Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Clients still cant FTP with Web Proxy

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> General >> Clients still cant FTP with Web Proxy Page: [1]
Login
Message << Older Topic   Newer Topic >>
Clients still cant FTP with Web Proxy - 25.Sep.2004 10:02:00 PM   
anihilus

 

Posts: 10
Joined: 4.Aug.2004
Status: offline 		I've read all the posts about FTP, Web Proxy, and ISA 2004...and cannot figure out..

For some reason my clients still cannot FTP with IE or FTP client using the Web Proxy on port 8080.

On the monitor i see:
FROM: 192.168.16.10
TO: 207.46.133.140 (microsoft)
PORT: 21
PROTOCOL: FTP
ACTION: Failed Connection Attempt
RULE: Unrestricted Internet access
SOURCE NTW:Internal
DEST NTW: External

Any ideas?

any help would be great!
Thank you!
Post #: 1
RE: Clients still cant FTP with Web Proxy - 25.Sep.2004 11:53:00 PM   
sysop

 

Posts: 27
Joined: 20.Sep.2004
Status: offline 		hi, i just wanted to let you know that i also experience strange behaviour with ftp sites on the net from my internal network.

Only in my case it only happens with sites that use NAT or some Non routable IP.

(in reply to anihilus)
Post #: 2
RE: Clients still cant FTP with Web Proxy - 26.Sep.2004 5:05:00 AM   
nonsence

 

Posts: 57
Joined: 4.Aug.2003
From: Waterloo
Status: offline 		i get the same problem. i use flashfxp as my client and can never use the http proxy!

(in reply to anihilus)
Post #: 3
RE: Clients still cant FTP with Web Proxy - 26.Sep.2004 5:30:00 PM   
sysop

 

Posts: 27
Joined: 20.Sep.2004
Status: offline 		rofl! well i found out what was causing my problems.

DON'T FORGET TO ENABLE 'UPLOAD' IN PROTOCOL FILTERING! (disable read only)

this goes for both inbound and outbound traffic.

[ September 26, 2004, 05:32 PM: Message edited by: sysop ]

(in reply to anihilus)
Post #: 4
RE: Clients still cant FTP with Web Proxy - 26.Sep.2004 6:03:00 PM   
tshinder

 

Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi anihilus,

As sysop said, if you can't upload, make sure the FTP policy allows uploads.

Also, what sites can't you connect to using IE? What are you IE settings for FTP?

Thanks!
Tom

(in reply to anihilus)
Post #: 5
RE: Clients still cant FTP with Web Proxy - 26.Sep.2004 9:24:00 PM   
anihilus

 

Posts: 10
Joined: 4.Aug.2004
Status: offline 		Great responses....but...

The problem is I cannot connect at all!

CONNECTION
-Attempt to connect to ftp.microsoft.com (207.46.133.140)
-Using WSFTP, or
-IE (Browser Settings: FTP folder view enabled; use passiv FTP enabled)

FIREWALL SETTINGS
I have the following settings in the ISA 2004 Firewall Policy:
-Unrestricted internet access through the default edge firewall template
-allows "all outbound access" from 'Internal to External'
-I have FTP "read only" turned off. DO I NEED SOMETHING ELSE? Perhaps another rule?

LOGGING MONITOR RESULTS
The log monitor in ISA states "Failed Connection Attempt"

On the log monitor i see:
FROM: 192.168.16.10
TO: 207.46.133.140 (microsoft)
PORT: 21
PROTOCOL: FTP
ACTION: Failed Connection Attempt
RULE: Unrestricted Internet access
SOURCE NTW:Internal
DEST NTW: External

Hope that helps

(in reply to anihilus)
Post #: 6
RE: Clients still cant FTP with Web Proxy - 26.Sep.2004 9:49:00 PM   
sysop

 

Posts: 27
Joined: 20.Sep.2004
Status: offline 		Sorry for shouting [Smile] Your firewall settings look fine from my point of view so my best bet is to troubleshoot elsewere.

I can't test it myself because i just burned my nic to the external network (i'm typing this from behind MS ICF)

[ September 26, 2004, 09:50 PM: Message edited by: sysop ]

(in reply to anihilus)
Post #: 7
RE: Clients still cant FTP with Web Proxy - 27.Sep.2004 4:56:00 AM   
tshinder

 

Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Sysop,

Can you telnet to TCP 21 at ftp.microsoft.com?

Are you using the SecureNAT or Firewall client?

Thanks!
Tom

(in reply to anihilus)
Post #: 8
RE: Clients still cant FTP with Web Proxy - 27.Sep.2004 6:27:00 AM   
anihilus

 

Posts: 10
Joined: 4.Aug.2004
Status: offline 		Hi Tom, I assume you were writing to me not sysop

I am using SecureNAT.

My ISA Server 2004 is on Win2003 Server using two NICs, (external connected to a static address; internal at 192.168.16.2)

DHCP is also installed on this machine (is this bad?) assigning (192.168.16.10-255) to clients. All clients use Web Proxy, no clients will use FW Client.

Clients surf with IE, thier browser settings are as follows; everything unchecked except for Proxy which points to 192.168.16.2 using port 8080

EXAMPLE Local Area Connection of a Client:

Physical Address: 00-xx-xx-xx-xx-xx
IP Address: 192.168.16.10
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.16.2
DHCP Server: 192.168.16.2
Lease Obtained: 9/26/2004 9:27:15 PM
Lease Expires: 9/26/2004 9:28:15 PM
DNS Servers: 192.168.16.2, 192.168.16.50
WINS Server: 192.168.16.2

DNS is not installed on this ISA even though the above client points to the isa as a DNS server. (dunno why...i assume its passing through the ISA to the internet)

AD/DNS is instaled on a Exchange 2003 server behind the ISA at 192.168.16.50 (I user ISA to publish the exchange server)

I'm sure there are a million ways to do this but everything works and as far as I know everything is secure. THE ONLY THING NOT WORKING IS FTP FOR MY CLIENTS.

Hope that helps.

thanks.

[ September 27, 2004, 06:30 AM: Message edited by: anihilus ]

(in reply to anihilus)
Post #: 9
RE: Clients still cant FTP with Web Proxy - 27.Sep.2004 7:11:00 AM   
tshinder

 

Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi anihilus,

First, if the ISA firewall isn't a DNS server, make sure the clients DO NOT have it's IP address assigned to them as a DNS server. That is going to break a lot of things.

Test the command line FTP client and see if you can connect to ftp.microsoft.com. But first, telnet to ftp.microsoft.com 21

HTH,
Tom

(in reply to anihilus)
Post #: 10
RE: Clients still cant FTP with Web Proxy - 27.Sep.2004 8:36:00 AM   
sysop

 

Posts: 27
Joined: 20.Sep.2004
Status: offline 		Hi Tom,

I cannot test it because my isa server is down atm (i destroyed its NIC to Internet)

By the way my ftp problem is solved.

Thanks

quote:
Originally posted by tshinder:
Hi Sysop,

Can you telnet to TCP 21 at ftp.microsoft.com?

Are you using the SecureNAT or Firewall client?

Thanks!
Tom

(in reply to anihilus)
Post #: 11
RE: Clients still cant FTP with Web Proxy - 27.Sep.2004 10:36:00 PM   
anihilus

 

Posts: 10
Joined: 4.Aug.2004
Status: offline 		Tom,

I canot FTP via telnet or ftp commandline
it just times out.

i changed the DHCP to only point to the Exchange Server at 192.168.16.50 as its DNS

still cannot FTP, just times out.
-an

(in reply to anihilus)
Post #: 12
RE: Clients still cant FTP with Web Proxy - 2.Dec.2004 1:46:00 AM   
cyskon

 

Posts: 6
Joined: 16.Nov.2004
From: Jamaica
Status: offline 		What was the solution???????

(in reply to anihilus)
Post #: 13
RE: Clients still cant FTP with Web Proxy - 4.Dec.2004 8:53:00 PM   
anihilus

 

Posts: 10
Joined: 4.Aug.2004
Status: offline 		Don't know. No one can give me a straight answer. I've given up.

(in reply to anihilus)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> General >> Clients still cant FTP with Web Proxy Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts