• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Strange FTP access problems with FWC

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Strange FTP access problems with FWC Page: [1]
Login
Message << Older Topic   Newer Topic >>
Strange FTP access problems with FWC - 3.Feb.2006 2:46:13 PM   
cjay

 

Posts: 36
Joined: 21.May2002
From: Dublin, Ireland
Status: offline
I've had an ISA2000 server in place and working for a number of years, all things consdidered, its been an extremely relaible install, all users are set up with the FWC for access. Recently, access to extenal FTP servers has stopped working for no apparent reason, they're have been no changes to the ISA configuration (including rules and packet filters) for some time, same on the network infrastructure side. While the initial connection and transfer of user/pass info works fine, you cannot get a directory listing from the server - the connection times out (see below).Get this - dedicated FTP clients and IE will not connect to an Internet based FTP server but ftp.exe from a command prompt will!? Makes no sense to me, it should be all or nothing as far as I'm concerned! I've flogged the potential Active / Passive issue to death (both active/passive methods work from the ISA server itself) and I'm flat out of ideas, any assistance or ideas would be appreciated.

CJ

Filezilla snapshot:

Status:  Connecting to ftp.server.com ...
Status:  Connected with ftp.server.com. Waiting for welcome message...
Response: 220 FTP Server (x.x.x.x)
Command: USER xxxxxxx
Response: 331 Password required for xxxxxxx.
Command: PASS ******
Response: 230 User xxxxxxx logged in.
Status:  Connected
Status:  Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: PORT x.x.x.x,14,187
Response: 200 PORT command successful.
Command: TYPE A
Response: 200 Type set to A.
Command: LIST
Response: 150 Opening ASCII mode data connection for file list.
Response: 226 Transfer complete.
Error: Timeout detected!
Error: Could not retrieve directory listing

Command line snapshot:

C:\>ftp ftp.server.com
Connected to ftp.server.com.
220 ftp-ie Microsoft FTP Service (Version 4.0).
User (ftp.server.com:(none)): xxxxxx
331 Password required for xxxxxx.
Password:
230-***************************************************************************
230-
230-Welcome.
230-
230-***************************************************************************
230 User xxxxxx logged in.
ftp> dir
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
01-30-06  02:06PM       <DIR>          directory1
01-16-06  10:47PM                  349 ReadMe.txt
01-24-06  12:39PM       <DIR>          directory1
226 Transfer complete.
ftp: 160 bytes received in 0.03Seconds 5.33Kbytes/sec.
ftp>

< Message edited by cjay -- 3.Feb.2006 2:47:25 PM >
Post #: 1
RE: Strange FTP access problems with FWC - 3.Feb.2006 8:21:05 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi cjay,

to better understand how ISA Server handles the FTP protocol, check out first the article http://www.isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html.

Because the Microsoft command line FTP client seems to work, I guess there is a problem with tunneled FTP (FTP though HTTP). Could this be the case?

HTH,
Stefaan

(in reply to cjay)
Post #: 2
RE: Strange FTP access problems with FWC - 6.Feb.2006 9:51:20 AM   
cjay

 

Posts: 36
Joined: 21.May2002
From: Dublin, Ireland
Status: offline
quote:

to better understand how ISA Server handles the FTP protocol, check out first the article http://www.isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html.

Because the Microsoft command line FTP client seems to work, I guess there is a problem with tunneled FTP (FTP though HTTP). Could this be the case?


Thanks Stefaan, I read the FTP guide before posting (should have mentioned) and created the packet filters accordingly without much luck. As it happens, I'm forwarding all traffic to the web proxy service, however, the ISA install has always been set up like and FTP has worked until recently. I'll try disabling this function and see what happens....

CJ

(in reply to spouseele)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Strange FTP access problems with FWC Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts