• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 673
  • Last Modified:

isa server 2006 ftp publishing

Hello,

I have windows 2003 r2 server and vmware workstation installed with 2 virtual machines, I have published web sites hosted on those vm's with no problem but now when I am trying to publish the ftp service on one of the vm's  ( *ubunto 11) it's not working, I understand this can be a problem and I would appreciate if someone will guide me through the process.
Thanks!

Gilad
0
Giladn
Asked:
Giladn
  • 4
  • 3
3 Solutions
 
Keith AlabasterEnterprise ArchitectCommented:
Nope - shouldn't be a problem.
On ISA, use the non-web publishing rule and point it at the VM's internal IP.

ISA must be the default gateway for the VM or along the default route for reeturn traffic going back out to any external clients.
0
 
GiladnAuthor Commented:
I have tried the following:
since the VM won't let me configure the isa server as gateway( because it's not on the same scope) I moved the nic settings to "bridge" and gave it an address on the same scope and the isa server as GW.
 web publishing works, ftp don't, I have logged the requests and when I try to publish the server using the non-web publishing role I have the option to publish only FTP SERVER protocol but the logging shows FTP protocol (outgoing) is being used, how strange, I have double checked the external and internal network settings but they seem to be valid and OK.
any suggestions?
0
 
Keith AlabasterEnterprise ArchitectCommented:
First off, it does not need to be on the same scope - what it needs is for the ftp to have EITHER ISA as the default gateway OR for the ISA to be on the FTP servers default path to the Internet. Think about it, most organisations have routers internally and therefore most internal servers will not be on the same scope as the ISA box.

ISA server will not work in a bridge situation between two of its own nics. Each NIC must be on its own subnet.

FTP and FTP Server protocols are the same - they are given different names to split out what they do in respect to ISA. the FTP protocol (in ISA) is for OUTBOUND TCP i.e. FTP packets that are initiated from internal and also incorporates return traffic on thoise ports. The FTP Server protocol (within ISA) is for the same ports but INBOUND i.e. FTP traffic that has been initiated on the Internet towards your internal FTP service and includes return ftp traffic back to those clients.

The FTP protocol is what you would place within an FTP access rule allowinbg your internal users to go out to an external FTP site.
The FTP Server protocol is the one you use within a non-web publishing rule to allow external FTP clients to access your internal FTP server.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
GiladnAuthor Commented:
Hi Keith,

Thank you for the detailed answer, I am aware of all this, I did try all the above and only then tried bridging the vmnet nic..
I  tried both non-web server publishing and web server publishing (bridging to ftp) but for some reason
it does not work, When I look at the logging it shows that the packet is denied (last rule).
might it be something I'm missing? can I configure a more detailed logging?
what you say in fact that non-web server publishing role should do the job?
I must also mention that I am using a single nic configuration ( I read this could be the problem) even though I have 2 nic but since the server is hosted on the isp's server farm I have limited physical  access to it.

appreciate your help,

Gilad
0
 
pwindellCommented:
I must also mention that I am using a single nic configuration ( I read this could be the problem)

Being a Single Nic completely removes ISA from the process.  So the ISA is totally irrelevant to what you are trying to do.

Being a Single Nic means there is some other Firewall doing the work,....the FTP Publishing has to be done at THAT firewall,...not on the ISA.
0
 
GiladnAuthor Commented:
Thank you,

I did figure out last night how to deal with it, even though I had a single physical nic I added one VMnet nic and re-run the firewall configuration wizard for Edge Firewall (2 nics standard configuration) and this solved my problem, It seems that single nic let you publish web only and  configure the external network, edge firewall let me configure internal network ( I choose the VM nic as internal) and it works!
Thank you for the effort.

Gilad
0
 
Keith AlabasterEnterprise ArchitectCommented:
:)
0
 
GiladnAuthor Commented:
intial configuration was wrong, had to add one more nic to make all protocols being published.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now