FTP Publishing (Full Version)

All Forums >> [ISA 2006 Publishing] >> Server Publishing



Message

mkrall -> FTP Publishing (2.Jul.2008 10:21:11 AM)

I am using ISA2006 publishing an FTP server on Win2003 IIS.  At one time it was working.  I am sure I modified the configuration somewhat since it worked, but did not change anything related to that particular published server.  FTP still works from inside the network, but not from the outside through ISA.

I have tried two different FTP clients as well as a dos prompt.  When I log in from DOS I am able to connect and log in, but when I issue a "dir" command, I get a "connection closed by remote host" message.  The FTP clients give error messages along the lines of "error retrieving directory listing".  I have tried both passive and active mode on the FTP clients, I have tried both settings in ISA for whether the requests appear from ISA or the client, I have tried pointing the default gateway of the IIS box at both the inside router(this was the setting in use when everything worked) as well as the internal NIC of the ISA box.  I even went so far as to back up the configuration and run the edge firewall wizard to reset the entire configuration and then add in the one rule for FTP publishing. 

I am not sure what else to try, does anyone have any ideas?



tshinder -> RE: FTP Publishing (5.Jul.2008 11:53:07 AM)

Check the firewall's log file to see what happens when FTP connections are made.

HTH,
Tom



mkrall -> RE: FTP Publishing (7.Jul.2008 9:16:27 AM)

Here are the two entries from the log file:


Source Port Result Code     Destination IP Dest Port  Protocol    Action   Rule   Client IP Source Dest

1063  0x0 ERROR_SUCCESS    172.20.10.40 21    FTP Server    Initiated Connection FTP Publishing  72.243.192.92 Ext Int
 
21  0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED 72.243.192.92 1063    Unidentified IP Traffic (TCP:1063) Denied Connection 72.243.192.99 Local Ext
 
I didn't have a lot of success formatting this, but the first section is the headings, followed by the two relevant lines from the logs



tshinder -> RE: FTP Publishing (7.Jul.2008 10:04:47 AM)

From what I can tell, there seems to be a spoofing problem. Can't tell if the client or the FTP server is on the spoofed side though.

Tom



mkrall -> RE: FTP Publishing (7.Jul.2008 12:17:44 PM)

Do you know of anything else to try other than disabling spoof detection?



tshinder -> RE: FTP Publishing (11.Jul.2008 10:07:11 AM)

Spoofing is connected to the definition of your ISA Firewall Networks. If you have some configured correctly, you'll never see a spurious spoofing message (except for VPN client connections).

HTH,
Tom



Page: [1]