Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
simple ftp publishing
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
simple ftp publishing - 16.Feb.2008 10:09:57 AM
|
|
|
sigi9009
Posts: 15
Joined: 27.Nov.2007
Status: offline
|
hallo forum,
which rules do i need to configure, when i wanna to publish vsftp on linux machine.
i think i yust need to configure an ftp server rule over server publishing wizard - just easy. its not working
i need some background information.
so: the external client establishes a connection on port from 5000-65000 to my firewall port 21. my firewall forwards the request to my linux machine. which port is used from the isa machine? on linux for sure destination port 21.
i just used predefined "ftp server" as protocol
do i need to set another rule than the ftp server rule?
< Message edited by sigi9009 -- 16.Feb.2008 1:08:53 PM >
|
|
|
|
|
RE: simple ftp publishing - 16.Feb.2008 1:15:51 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi sigi9009,
a simple server publishing rule with the FTP Server protocol should be enough. However, take note that the FTP server should be configured as a SecureNAT client for the ISA server. That means that his default gateway should point to the ISA internal interface.
HTH,
Stefaan
|
|
|
|
|
RE: simple ftp publishing - 16.Feb.2008 2:13:00 PM
|
|
|
sigi9009
Posts: 15
Joined: 27.Nov.2007
Status: offline
|
for sure - the isa servers internal interface is the default gatway for ftp machine - how else.
its configured as a secure nat client.
thanks for fast reply
|
|
|
|
|
RE: simple ftp publishing - 17.Feb.2008 6:33:19 AM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi sigi9009,
how the FTP protocol works is explained in my old article How the FTP protocol Challenges Firewall Security. Take note that it was written at the time that only the ISA 2000 server was available.
What is the ISA logging telling you?
Any chance of getting a Network Monitor trace on the ISA internal and external interface?
HTH,
Stefaan
|
|
|
|
|
RE: simple ftp publishing - 13.Mar.2008 10:49:17 AM
|
|
|
markwilson
Posts: 11
Joined: 2.Mar.2007
Status: offline
|
Hi Sigi9009 - did you ever get this working?
Hi Stefaan - I'm having issues with this as follows:
FTP access to the Linux FTP server is fine on the internal subnet. The Linux box is configured as a SecureNAT client.
Using a Windows XP box to test access from the outside of the ISA server fails to connect.
Monitoring FTP traffic shows the client attempting to connect and being denied connection (no rule listed). Looking at the same log entry in more detail I can see FWX_E_NETWORK_RULES_DENIED.
- My ISA server is configured with the Edge Firewall template.
- I have created a firewall rule to publish my FTP server, allowing FTP Server traffic from Anywhere to <ftpserverip>, listening on the external network, always.
- I have configured FTP by right clicking on the rule and deselcting the read only box and (following advice from the ISABPA), have done the same on my Unrestricted Internet Access outbound rule.
I can't think what else to try!
Mark
_____________________________
Mark Wilson
http://www.markwilson.co.uk/blog/
|
|
|
|
|
RE: simple ftp publishing - 26.Mar.2008 7:12:52 PM
|
|
|
markwilson
Posts: 11
Joined: 2.Mar.2007
Status: offline
|
Bump...
Anybody able to offer any assistance on this?
Please?
_____________________________
Mark Wilson
http://www.markwilson.co.uk/blog/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
