www can be reached from the inside ... (Full Version)

All Forums >> [ISA Server 2000 General] >> Web Publishing



Message


randybridges -> www can be reached from the inside ... (6.Feb.2004 9:23:00 PM)

I know this isn't the way to do it, but I have to host a website and an ftp site on my ISA Server (yah, I know ... bad!).

Anyway, I'm using the TZO service across my cable connection to reach my box - I can connect to my website by name from both outside AND inside the network - from what I understand, I shouldn't be able to loop the packets; thus, I think I must be misconfigured.

On top of that, I can reach the web server via the TZO name, but not the FTP site, from inside and out. I have configured a protocol rule allowing FTP Server in, a custom IP packet filter (inbound, fixed port 21 local and all ports remote)

The web publishing rule routes FTP to port 10021, which is the same on the FTP server in IIS. (I can make a direct FTP call to the IP address on port 10021 successfully)

What is wrong here?

Randy




tshinder -> RE: www can be reached from the inside ... (9.Feb.2004 2:58:00 AM)

Hi Randy,

It works for the Web site because ISA proxies the requests. It doesn't work for FTP because it does not proxy FTP requests, just NATs. I went through the technical reasons for this in ISA Server and Beyond.

HTH,
Tom

[ February 09, 2004, 02:59 AM: Message edited by: tshinder ]




randybridges -> RE: www can be reached from the inside ... (12.Feb.2004 10:09:00 PM)

Thanks, Tom

I'm still waiting for my boss to buy that book for me - I might as well just get it for myself. If it is anywhere as complete as your other book, it will become my ISA bible, part 2.

Randy




Page: [1]