• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about the publishing FTP servers on an alternate port article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Discussion about the publishing FTP servers on an alternate port article Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Discussion about the publishing FTP servers on an alter... - 19.Feb.2004 4:03:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the publishing and FTP server on an alternate port article at http://isaserver.org/tutorials/2004pubftpaltport.html.

Thanks!
Tom

[ February 19, 2004, 04:22 AM: Message edited by: tshinder ]
Post #: 1
RE: Discussion about the publishing FTP servers on an a... - 19.Feb.2004 10:04:00 AM   
dirkjanv

 

Posts: 1
Joined: 10.Feb.2003
Status: offline
In the section 'Make the connection' step 3 you write:
quote:
In the Configures FTP protocol policy dialog box, place a checkmark in the Read Only checkbox. Click Apply and then click OK.
I would suggest changing this in:
quote:
In the Configures FTP protocol policy dialog box, remove the checkmark in the Read Only checkbox. Click Apply and then click OK.
or
quote:
In the Configures FTP protocol policy dialog box, click the checkmark in the Read Only checkbox to remove it. Click Apply and then click OK.

(in reply to tshinder)
Post #: 2
RE: Discussion about the publishing FTP servers on an a... - 19.Feb.2004 10:50:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi J,

Thanks! I fix that right now.

Tom

(in reply to tshinder)
Post #: 3
RE: Discussion about the publishing FTP servers on an a... - 19.Feb.2004 12:00:00 PM   
zhangmeibo

 

Posts: 87
Joined: 11.Feb.2004
From: China
Status: offline
Hi , Tom

I had read this article , but I think in real environment , many people use alternate port on ftp server , not on ISA Server . Example configure ftp server use tcp 6060 port to ftp connection , so I wrote a article about publishing ftp server use non-21 port today , You can view it from :

http://onlyforyou.west263.com/publish.htm

I also had send it to you via mail .
My english is not well , this article is first time wrote in english ,and I picked up some word from your article .

I hope you give me some guidance.

Best regards
[Big Grin]

[ February 19, 2004, 12:06 PM: Message edited by: meibo ]

(in reply to tshinder)
Post #: 4
RE: Discussion about the publishing FTP servers on an a... - 20.Feb.2004 1:23:00 AM   
Hodgepodge

 

Posts: 30
Joined: 20.Aug.2001
From: LA, CA, USA
Status: offline
Hi again Tom

When I initially saw the title, I thought you were reshashing a subject. Then I realized you were using ISA 2004 Beta 2. I thought, maybe this is the answer to my problem!

I'm sure you don't remember, but I've been trying to get BulletProof FTP Server v2.20 to use ISA on an alternate port. There's a couple of tutorials, one by you and another by a Hadyn-wang. In both instances the client-list had to members of the Domain. My particular problem is, the majority of my FTP clients are not members of my domain.

Is there a way to utilize ISA 2004 Beta 2 and BulletProof FTP Server v2.20 to allow access to my FTP site for non-domain members?

(in reply to tshinder)
Post #: 5
RE: Discussion about the publishing FTP servers on an a... - 20.Feb.2004 1:29:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by meibo:
Hi , Tom

I had read this article , but I think in real environment , many people use alternate port on ftp server , not on ISA Server . Example configure ftp server use tcp 6060 port to ftp connection , so I wrote a article about publishing ftp server use non-21 port today , You can view it from :

http://onlyforyou.west263.com/publish.htm

I also had send it to you via mail .
My english is not well , this article is first time wrote in english ,and I picked up some word from your article .

I hope you give me some guidance.

Best regards
[Big Grin]

Hi Meibo,

Great! I haven't received the file yet. Can you send it to me at tshinder@isaserver.org?

Thanks!
Tom

(in reply to tshinder)
Post #: 6
RE: Discussion about the publishing FTP servers on an a... - 20.Feb.2004 2:08:00 AM   
zhangmeibo

 

Posts: 87
Joined: 11.Feb.2004
From: China
Status: offline
Hi , Tom

I had send it to you via mail again yet . But I think yahoo's mail maybe not reliability , So I send it to my web site , you can download it from:

http://onlyforyou.west263.com/publish.zip

thx . [Big Grin]

(in reply to tshinder)
Post #: 7
RE: Discussion about the publishing FTP servers on an a... - 20.Feb.2004 2:58:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Meibo,

Very good!

Thanks!
Tom

(in reply to tshinder)
Post #: 8
RE: Discussion about the publishing FTP servers on an a... - 20.Feb.2004 3:07:00 AM   
zhangmeibo

 

Posts: 87
Joined: 11.Feb.2004
From: China
Status: offline
Hi , Tom

Had you gotten it ?

[Smile]

(in reply to tshinder)
Post #: 9
RE: Discussion about the publishing FTP servers on an a... - 20.Feb.2004 11:44:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Meibo,

Yes! I will look at it today and check. We should be able to use both PORT and PASV when publishing on an alternate port, but I will double check.

Thanks!
Tom

(in reply to tshinder)
Post #: 10
RE: Discussion about the publishing FTP servers on an a... - 20.Feb.2004 11:46:00 PM   
Hodgepodge

 

Posts: 30
Joined: 20.Aug.2001
From: LA, CA, USA
Status: offline
Hey Tom!

Having the opportunity to reread the tutorial, I noticed the IP address in the Available IP Addresses list section of the External Network Listner IP Selection dialog box (172.16.0.1 ISALOCAL), doesn't match the IP in the Selected IP Addresses list. Nor does it match the Network Topology diagram shown earlier.

Is this a typo, or did I miss something?

(in reply to tshinder)
Post #: 11
RE: Discussion about the publishing FTP servers on an a... - 21.Feb.2004 2:32:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Hodge,

Good eye! The machine actually had three NICs in it for testing trihomed DMZ and dual private network scenarios. I forgot to include it in the diagram because I wasn't using that the interface in the discussion. I should have disabled it first! [Smile]

Thanks!
Tom

(in reply to tshinder)
Post #: 12
RE: Discussion about the publishing FTP servers on an a... - 21.Feb.2004 1:26:00 PM   
zhangmeibo

 

Posts: 87
Joined: 11.Feb.2004
From: China
Status: offline
Hi , Tom

I will have a test to enable port mode , too .

[Smile]

(in reply to tshinder)
Post #: 13
RE: Discussion about the publishing FTP servers on an a... - 22.Feb.2004 8:19:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Meibo,

It does seem to work with Port mode, so I'm not sure what the problems are that you are having. What FTP client application are you using? If you use the command line FTP client, it will use *only* port mode.

Thanks!
Tom

(in reply to tshinder)
Post #: 14
RE: Discussion about the publishing FTP servers on an a... - 23.Feb.2004 2:21:00 AM   
zhangmeibo

 

Posts: 87
Joined: 11.Feb.2004
From: China
Status: offline
Hi , Tom

I had tested ftp command line , but it also didn't work.
In the ftp command prmopt , You can connect to the ftp server (enter username and password , then connected ), but after this , you can't get any data from ftp server in port mode .

[Smile]

(in reply to tshinder)
Post #: 15
RE: Discussion about the publishing FTP servers on an a... - 23.Feb.2004 11:27:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Meibo,

OK. I'm not sure what the problem is, but I'll try to find out.

Thanks!
Tom

(in reply to tshinder)
Post #: 16
RE: Discussion about the publishing FTP servers on an a... - 2.Mar.2004 8:39:00 AM   
zhangmeibo

 

Posts: 87
Joined: 11.Feb.2004
From: China
Status: offline
Hi , Tom

I had tested many times , however , all failed.
For example , my ftp server listens on port 6060 , and I want publish it in PORT and PASV mode .
I had monitored all traffic between client and ftp server . in port mode ,ftp Connections traffic followed sequence below:
1) c(client) ( port) random port -> s(server) (port) 6060;
2)s 6059 -> c origin port
3)c origin port -> s 6060
4) s 6059 -> c origin port
****now connection is OK *****
ftp client enter list command
5)c origin port -> s 6060
6)s 6059 -> c origin port
******OK****

After I create allow rule for these ports , however , ftp clients aslo can't enter PORT mode with the ftp server behind ISA.

[Frown]

(in reply to tshinder)
Post #: 17
RE: Discussion about the publishing FTP servers on an a... - 3.Mar.2004 12:25:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Meibo,

I should recreate the configuration and send you my backup file. Maybe we can figure it that way?

Thanks!
Tom

(in reply to tshinder)
Post #: 18
RE: Discussion about the publishing FTP servers on an a... - 9.Mar.2004 2:07:00 AM   
zhangmeibo

 

Posts: 87
Joined: 11.Feb.2004
From: China
Status: offline
hi , Tom

Ok

(in reply to tshinder)
Post #: 19
RE: Discussion about the publishing FTP servers on an a... - 15.Mar.2004 1:41:00 PM   
Custler

 

Posts: 23
Joined: 24.Feb.2004
From: Moscow, Russia
Status: offline
Dear Sirs!

The problem with Active FTP connection can be solved by very simple way.
Just remember published articles on this site: please search ˘FTP alternate÷.
Main point is ű you cannot use default ˘FTP Filter÷. It can serve active FTP connection only with Data connection on port 20. (May be in release it will be possible to manage this filter? [Smile] ).
So, you have to NOT use ˘FTP filter÷ in publishing rules, and have to create new protocol for that.

For example:
I have ISA2004 with two NICs : 192.168.111.1-local and 81.211.35.62 ű direct to I-net.

1. I create FTP server on 192.168.111.2 port 7564 ű local net computer.
2. Create ˘Protocol server÷ rule with primary (7563-7564 Inbound) and secondary (7563-7564 Outbound) connections.
3. Create ˘Protocol Access÷ rule with primary (7563-7564 Inbound) and secondary (1024-65535 Outbound) connections.
4. Create Server Publishing Rule with ˘Protocol server÷ rule.
5. Create Access Rule with ˘Protocol Access" rule.

That's all [Big Grin] .

Only one I have to note. Data connection on external NIC created on other port than N-1 (In my case ű 7563) ű it was created on 2401 or other instead. But on internal FTP server, date connection opened as usual ű on port 7563.

This explanation (with screenshots) you can take in MSword format on ftp 81.211.35.62 port 7564 in ACTIVE MODE [Razz]

[ March 15, 2004, 01:53 PM: Message edited by: Custler ]

(in reply to tshinder)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Discussion about the publishing FTP servers on an alternate port article Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts