Publishing FTP from a Single homed box behind a firewall (Full Version)

All Forums >> [ISA Server 2004 General ] >> Server Publishing



Message

madman2501 -> Publishing FTP from a Single homed box behind a firewall (6.Jun.2008 9:42:35 AM)

Hi

Current config of ISA 2004 is a Uni homed box sitting in our DMZ it is configured for OWA with the related article. This all works fine. [:D]

http://www.isaserver.org/articles/2004unihomedowapart1.html

Current network config
networks
External internal 0.0.0.1-126.255.255.255
          128.0.0.0- 255.255.255.254

Ethernet adapter Local Area Connection 4:   Connection-specific DNS Suffix  . :
  IP Address. . . . . . . . . . . . : 192.168.253.15
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  IP Address. . . . . . . . . . . . : 192.168.253.10
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  IP Address. . . . . . . . . . . . : 192.168.253.12
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.253.1

i am now trying to publish FTP and i am having a few problems.

firstly is it possible to publish an FTP site from this current ISA config with an upstream firewall. i have tried and i get connection denied when monitored.

what i don't understand is if the external request comes into ftp.company.com mapped to one of my external IP  this will then be Nat'd to 192.168.253.12 how can i then nat it onwards to my internal network.

does this make any sense? 












Jason Jones -> RE: Publishing FTP from a Single homed box behind a firewall (6.Jun.2008 10:39:54 AM)

You need to use server publishing for FTP, but you cannot do this with uni-homed ISA configuration [:(]



madman2501 -> RE: Publishing FTP from a Single homed box behind a firewall (6.Jun.2008 11:02:28 AM)

so my next step is to speak to our firewall guys and get them to do some magic on the firewall?

thanks

Jason



elmajdal -> RE: Publishing FTP from a Single homed box behind a firewall (6.Jun.2008 11:32:10 AM)

yes , by installing a 2nd network card into ISA Server so that you can benefit from it as a real Firewall.



madman2501 -> RE: Publishing FTP from a Single homed box behind a firewall (6.Jun.2008 12:14:25 PM)

ok... but does that mean that the ISA box will have to have a external interface on the Internet or can this still be used in conjunction with our upstream firewall?




elmajdal -> RE: Publishing FTP from a Single homed box behind a firewall (6.Jun.2008 12:22:04 PM)

you can have ISA Server External NIC Connected to your Front End Firewall Internal NIC.


Internal----------ISA-----------Front End FW----------Router----Internet



madman2501 -> RE: Publishing FTP from a Single homed box behind a firewall (11.Jun.2008 5:38:46 AM)

Ok

I know i need to put  a new adapter in, but in terms of ISA software and the networks it creates on install what would i need to do.

do i re-run the install?  or can i just add the new adapter? what would you suggest as the best plan, is there any documentation that details these steps?

OWA would need to be changed, would that change only be to the Networks and the localhost cert as per the article

http://www.isaserver.org/articles/2004unihomedowapart1.html

Thanks in advance







Page: [1]