• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

13301 Connection to FTP site

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> 13301 Connection to FTP site Page: [1]
Login
Message << Older Topic   Newer Topic >>
13301 Connection to FTP site - 18.Apr.2006 6:11:00 PM   
MLT

 

Posts: 6
Joined: 8.Feb.2006
Status: offline
I am having problems accessing a particular FTP site.  I am using the Firewall client.  I have no problems accessing sites with the following address type:

ftp.sitename.com

However when I try to access an FTP site at the following

www.sitename.com

It does not work.  I get a 13301 in the firewall log.  I am attempting to access the site just using the DOS command. 

If I go to IE and type ftp://username:pwd@www.sitename.com I get read only access which is what I expect.  However, I need to have write access to this site. 

I have the FTP application filter enabled, the protocol definitions for FTP and FTP Server, a protocol rule including the definitions for any request. 

What am I missing?  It appears in my firewall log that sucessfull connections use two rules - Internet Access and Allowed Web Sites.  On my failed connection it does not use any rules. 

If I change my user to be "unrestricted" which uses a rule called Allow Rule, everything works perfect.  As soon as I switch back to the Allowed Web Sites rule is when things don't work.  I have *.sitename.com in my Destination set for that rule but still no dice.

Any help is greatly appreciated!

Thanks

< Message edited by MLT -- 18.Apr.2006 6:18:33 PM >
Post #: 1
The actual error is 13301 - Sorry about the typo - 18.Apr.2006 6:12:41 PM   
MLT

 

Posts: 6
Joined: 8.Feb.2006
Status: offline
The actual error is 13301 - Sorry about the typo

(in reply to MLT)
Post #: 2
RE: 13301 Connection to FTP site - 18.Apr.2006 8:41:35 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi MLT,

for the meaning of '13301' check out http://support.microsoft.com/default.aspx?scid=kb;en-us;284818. So, your firewall policy doesn't allow that type of traffic. What is the content of the log fields Rule#1 (protocol rule) and Rule#2 (site&content rule) for that traffic?

HTH,
Stefaan

(in reply to MLT)
Post #: 3
RE: 13301 Connection to FTP site - 18.Apr.2006 9:48:51 PM   
MLT

 

Posts: 6
Joined: 8.Feb.2006
Status: offline
Steffan here are the entries in the log:

192.168.1.75 dobrien ftp.exe:3:5.1 2006-04-18 13:30:34 OCCSRV www.opechee.com 209.41.170.70 - - - - - - GHBN 0 - Allowed Web Sites 69 0
192.168.1.75 dobrien ftp.exe:3:5.1 2006-04-18 13:30:34 OCCSRV - 209.41.170.70 21 - - - 21 TCP Connect 13301 - - 69 110

Notice the first entry with one rule and the second entry does not contain any.  A successfull ftp connection does this:

192.168.1.75 dobrien ftp.exe:3:5.1 2006-04-18 13:30:46 OCCSRV ftp.greatbaycommons.com 68.142.234.89 - - - - - - GHBN 0 - Allowed Web Sites 69 0
192.168.1.75 dobrien ftp.exe:3:5.1 2006-04-18 13:30:46 OCCSRV - 68.142.234.89 21 15 - - 21 TCP Connect 0 Internet Access Allowed Web Sites 69 111
192.168.1.75 dobrien ftp.exe:3:5.1 2006-04-18 13:31:09 OCCSRV - 68.142.234.89 21 22390 13 244 21 TCP Connect 20000 Internet Access Allowed Web Sites 69 111

I knew what the error meant, I'm just having a tough time trying to figure out where I went wrong.  Its really odd.

Thanks!

(in reply to spouseele)
Post #: 4
RE: 13301 Connection to FTP site - 18.Apr.2006 10:08:49 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi MLT, 

aha... it seems that there is no match for a site&content rule. So, I guess that a forward and reverse DNS lookup doesn't match for those failing sites with an entry in your 'Allowed Web Sites'.

For more info, check out my article http://www.isaserver.org/tutorials/The_Mystery_of_the_HTTP_Redirector_and_SiteContent_Rules.html, particular section '3. Site&Content Rules'.

HTH,
Stefaan

(in reply to MLT)
Post #: 5
RE: 13301 Connection to FTP site - 18.Apr.2006 10:29:17 PM   
MLT

 

Posts: 6
Joined: 8.Feb.2006
Status: offline
Stefaan you are the man!!!!

I had some bizarre reverse DNS entries.  Added them to my Allowed Web Sites and BAM everything works.

Kudos to you!


(in reply to spouseele)
Post #: 6
RE: 13301 Connection to FTP site - 19.Apr.2006 8:35:53 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi MLT, 

glad to hear I could help and thanks for the follow up!

Stefaan

(in reply to MLT)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> 13301 Connection to FTP site Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts