Solved

ISA 2004, FTP and IGMP

Posted on 2008-10-06
6
619 Views
Last Modified: 2011-09-20
Hi,

I want to publish an FTP server using IIs 6.0 under Microsoft Small Business Premium 2003. Ive used the Create New Server Publishing rule to allow inbound access and have created a separate rule in ISA to allow outbound access. Ive created and published FTP site in IIS.

If I try and connect using Windows Explorer from a client outside the network, the site looks as if it will open then I get the error  Windows can't access this folder the name maybe incorrect or you don't have permission to access the folder.  Access from within the firewall works fine.

Looking at the ISA log, the only culprit I can see is Unidentified IP Traffic (TCP;21). ISA denies this entry a connection.

Does anyone have any idea what is going wrong? This is driving me bonkers.

Thanks

Karl
0
Comment
Question by:kwinsw
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:EricTViking
ID: 22657389
On your publishing rule are you allowing incoming TCP on port 21?
0
 

Author Comment

by:kwinsw
ID: 22657729
Yup, my publishing rule allows ftp traffic on port 21 from anywhere to the IP address of my server. I also have an outbound access rule that allows outbound access over port 21.
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22658464
Can you try accessing your FTP server from the internet using an FTP client such as CuteFTP? Try it both using Acitve and PASV FTP Modes. This will rule out any issues with Windows Explorer FTP (which can sometimes be problematic).

Another thought is try changing the 'Anywhere' in your FTP rule to 'External'.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:kwinsw
ID: 22659087
Hi Eric,

Tried both suggestions with no joy. CuteFTP gives me the following message in active and passive modes:

STATUS:>        [07/10/2008 14:15:42] Getting listing ""...
STATUS:>        [07/10/2008 14:15:42] Connecting to FTP server... xx.xx.xx.xxx:21 (ip = xx.xx.xx.xxx)...
STATUS:>        [07/10/2008 14:15:42] Socket connected. Waiting for welcome message...
ERROR:>         [07/10/2008 14:16:03] Can't read from control socket. Socket error = #10054.

Port 21 is open for in and outbound traffic, so i'm not sure why it's doing this.

Thanks

Karl
0
 
LVL 11

Accepted Solution

by:
EricTViking earned 500 total points
ID: 22663388
Presumably you're using some sort of modem/router? Do you have port 21 inbound open on the router?
0
 

Author Closing Comment

by:kwinsw
ID: 31503678
Hi Eric,

Doh, that was it, or partly it. I have my router's firewall on the "medium" setting, which I thought allowed FTP Server by default, it didn't. I then had to point my server publishing rule to my server's external IP address (I'd pointed it to the internal one as part of my troubleshooting after reading in an article elsewhere that this was the right thing to do). Once I'd done these two things, it worked fine.

In the long term, I'd rather get my ftp off the domain server. At the moment, though, I don't have another machine which is always on, on which I can install a secure FTP server - so this is great.

Thank you for all your help.

Karl
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question