I am trying to publish an FTP Site (IIS5 FTP Product) on an internal Server (SecNAT Client). I have created a Server Publishing rule as per the book / articlers I have read. I then try and access this website using the FTP client running WinNT2KPro using the command line FTP utility. e.g.
I then get the message
and then it just sits there till it finally times out. :-(
Given that I'm not trying to do anything clever (change the FRP Port Number, run the FTP service on the ISA box etc) should this not work ?
Other articles seems to talk about using the Firewall Client software, but I dont see the need.
Can anyone tell me what I might be missing here, cause I dont see it either in the Manual or Toms's book and I can't belive that this should work with a standard config.
I found that if I try to access an IIS 4/5 FTP server that is published by an ISA server from behind CheckPoint for example, I can't get a directory listing or it timeouts, In your book, you documented this on Chapter 8 page 530 on the Security Alert! section of the page and you suggested to use passive mode on the ftp client BUT I still can't get it to work as well, I've use CuteFTP, IE 5.5 w/ enable folder view for FTP sites and Windows 2000 ftp command and it's a no go. But if I access the same FTP server from a client that is behind another ISA server I can access it no problem.
My workaround for this issue/situation was using Serv-U FTP Server instead of IIS 4.0/5.0, published the server using a different port number (other than 21) and voila! CheckPoint users can access the FTP server that is published by an ISA server. I haven't tried using Port 21 to published Serv-U FTP but I can't see why it won't work, since I can access it using a different port number. I guess as long as you're not using IIS FTP Server then you can access the FTP server PASV mode or NOT.
Give it a try TOM, use Serve U FTP, published it using Port 21 on an ISA Server.
From: Atlanta, Ga. USA
Paul, I just had a client who was experiencing the exact symptems with FTP that you listed.
I then get the message
and then it just sits there till it finally times out.
Every ISA rule and configuration was correct, but still it would just time out and not forward to the internal ftp server.
Solution: The client had the internal ftp server's default gateway misconfigured and was not pointing back to the ISA Server. FTP was connecting to the server, but didn't know the correct way back. As always, check the basics first.