Solved

isa server 2006 ftp publishing

Posted on 2012-03-15
8
656 Views
Last Modified: 2012-03-26
Hello,

I have windows 2003 r2 server and vmware workstation installed with 2 virtual machines, I have published web sites hosted on those vm's with no problem but now when I am trying to publish the ftp service on one of the vm's  ( *ubunto 11) it's not working, I understand this can be a problem and I would appreciate if someone will guide me through the process.
Thanks!

Gilad
0
Comment
Question by:Giladn
  • 4
  • 3
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37727545
Nope - shouldn't be a problem.
On ISA, use the non-web publishing rule and point it at the VM's internal IP.

ISA must be the default gateway for the VM or along the default route for reeturn traffic going back out to any external clients.
0
 
LVL 11

Author Comment

by:Giladn
ID: 37737020
I have tried the following:
since the VM won't let me configure the isa server as gateway( because it's not on the same scope) I moved the nic settings to "bridge" and gave it an address on the same scope and the isa server as GW.
 web publishing works, ftp don't, I have logged the requests and when I try to publish the server using the non-web publishing role I have the option to publish only FTP SERVER protocol but the logging shows FTP protocol (outgoing) is being used, how strange, I have double checked the external and internal network settings but they seem to be valid and OK.
any suggestions?
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 37737386
First off, it does not need to be on the same scope - what it needs is for the ftp to have EITHER ISA as the default gateway OR for the ISA to be on the FTP servers default path to the Internet. Think about it, most organisations have routers internally and therefore most internal servers will not be on the same scope as the ISA box.

ISA server will not work in a bridge situation between two of its own nics. Each NIC must be on its own subnet.

FTP and FTP Server protocols are the same - they are given different names to split out what they do in respect to ISA. the FTP protocol (in ISA) is for OUTBOUND TCP i.e. FTP packets that are initiated from internal and also incorporates return traffic on thoise ports. The FTP Server protocol (within ISA) is for the same ports but INBOUND i.e. FTP traffic that has been initiated on the Internet towards your internal FTP service and includes return ftp traffic back to those clients.

The FTP protocol is what you would place within an FTP access rule allowinbg your internal users to go out to an external FTP site.
The FTP Server protocol is the one you use within a non-web publishing rule to allow external FTP clients to access your internal FTP server.
0
 
LVL 11

Author Comment

by:Giladn
ID: 37739271
Hi Keith,

Thank you for the detailed answer, I am aware of all this, I did try all the above and only then tried bridging the vmnet nic..
I  tried both non-web server publishing and web server publishing (bridging to ftp) but for some reason
it does not work, When I look at the logging it shows that the packet is denied (last rule).
might it be something I'm missing? can I configure a more detailed logging?
what you say in fact that non-web server publishing role should do the job?
I must also mention that I am using a single nic configuration ( I read this could be the problem) even though I have 2 nic but since the server is hosted on the isp's server farm I have limited physical  access to it.

appreciate your help,

Gilad
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 29

Accepted Solution

by:
pwindell earned 250 total points
ID: 37748653
I must also mention that I am using a single nic configuration ( I read this could be the problem)

Being a Single Nic completely removes ISA from the process.  So the ISA is totally irrelevant to what you are trying to do.

Being a Single Nic means there is some other Firewall doing the work,....the FTP Publishing has to be done at THAT firewall,...not on the ISA.
0
 
LVL 11

Assisted Solution

by:Giladn
Giladn earned 0 total points
ID: 37749021
Thank you,

I did figure out last night how to deal with it, even though I had a single physical nic I added one VMnet nic and re-run the firewall configuration wizard for Edge Firewall (2 nics standard configuration) and this solved my problem, It seems that single nic let you publish web only and  configure the external network, edge firewall let me configure internal network ( I choose the VM nic as internal) and it works!
Thank you for the effort.

Gilad
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37750055
:)
0
 
LVL 11

Author Closing Comment

by:Giladn
ID: 37764964
intial configuration was wrong, had to add one more nic to make all protocols being published.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now