Solved

ISA 2004, FTP and IGMP

Posted on 2008-10-06
6
633 Views
Last Modified: 2011-09-20
Hi,

I want to publish an FTP server using IIs 6.0 under Microsoft Small Business Premium 2003. Ive used the Create New Server Publishing rule to allow inbound access and have created a separate rule in ISA to allow outbound access. Ive created and published FTP site in IIS.

If I try and connect using Windows Explorer from a client outside the network, the site looks as if it will open then I get the error  Windows can't access this folder the name maybe incorrect or you don't have permission to access the folder.  Access from within the firewall works fine.

Looking at the ISA log, the only culprit I can see is Unidentified IP Traffic (TCP;21). ISA denies this entry a connection.

Does anyone have any idea what is going wrong? This is driving me bonkers.

Thanks

Karl
0
Comment
Question by:kwinsw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:EricTViking
ID: 22657389
On your publishing rule are you allowing incoming TCP on port 21?
0
 

Author Comment

by:kwinsw
ID: 22657729
Yup, my publishing rule allows ftp traffic on port 21 from anywhere to the IP address of my server. I also have an outbound access rule that allows outbound access over port 21.
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22658464
Can you try accessing your FTP server from the internet using an FTP client such as CuteFTP? Try it both using Acitve and PASV FTP Modes. This will rule out any issues with Windows Explorer FTP (which can sometimes be problematic).

Another thought is try changing the 'Anywhere' in your FTP rule to 'External'.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:kwinsw
ID: 22659087
Hi Eric,

Tried both suggestions with no joy. CuteFTP gives me the following message in active and passive modes:

STATUS:>        [07/10/2008 14:15:42] Getting listing ""...
STATUS:>        [07/10/2008 14:15:42] Connecting to FTP server... xx.xx.xx.xxx:21 (ip = xx.xx.xx.xxx)...
STATUS:>        [07/10/2008 14:15:42] Socket connected. Waiting for welcome message...
ERROR:>         [07/10/2008 14:16:03] Can't read from control socket. Socket error = #10054.

Port 21 is open for in and outbound traffic, so i'm not sure why it's doing this.

Thanks

Karl
0
 
LVL 11

Accepted Solution

by:
EricTViking earned 500 total points
ID: 22663388
Presumably you're using some sort of modem/router? Do you have port 21 inbound open on the router?
0
 

Author Closing Comment

by:kwinsw
ID: 31503678
Hi Eric,

Doh, that was it, or partly it. I have my router's firewall on the "medium" setting, which I thought allowed FTP Server by default, it didn't. I then had to point my server publishing rule to my server's external IP address (I'd pointed it to the internal one as part of my troubleshooting after reading in an article elsewhere that this was the right thing to do). Once I'd done these two things, it worked fine.

In the long term, I'd rather get my ftp off the domain server. At the moment, though, I don't have another machine which is always on, on which I can install a secure FTP server - so this is great.

Thank you for all your help.

Karl
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question