FTP servers. You want to allow the FTP protocol.
> >
> >
> >
> > S
> >
> >
> >
> > ________________________________
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
> > Sent: Wednesday, March 22, 2006 3:04 PM
> > To: ISA Mailing List
> > Subject: RE: [isalist] Re: [ISAserver.org Discussion List] FTP
> > Servers
> >
> >
> >
> > Jim,
> >
> >
> >
> > None of the workstations use the web proxy, or firewall client
> > software of ISA 2004. They use Secure NAT, they are going out
> > through ISA like if you had a dummy Linksys cable DSL router.
> >
> >
> >
> > Example:
> >
> >
> >
> > ISA is on 192.168.1.1
> >
> >
> >
> > GW: for all clients on the DHCP server is 192.168.1.1, again
> > there
> > is no web proxy setup and no firewall client ware installed.
> >
> >
> >
> > Secondly what I meant in my other comment which you are so
> > egger
> > to twist around is that I have not tampered with the default
> > firewall settings of ISA, yes I have added my own rules to the
> > system, but if you look at the default core settings for ICMP, etc
> > they have all been left alone.
> >
> >
> >
> > Now are you going to keep acting this way if I say, you know
> > Jim I
> > installed a new ISA server that only had two rules in it, one for
> > the FTP server to the outside using the default FTP Server protocol,
> > and the other which is the default DENY rule that ISA creates? Are
> > you going to blame on the web proxy or firewall client if neither
> > are installed or being used?
> >
> >
> >
> > Lets be realistic here, if you don't know the answer why ISA
> > out
> > of the box with two rules in it won't connect to FTP servers that
> > don't use passive mode why make a fuss of it? Why not ask Bill to
> > loan you one his boxes, install ISA 2004, email me for a couple test
> > accounts and go to town, then say geez you know there is a bug or
> > maybe Microsoft doesn't care? You have the time and certainly the
> > money to investigate it further, than I do yet you keep hounding
> > people to show you more evidence before you will get off your dairy
> > air and do something.. ;)
> >
> >
> >
> > Regards,
> >
> > Andrew
> >
> >
> >
> > ________________________________
> >
> > From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison
> > Sent: Wed 22/03/2006 12:33 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: [ISAserver.org Discussion List] FTP
> > Servers
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > No - you said:
> > "I seem to only be able to get access to FTP servers using PASV
> > modem on my workstations that are setup under secure NAT".
> > This leaves the failing case hanging somewhere between web
> > proxy
> > and firewall clients.
> > You also stated:
> > "..I have had to reinstall ISA 2004.." and "Nothing on the ISA
> > configuration level has been modified or changed", which are just a
> > bit contradictory.
> >
> > You haven't given anyone anything to work from, like:
> > - client errors
> > - ISA logs
> > - captures
> >
> > If the problem is important enough to involve an entire list,
> > its
> > important enough to provide something more than conjecture and
> > contradiction.
> >
> > There are a great many FTP servers that disallow active mode;
> > and
> > with good reason.
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
