isa server 2006 ftp publishing

Hello,

I have windows 2003 r2 server and vmware workstation installed with 2 virtual machines, I have published web sites hosted on those vm's with no problem but now when I am trying to publish the ftp service on one of the vm's  ( *ubunto 11) it's not working, I understand this can be a problem and I would appreciate if someone will guide me through the process.
Thanks!

Gilad
LVL 11
GiladnAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
Nope - shouldn't be a problem.
On ISA, use the non-web publishing rule and point it at the VM's internal IP.

ISA must be the default gateway for the VM or along the default route for reeturn traffic going back out to any external clients.
0
GiladnAuthor Commented:
I have tried the following:
since the VM won't let me configure the isa server as gateway( because it's not on the same scope) I moved the nic settings to "bridge" and gave it an address on the same scope and the isa server as GW.
 web publishing works, ftp don't, I have logged the requests and when I try to publish the server using the non-web publishing role I have the option to publish only FTP SERVER protocol but the logging shows FTP protocol (outgoing) is being used, how strange, I have double checked the external and internal network settings but they seem to be valid and OK.
any suggestions?
0
Keith AlabasterEnterprise ArchitectCommented:
First off, it does not need to be on the same scope - what it needs is for the ftp to have EITHER ISA as the default gateway OR for the ISA to be on the FTP servers default path to the Internet. Think about it, most organisations have routers internally and therefore most internal servers will not be on the same scope as the ISA box.

ISA server will not work in a bridge situation between two of its own nics. Each NIC must be on its own subnet.

FTP and FTP Server protocols are the same - they are given different names to split out what they do in respect to ISA. the FTP protocol (in ISA) is for OUTBOUND TCP i.e. FTP packets that are initiated from internal and also incorporates return traffic on thoise ports. The FTP Server protocol (within ISA) is for the same ports but INBOUND i.e. FTP traffic that has been initiated on the Internet towards your internal FTP service and includes return ftp traffic back to those clients.

The FTP protocol is what you would place within an FTP access rule allowinbg your internal users to go out to an external FTP site.
The FTP Server protocol is the one you use within a non-web publishing rule to allow external FTP clients to access your internal FTP server.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

GiladnAuthor Commented:
Hi Keith,

Thank you for the detailed answer, I am aware of all this, I did try all the above and only then tried bridging the vmnet nic..
I  tried both non-web server publishing and web server publishing (bridging to ftp) but for some reason
it does not work, When I look at the logging it shows that the packet is denied (last rule).
might it be something I'm missing? can I configure a more detailed logging?
what you say in fact that non-web server publishing role should do the job?
I must also mention that I am using a single nic configuration ( I read this could be the problem) even though I have 2 nic but since the server is hosted on the isp's server farm I have limited physical  access to it.

appreciate your help,

Gilad
0
pwindellCommented:
I must also mention that I am using a single nic configuration ( I read this could be the problem)

Being a Single Nic completely removes ISA from the process.  So the ISA is totally irrelevant to what you are trying to do.

Being a Single Nic means there is some other Firewall doing the work,....the FTP Publishing has to be done at THAT firewall,...not on the ISA.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GiladnAuthor Commented:
Thank you,

I did figure out last night how to deal with it, even though I had a single physical nic I added one VMnet nic and re-run the firewall configuration wizard for Edge Firewall (2 nics standard configuration) and this solved my problem, It seems that single nic let you publish web only and  configure the external network, edge firewall let me configure internal network ( I choose the VM nic as internal) and it works!
Thank you for the effort.

Gilad
0
Keith AlabasterEnterprise ArchitectCommented:
:)
0
GiladnAuthor Commented:
intial configuration was wrong, had to add one more nic to make all protocols being published.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.