Solved

ISA 2004, FTP and IGMP

Posted on 2008-10-06
6
598 Views
Last Modified: 2011-09-20
Hi,

I want to publish an FTP server using IIs 6.0 under Microsoft Small Business Premium 2003. Ive used the Create New Server Publishing rule to allow inbound access and have created a separate rule in ISA to allow outbound access. Ive created and published FTP site in IIS.

If I try and connect using Windows Explorer from a client outside the network, the site looks as if it will open then I get the error  Windows can't access this folder the name maybe incorrect or you don't have permission to access the folder.  Access from within the firewall works fine.

Looking at the ISA log, the only culprit I can see is Unidentified IP Traffic (TCP;21). ISA denies this entry a connection.

Does anyone have any idea what is going wrong? This is driving me bonkers.

Thanks

Karl
0
Comment
Question by:kwinsw
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:EricTViking
ID: 22657389
On your publishing rule are you allowing incoming TCP on port 21?
0
 

Author Comment

by:kwinsw
ID: 22657729
Yup, my publishing rule allows ftp traffic on port 21 from anywhere to the IP address of my server. I also have an outbound access rule that allows outbound access over port 21.
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22658464
Can you try accessing your FTP server from the internet using an FTP client such as CuteFTP? Try it both using Acitve and PASV FTP Modes. This will rule out any issues with Windows Explorer FTP (which can sometimes be problematic).

Another thought is try changing the 'Anywhere' in your FTP rule to 'External'.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:kwinsw
ID: 22659087
Hi Eric,

Tried both suggestions with no joy. CuteFTP gives me the following message in active and passive modes:

STATUS:>        [07/10/2008 14:15:42] Getting listing ""...
STATUS:>        [07/10/2008 14:15:42] Connecting to FTP server... xx.xx.xx.xxx:21 (ip = xx.xx.xx.xxx)...
STATUS:>        [07/10/2008 14:15:42] Socket connected. Waiting for welcome message...
ERROR:>         [07/10/2008 14:16:03] Can't read from control socket. Socket error = #10054.

Port 21 is open for in and outbound traffic, so i'm not sure why it's doing this.

Thanks

Karl
0
 
LVL 11

Accepted Solution

by:
EricTViking earned 500 total points
ID: 22663388
Presumably you're using some sort of modem/router? Do you have port 21 inbound open on the router?
0
 

Author Closing Comment

by:kwinsw
ID: 31503678
Hi Eric,

Doh, that was it, or partly it. I have my router's firewall on the "medium" setting, which I thought allowed FTP Server by default, it didn't. I then had to point my server publishing rule to my server's external IP address (I'd pointed it to the internal one as part of my troubleshooting after reading in an article elsewhere that this was the right thing to do). Once I'd done these two things, it worked fine.

In the long term, I'd rather get my ftp off the domain server. At the moment, though, I don't have another machine which is always on, on which I can install a secure FTP server - so this is great.

Thank you for all your help.

Karl
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now