Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
FTP access
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
FTP access - 22.Nov.2005 6:54:57 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
can any please help me figure out FTP connection?
I have configured client to use webproxy.
I only have 3 access policy?
default access policy
DNS lookup policy ( allows everyone)
INternet access policy ( allows ftp,http,https..protocol to allusers)
when user tries to connect ftp it does not work...
do I have to configure on ISA server, Am I doing something wrong here>
This is the log error I get on ISA server when I try to connect to FTP using FTP client
on FTP client
cant connect to FTP
host unreachable.
ON ISA SERVER
unidentified IP traffic
action denied
rule enterprise default rule
|
|
|
|
|
RE: FTP access - 22.Nov.2005 8:12:31 PM
|
|
|
mrupright
Posts: 68
Joined: 18.Oct.2004
Status: offline
|
Bhavin,
Have you installed the firewall client?
|
|
|
|
|
RE: FTP access - 22.Nov.2005 8:41:19 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
I have not installed firewall client?
what difference it's going to make if I use firewall client?
I want to avoid installing Firewall Client on all PC.
|
|
|
|
|
RE: FTP access - 23.Nov.2005 4:50:11 PM
|
|
|
mrupright
Posts: 68
Joined: 18.Oct.2004
Status: offline
|
Bhavin,
The rules you have defined should allow you to connect via ftp. Can anyone connect to anyftp site? I don't mean to sound flippant, but are you sure that the ftp site you are trying to connect to is available? From what your ftp client reports, it appears to be the case. Can you connect to the site below?
ftp://ftp.loc.gov/pub
|
|
|
|
|
RE: FTP access - 23.Nov.2005 4:58:11 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
cannot connect to FTP using FTP client.
I can use IE browser to connect to any ftp works fine but not with ftp client.
secNAT client can connect to any ftp using ftp client but not with web proxy.
|
|
|
|
|
RE: FTP access - 23.Nov.2005 9:04:19 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
good article but still cannot figure out my issue with FTP using FTP client
|
|
|
|
|
RE: FTP access - 23.Nov.2005 9:12:03 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi bhavin78,
is the client configured as a SecureNAT client?
If that's case, can the client resolve the FQDN of the external FTP server?
If that works too, try the standard Microsoft FTP command line client to connect to an external FTP server. What's the result and what is the ISA log telling you?
HTH,
Stefaan
|
|
|
|
|
RE: FTP access - 23.Nov.2005 9:54:54 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
is the client configured as a SecureNAT client?
CLIENT IS CONFIGURED AS WEBPROXY BUT WHEN IT'S CONFIUGRED AS SECURE NAT IT WORKS
If that's case, can the client resolve the FQDN of the external FTP server?
If that works too, try the standard Microsoft FTP command line client to connect to an external FTP server. What's the result and what is the ISA log telling you?
I TRIED FTP.MICROSOFT.COM AND IT GAVE ME AN ERROR (UNKNOWN ERROR NUMBER)
HTH,
Stefaan
|
|
|
|
|
RE: FTP access - 25.Nov.2005 4:02:11 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
When I configure client as SecureNAT FTP works using browser and FTp client.
When I configure client as WEBPROXY FTP works using browser BUT FTp does not work using ftp client.
I tried this with client configured as webproxy
ftp> open
To ftp.microsoft.com
> ftp: connect :Unknown error number
To ftp.microsoft.com
> ftp: connect :Unknown error number
ftp>
I isa server I dont see any logs when I run above commands.
I tried my best to explain
|
|
|
|
|
RE: FTP access - 25.Nov.2005 4:20:01 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
OK, so where is the problem? What you describe is expected behavior and exactly as Stefaan explained.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: FTP access - 25.Nov.2005 4:23:53 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
I didnt understant what you mean to say? please explain.
|
|
|
|
|
RE: FTP access - 25.Nov.2005 5:12:53 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
What part of Stefaan's and my answer do you not understand?
Command line FTP does not use WP, plain and simple.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: FTP access - 25.Nov.2005 6:03:52 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
This is what I tried with SecNat client.
C:\Documents and Settings\bpatel>ftp
ftp> open
To ftp.microsoft.com
Connected to ftp.microsoft.com.
220 Microsoft FTP Service
User (ftp.microsoft.com:(none)): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
230-Welcome to ftp.microsoft.com. Please also visit http://www.micros
wnloads.
230 Anonymous user logged in.
ftp> dir
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
dr-xr-xr-x 1 owner group 0 Nov 25 2002 bussys
dr-xr-xr-x 1 owner group 0 May 21 2001 deskapps
dr-xr-xr-x 1 owner group 0 Apr 20 2001 developr
dr-xr-xr-x 1 owner group 0 Nov 18 2002 KBHelp
dr-xr-xr-x 1 owner group 0 Jul 2 2002 MISC
dr-xr-xr-x 1 owner group 0 Dec 16 2002 MISC1
dr-xr-xr-x 1 owner group 0 Feb 25 2000 peropsys
dr-xr-xr-x 1 owner group 0 Jan 2 2001 Products
dr-xr-xr-x 1 owner group 0 Apr 4 2003 PSS
dr-xr-xr-x 1 owner group 0 Sep 21 2000 ResKit
dr-xr-xr-x 1 owner group 0 Feb 25 2000 Services
dr-xr-xr-x 1 owner group 0 Feb 25 2000 Softlib
226 Transfer complete.
ftp: 809 bytes received in 0.00Seconds 809000.00Kbytes/sec.
ftp>
So what about WebProxy? I just want to know why I cannot connect to FTP server using FTP client when configured as WP client.
What are the other optioin to make this work? Dont want to configure client as use SecNat as windows groups authentication is not supported.
|
|
|
|
|
RE: FTP access - 25.Nov.2005 6:06:44 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi bhavin78,
I suggest you re-read my article again! As explained in there, IE can act as a Web Proxy, a Firewall or a SecureNat client for FTP access. Everything depends on how IE is configured, particular the setting Enable folder view for FTP sites is very important. However, the Microsoft commandline FTP client can only act as a Firewall or SecureNAT client.
Also, take note that a Web Proxy client can only do FTP downloads by design. Therefore, if you need full FTP support then the clients must be Firewall and/or SecureNAT clients. To better understand how the different ISA clients interact with each other and the ISA server, check out my article http://www.isaserver.org/articles/IPSec_Passthrough.html section 4. Configuring ISA Clients. Maybe I should put that information in a separate article because it is so fundamental to really understand how things really work.
Another important thing to keep always in mind is that only Web Proxy and Firewall clients can authenticate against the ISA server. Therefore, if you want to use user authentication with full FTP support then the clients must be Firewall clients and you should not use IE as FTP client.
HTH,
Stefaan
< Message edited by spouseele -- 25.Nov.2005 6:12:35 PM >
|
|
|
|
|
RE: FTP access - 25.Nov.2005 6:11:49 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
Please help me to clear following....
I dont have too much knowledge of this. I read your article twice but still confuse. I just need to know following, if you can please tell me straight I will understand better.
I just want to know why I cannot connect to FTP server using FTP client when configured as WP client.
Is it possible to connect to ftp server using ftp client when configured as WP? why?
What are the other optioin to make this work?
Dont want to configure client as use SecNat as windows groups authentication is not supported.
Want to avoid installing Firewall client on users P.
|
|
|
|
|
RE: FTP access - 25.Nov.2005 6:20:36 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi bhavin78,
by design a Web Proxy client can only use the protocols HTTP, HTTPS and FTP through HTTP. Therefore the normal FTP protocol is *not* supported. Nothing you can do about that because it is by design.
So, you have no other option than using the Firewall client for non-HTTP protocols if you want to support user authentication.
HTH,
Stefaan
< Message edited by spouseele -- 25.Nov.2005 6:23:21 PM >
|
|
|
|
|
RE: FTP access - 25.Nov.2005 6:33:03 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
Now my understanding is that FTP client is not supported by WP(WP only suppport Http and Https even thoug you can add FTP as list of protocols its not supported) but can use IE to browse ftp server.
what about yahoo messenger with WP? it's not working for me
|
|
|
|
|
RE: FTP access - 25.Nov.2005 6:48:46 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
quote:
What part of Stefaan's and my answer do you not understand?
Command line FTP does not use WP, plain and simple.
Now, it is very clear by your example that you use commandline FTP and it is also clear by your response that you want the Microsoft commandline FTP to behave differently than what Microsoft intended.
As I already said, the commandline FTP does NOT use web proxy. You need to accept that and move on.
Web Proxy is an application layer proxy and while there are applications such as IE that support it, the OS at the commandline does not. The Firewall client, being a winsock replacement will support commandline FTP.
Stefaan wrote a good atricle that explains the three client types and how they work within the network OSI model. You only need to accept that the commandline FTP does not support WP. If you want that changed, you will have to ask Microsoft to change it but I'm pretty sure they cannot and will not.
< Message edited by LLigetfa -- 25.Nov.2005 6:51:45 PM >
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
