Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Publishing FTP from a Single homed box behind a firewall

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Publishing FTP from a Single homed box behind a firewall Page: [1]
Login
Message << Older Topic   Newer Topic >>
Publishing FTP from a Single homed box behind a firewall - 6.Jun.2008 9:42:35 AM   
madman2501

 

Posts: 4
Joined: 6.Jun.2008
Status: offline 		Hi

Current config of ISA 2004 is a Uni homed box sitting in our DMZ it is configured for OWA with the related article. This all works fine. 

http://www.isaserver.org/articles/2004unihomedowapart1.html

Current network config
networks
External internal 0.0.0.1-126.255.255.255
          128.0.0.0- 255.255.255.254

Ethernet adapter Local Area Connection 4:   Connection-specific DNS Suffix  . :
  IP Address. . . . . . . . . . . . : 192.168.253.15
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  IP Address. . . . . . . . . . . . : 192.168.253.10
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  IP Address. . . . . . . . . . . . : 192.168.253.12
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.253.1

i am now trying to publish FTP and i am having a few problems.

firstly is it possible to publish an FTP site from this current ISA config with an upstream firewall. i have tried and i get connection denied when monitored.

what i don't understand is if the external request comes into ftp.company.com mapped to one of my external IP  this will then be Nat'd to 192.168.253.12 how can i then nat it onwards to my internal network.

does this make any sense? 









Post #: 1
RE: Publishing FTP from a Single homed box behind a fir... - 6.Jun.2008 10:39:54 AM   
Jason Jones

 

Posts: 1782
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		You need to use server publishing for FTP, but you cannot do this with uni-homed ISA configuration

_____________________________

Jason Jones
Silversands Ltd
http://www.silversands.co.uk
View My Blog: http://blog.msfirewall.org.uk/

Get Our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to madman2501)
Post #: 2
RE: Publishing FTP from a Single homed box behind a fir... - 6.Jun.2008 11:02:28 AM   
madman2501

 

Posts: 4
Joined: 6.Jun.2008
Status: offline 		so my next step is to speak to our firewall guys and get them to do some magic on the firewall?

thanks

Jason

(in reply to Jason Jones)
Post #: 3
RE: Publishing FTP from a Single homed box behind a fir... - 6.Jun.2008 11:32:10 AM   
elmajdal

 

Posts: 4944
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		yes , by installing a 2nd network card into ISA Server so that you can benefit from it as a real Firewall.

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to madman2501)
Post #: 4
RE: Publishing FTP from a Single homed box behind a fir... - 6.Jun.2008 12:14:25 PM   
madman2501

 

Posts: 4
Joined: 6.Jun.2008
Status: offline 		ok... but does that mean that the ISA box will have to have a external interface on the Internet or can this still be used in conjunction with our upstream firewall?


(in reply to madman2501)
Post #: 5
RE: Publishing FTP from a Single homed box behind a fir... - 6.Jun.2008 12:22:04 PM   
elmajdal

 

Posts: 4944
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		you can have ISA Server External NIC Connected to your Front End Firewall Internal NIC.


Internal----------ISA-----------Front End FW----------Router----Internet

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to madman2501)
Post #: 6
RE: Publishing FTP from a Single homed box behind a fir... - 11.Jun.2008 5:38:46 AM   
madman2501

 

Posts: 4
Joined: 6.Jun.2008
Status: offline 		Ok

I know i need to put  a new adapter in, but in terms of ISA software and the networks it creates on install what would i need to do.

do i re-run the install?  or can i just add the new adapter? what would you suggest as the best plan, is there any documentation that details these steps?

OWA would need to be changed, would that change only be to the Networks and the localhost cert as per the article

http://www.isaserver.org/articles/2004unihomedowapart1.html

Thanks in advance





(in reply to elmajdal)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Publishing FTP from a Single homed box behind a firewall Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts