Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Problems FTPing OUT from behind ISA 2006
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Problems FTPing OUT from behind ISA 2006 - 14.Aug.2007 6:15:09 AM
|
|
|
mlomas
Posts: 19
Joined: 4.Jan.2007
Status: offline
|
Hi there.
We've deployed ISA Server 2006 Enterprise last night as our main edge firewall.
Everything's gone smoothly so far, save for one issue with FTP. Internal clients and servers on the internal network cannot connect to FTP sites on the Internet. This is causing us quite a serious problem, as one of our internal servers uses FTP to download data feeds from our partners.
The server in question is acting as a SecureNAT client. The FTP protocol on the ISA Server is still bound to the FTP Application Filter, which is enabled. The configuration of FTP for the rule is set to allow FTP uploads.
The rule in question is configured to allow the server (as defined by its local IP address) access to the external network, all of the time, for all users, for the FTP protocol (although we have tried setting it to all protocols too).
When we try to connect to any FTP site (even anonymous), from IE on an internal client machine, we get a page cannot be displayed. We've tried various combinations of enabling / disabling folder view, and PASV mode.
If we try to connect to an FTP site using the FTP command line tool, we get the initial response from the FTP server, but the moment we try to proceed by logging on, or logging on as anonymous, the connection is dropped. eg:
C:\Windows\system32>ftp -d -A ftp.microsoft.com
Connected to ftp.microsoft.com.
220 Microsoft FTP Service
---> USER anonymous
Connection closed by remote host.
Any attempt to connect to any FTP server allways results in the same "Connection closed by remote host" error.
We are running ISA 2006 Enterprise, on Windows 2003 SP2, standard edition.
Any ideas or help would be greatly appreciated!
|
|
|
|
|
RE: Problems FTPing OUT from behind ISA 2006 - 14.Aug.2007 10:44:49 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
I get this:
C:\Documents and Settings\tshinder.TACTEAM>ftp ftp.microsoft.com.
Connected to ftp.microsoft.com.
220 Microsoft FTP Service
User (ftp.microsoft.com:(none)): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
230-Welcome to FTP.MICROSOFT.COM. Also visit http://www.microsoft.com/downloads.
230 Anonymous user logged in.
ftp> dir
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
dr-xr-xr-x 1 owner group 0 Feb 1 2006 bussys
dr-xr-xr-x 1 owner group 0 Feb 1 2006 deskapps
dr-xr-xr-x 1 owner group 0 Feb 1 2006 developr
dr-xr-xr-x 1 owner group 0 Feb 1 2006 KBHelp
dr-xr-xr-x 1 owner group 0 Feb 1 2006 MISC
dr-xr-xr-x 1 owner group 0 Feb 1 2006 MISC1
dr-xr-xr-x 1 owner group 0 Feb 1 2006 peropsys
dr-xr-xr-x 1 owner group 0 Jul 18 2006 Products
dr-xr-xr-x 1 owner group 0 Feb 1 2006 PSS
dr-xr-xr-x 1 owner group 0 Feb 1 2006 ResKit
dr-xr-xr-x 1 owner group 0 Feb 1 2006 Services
dr-xr-xr-x 1 owner group 0 Feb 1 2006 Softlib
226 Transfer complete.
ftp: 809 bytes received in 0.00Seconds 809000.00Kbytes/sec.
ftp>
Make sure you're not suffering from the Win2003 RSS bug.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Problems FTPing OUT from behind ISA 2006 - 14.Aug.2007 11:13:53 AM
|
|
|
mlomas
Posts: 19
Joined: 4.Jan.2007
Status: offline
|
Hi Tom
Thanks for the response.
We've disabled the registry keys for RSS and TCP Acceleration, but we can't reboot now that the server is live until out-of hours wednesday (argh!).
I'll let you know how we get on!
--
Mark Lomas
|
|
|
|
|
RE: Problems FTPing OUT from behind ISA 2006 - 15.Aug.2007 1:14:09 PM
|
|
|
mlomas
Posts: 19
Joined: 4.Jan.2007
Status: offline
|
OK!
Disabled RSS and TCPA in the registry and applied the hotfix - all working fine now!
Thanks for your help and time!
--
Mark Lomas
|
|
|
|
|
RE: Problems FTPing OUT from behind ISA 2006 - 20.Aug.2007 7:06:57 PM
|
|
|
robertgile
Posts: 9
Joined: 20.Aug.2007
Status: offline
|
Can you elaborate on what the Windows RSS bug is and the TCP acceleration fix? I am having the same problem with one of two ISA 2006 std servers. At one site I can FTP no problem. At the other site, I can log into FTP sites but can not get a file listing.
|
|
|
|
|
RE: Problems FTPing OUT from behind ISA 2006 - 25.Aug.2007 11:28:35 AM
|
|
|
robertgile
Posts: 9
Joined: 20.Aug.2007
Status: offline
|
ISA is doing the NAT for us here.
edit: wrong post on the other text i had in here.
< Message edited by robertgile -- 25.Aug.2007 12:16:14 PM >
|
|
|
|
|
RE: Problems FTPing OUT from behind ISA 2006 - 25.Aug.2007 12:18:10 PM
|
|
|
robertgile
Posts: 9
Joined: 20.Aug.2007
Status: offline
|
I'm getting these when I look at the logging on ISA:
0x80074e24 FWX_E_CONNECTION_KILLED
I researched that and it is ISA killing the connection, but I dont know why.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
