Solved

isa server 2006 ftp publishing

Posted on 2012-03-15
8
661 Views
Last Modified: 2012-03-26
Hello,

I have windows 2003 r2 server and vmware workstation installed with 2 virtual machines, I have published web sites hosted on those vm's with no problem but now when I am trying to publish the ftp service on one of the vm's  ( *ubunto 11) it's not working, I understand this can be a problem and I would appreciate if someone will guide me through the process.
Thanks!

Gilad
0
Comment
Question by:Giladn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37727545
Nope - shouldn't be a problem.
On ISA, use the non-web publishing rule and point it at the VM's internal IP.

ISA must be the default gateway for the VM or along the default route for reeturn traffic going back out to any external clients.
0
 
LVL 11

Author Comment

by:Giladn
ID: 37737020
I have tried the following:
since the VM won't let me configure the isa server as gateway( because it's not on the same scope) I moved the nic settings to "bridge" and gave it an address on the same scope and the isa server as GW.
 web publishing works, ftp don't, I have logged the requests and when I try to publish the server using the non-web publishing role I have the option to publish only FTP SERVER protocol but the logging shows FTP protocol (outgoing) is being used, how strange, I have double checked the external and internal network settings but they seem to be valid and OK.
any suggestions?
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 37737386
First off, it does not need to be on the same scope - what it needs is for the ftp to have EITHER ISA as the default gateway OR for the ISA to be on the FTP servers default path to the Internet. Think about it, most organisations have routers internally and therefore most internal servers will not be on the same scope as the ISA box.

ISA server will not work in a bridge situation between two of its own nics. Each NIC must be on its own subnet.

FTP and FTP Server protocols are the same - they are given different names to split out what they do in respect to ISA. the FTP protocol (in ISA) is for OUTBOUND TCP i.e. FTP packets that are initiated from internal and also incorporates return traffic on thoise ports. The FTP Server protocol (within ISA) is for the same ports but INBOUND i.e. FTP traffic that has been initiated on the Internet towards your internal FTP service and includes return ftp traffic back to those clients.

The FTP protocol is what you would place within an FTP access rule allowinbg your internal users to go out to an external FTP site.
The FTP Server protocol is the one you use within a non-web publishing rule to allow external FTP clients to access your internal FTP server.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 11

Author Comment

by:Giladn
ID: 37739271
Hi Keith,

Thank you for the detailed answer, I am aware of all this, I did try all the above and only then tried bridging the vmnet nic..
I  tried both non-web server publishing and web server publishing (bridging to ftp) but for some reason
it does not work, When I look at the logging it shows that the packet is denied (last rule).
might it be something I'm missing? can I configure a more detailed logging?
what you say in fact that non-web server publishing role should do the job?
I must also mention that I am using a single nic configuration ( I read this could be the problem) even though I have 2 nic but since the server is hosted on the isp's server farm I have limited physical  access to it.

appreciate your help,

Gilad
0
 
LVL 29

Accepted Solution

by:
pwindell earned 250 total points
ID: 37748653
I must also mention that I am using a single nic configuration ( I read this could be the problem)

Being a Single Nic completely removes ISA from the process.  So the ISA is totally irrelevant to what you are trying to do.

Being a Single Nic means there is some other Firewall doing the work,....the FTP Publishing has to be done at THAT firewall,...not on the ISA.
0
 
LVL 11

Assisted Solution

by:Giladn
Giladn earned 0 total points
ID: 37749021
Thank you,

I did figure out last night how to deal with it, even though I had a single physical nic I added one VMnet nic and re-run the firewall configuration wizard for Edge Firewall (2 nics standard configuration) and this solved my problem, It seems that single nic let you publish web only and  configure the external network, edge firewall let me configure internal network ( I choose the VM nic as internal) and it works!
Thank you for the effort.

Gilad
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37750055
:)
0
 
LVL 11

Author Closing Comment

by:Giladn
ID: 37764964
intial configuration was wrong, had to add one more nic to make all protocols being published.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question