FTP Folder Error: The connection with the server was reset (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Access Policies



Message


Guest -> FTP Folder Error: The connection with the server was reset (23.Sep.2004 3:20:00 PM)

Hi guys and gals,

I'm having an issue with an internal ftp server. The ftp server is running on IIS 5.0. We are running a ISA firewall (Not on the same machine as the FTP server) and the Firewall client is being used. The ISA firewall routes ftp traffic to the IIS machine. If my firewall client is enabled I can browse to the FTP site with no problem by typing ftp://www.domain.com. If I disable the firewall client I cannot get to the site. If I use command line "ftp www.domain.com" without the firewall client I get a "Conection closed by remote host." error. If I use the Internal IP address all is fine, if I use the external IP address I cant get there. The FTP can also not be accessed from the internet.

Does anybody have any clues as to how I can go about troubleshooting this or have a possible solution?

regards,
Hank




tshinder -> RE: FTP Folder Error: The connection with the server was reset (23.Sep.2004 8:35:00 PM)

Hi Hank,

Is the FTP server on the internal network? If so, does the name resolve to the INTERNAL address of the FTP server?

Thanks!
Tom




Guest -> RE: FTP Folder Error: The connection with the server was reset (27.Sep.2004 10:38:00 AM)

Hi Tom,

Thanks for your interrest. If I type the machine name still can't get to the server.

Regards,
Hank




Zaferus -> RE: FTP Folder Error: The connection with the server was reset (4.Jan.2005 8:29:00 PM)

Hank, I'm having the same problem.

Background:

We have several offices, all of them go through our ISA server. One of these offices suddenly stopped working properly on a specialized web app we use from the Internet. All other offices still work and there have been no configuration changes (that we know of). This web app uses a specific TCP port, and the vendor tells us that the error we are getting indicate that this port is either blocked or disrupted. We've combed through the ISA server and cannot see anything specifically set for this office different than the other offices.

The only unusual thing is that while everyone uses the WSP client transparently, this office had to have the ISA server set in the web browser properties for this office to get to the Internet. We've never been able to figure out why.

Trying to test this problem I set up an FTP server but set the FTP to the port in question on a remote web server. From other branches our FTP connection works using a web browser. From this one office I get the error: "connection closed by remote host". I also get the error "Failure: connection to host lost" if I try to connect using telnet (which from other offices show the correct FTP message).

We've invested many hours trying to figure out this problem without success and would be greatful if anyone's seen this message before and have successfully fixed it.

Did you ever figure this out Hank?




penrose.l@2college.nl -> RE: FTP Folder Error: The connection with the server was reset (6.Jan.2005 1:50:00 PM)

Hi ,

We had some of the problems but not exactly like you describe, however I will try to post a 'general' way to find the problem.

1) on your ISA machine , type 'netstat -ano' and see if your ISA is LISTENING on either 0.0.0.0 port 21 OR on your external IP port 21. If this is not the case , then your ISA doesn't listen on the correct NIC and you'll never be able to connect. This can be solved by changing the routing rule from NAT to ROUTE. I expect this to be ok in your situation.

2) on your ISA machine , how did you forward traffic to port 21 ? I expect the IIS machine is expecting some host headers ( it's microsoft remember ) so you're better off with using DNS instead of IP. However , DNS won't work coz your internal lan is different from your external lan.
So , on your ISA server , make a HOST file and put this in : www.domain.com <internal IP>
so for example :

www.microsoft.nl 192.168.1.1

This sounds strange but it will work. Now , from the ISA server , ping www.microsoft.nl and you'll see ping 192.168.1.1 response from your internal webserver / ftpserver.

Now make a server publishing rule to publish port 21 to www.microsoft.nl

That should clear up things hope it helps you solve your problem.

Lex P




Page: [1]