Posts: 9
Joined: 4.Nov.2003
From: St. Marys, PA
Status: offline
Folks, I am in need of some help with a FTP problem. I am trying to FTP a site outside the ISA 2004 Server from a command prompt. The client is WinXP SP2 with a ISA 2004 Firewall Client installed. I have no issues with FTP using Internet Explorer. From the command prompt, I can connect, login, change directory, change the transfer type without issue. I assume this means that the control side of FTP is working. Finally, when I attempt to 'get' the file I receive 'Error opening local file' 'Permission Denied'. The Firewall logs state that it is receiving 'Unidentified IP Traffic' Any ideas?
Posts: 9
Joined: 4.Nov.2003
From: St. Marys, PA
Status: offline
Stefaan, After reading your articles, I'm not sure if I really have a problem or not. First of all 'Enable folder view for FTP sites' is checked and I am configured as a Firewall client. I am able to both login to the FTP site and do a dir command using the MS FTP command line. Since I haven't implemented your registry key, I assume that this means that I am in active mode. If both the control and data have both been tested, why to I get the error opening tha local file? Outside the firewall, it works fine.
Posts: 9
Joined: 4.Nov.2003
From: St. Marys, PA
Status: offline
Q1. I cannot get a file. I don't believe that I have rights to put a file. Q2. Yes, I did clear the FTP Read only flag. Q3. I:/>ftp ftp.kronos.com Connected to ftp.kronos.com. 220 Kronos FTP Services . . .(c)2003 Kronos Inc. User (ftp.kronos.com:(none)): customer 331 User okay, need password. Password: 230-Welcome to the Kronos FTP customer server 230-The 'Anonymous' account has no access on this server 230- 230- 230-**********************NOTICE************************** 230- 230-All files should use the following naming convention which 230-includes the current date as follows: 230- 230-abc 02102000.txt or xyz021100.zip or rst211.dat 230- 230-YOU WILL GET A PERMISSION DENIED ERROR IF 230-YOU ATTEMPT TO UPLOAD A DUPLICATE FILENAME. 230-PLEASE KEEP FILENAMES UNIQUE! 230- 230-******************************************************** 230- 230-Please use the 'DIR' command to list the files and directories. 230-The 'LS' command will only list file. This system is RFC959 230-compliant which explicityly mentions that 'LS' (NLST) 230-should only return files. 230- 230-********************************************************* 230- 230-Please contact the Kronos Helpdesk (helpdesk@kronos.com) 230-if you have any questions or comments. 230- 230-Thank You. 230- 230-Copyright(c) 2004 Kronos Incorporated. All Rights Reserved 230-Unauthorized access to this server is strictly prohibited. 230-user logged in, proceed. ftp>cd /outgoing 250 Directory changed to outgoing ftp>binary 200 Type set to I. ftp> get acswfc.zip Error opening local file acswfc.zip. > acswfc.zip:Permission denied ftp>
OK, let's try to summarize what we have: - you can log in. - you can perform a dir command. That means that the Data connection works too because it uses exactly the same protocol mechanisme as a normal get/put of a file. - you can't get a file. Hmm... why? - you didn't try a put of a file though ISA shouldn't block it (read only flag unchecked).
What is the ISA logging telling you? Can you take a NetMon trace on the ISA external interface? Can you try it with a SecureNAT client? Of course make sure you allow anonymous access for this.
Try another client - ncftp perhaps? I'm wondering if something in your ISA config is requiring pasv mode, which I don't believe the Windows CLI FTP client supports.