Welcome to ISAserver.org

FTP Publishing

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> Server Publishing >> FTP Publishing

Page: [1]

Message

<< Older Topic Newer Topic >>

FTP Publishing - 2.Jul.2008 10:21:11 AM

mkrall

Posts: 3
Joined: 2.Jul.2008
Status: offline

I am using ISA2006 publishing an FTP server on Win2003 IIS. At one time it was working. I am sure I modified the configuration somewhat since it worked, but did not change anything related to that particular published server. FTP still works from inside the network, but not from the outside through ISA.

I have tried two different FTP clients as well as a dos prompt. When I log in from DOS I am able to connect and log in, but when I issue a "dir" command, I get a "connection closed by remote host" message. The FTP clients give error messages along the lines of "error retrieving directory listing". I have tried both passive and active mode on the FTP clients, I have tried both settings in ISA for whether the requests appear from ISA or the client, I have tried pointing the default gateway of the IIS box at both the inside router(this was the setting in use when everything worked) as well as the internal NIC of the ISA box. I even went so far as to back up the configuration and run the edge firewall wizard to reset the entire configuration and then add in the one rule for FTP publishing.

I am not sure what else to try, does anyone have any ideas?

Post #: 1

Featured Links*

RE: FTP Publishing - 5.Jul.2008 11:53:07 AM

tshinder

Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline

Check the firewall's log file to see what happens when FTP connections are made.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to mkrall)

Post #: 2

RE: FTP Publishing - 7.Jul.2008 9:16:27 AM

mkrall

Posts: 3
Joined: 2.Jul.2008
Status: offline

Here are the two entries from the log file:

Source Port Result Code     Destination IP Dest Port Protocol    Action   Rule   Client IP Source Dest

1063  0x0 ERROR_SUCCESS    172.20.10.40 21    FTP Server    Initiated Connection FTP Publishing  72.243.192.92 Ext Int

21  0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED 72.243.192.92 1063    Unidentified IP Traffic (TCP:1063) Denied Connection 72.243.192.99 Local Ext

I didn't have a lot of success formatting this, but the first section is the headings, followed by the two relevant lines from the logs

(in reply to tshinder)

Post #: 3

RE: FTP Publishing - 7.Jul.2008 10:04:47 AM

tshinder

Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline

From what I can tell, there seems to be a spoofing problem. Can't tell if the client or the FTP server is on the spoofed side though.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to mkrall)

Post #: 4

RE: FTP Publishing - 7.Jul.2008 12:17:44 PM

mkrall

Posts: 3
Joined: 2.Jul.2008
Status: offline

Do you know of anything else to try other than disabling spoof detection?

(in reply to tshinder)

Post #: 5

RE: FTP Publishing - 11.Jul.2008 10:07:11 AM

tshinder

Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline

Spoofing is connected to the definition of your ISA Firewall Networks. If you have some configured correctly, you'll never see a spurious spoofing message (except for VPN client connections).

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to mkrall)

Post #: 6