Publish a FTP Server on Forefront TMG not working
Posted on 2012-03-22
I published my FTP server on TMG but for some reason it doesn't work. I don't receive any errors and I'm lost already.
Here is what I have and did:
I have an FTP server on 192.168.1.243 with IIS 7. I created the FTP site with the following features:
- using a self signed SSL that I created on IIS Server Certificates.
- Basic authentication enabled
- Authorization rules: Allow all users read/write
- FTP Firewall suport: Datachanel ports 0-0, Firewall's External IP address (I assumed it is the public IP on the extenal NIC on Forefront). I did this just as my last resource.
I tested on the LAN and it works.
I have a Forefront TMG server on 192.168.1.248 and public IP 22.214.171.124. It is a perimetral Firewall. The External NIC doesn't has a DNS set.
I have three policies that I'll describe in order
I created an access rule called Resend DNS to ISP
- Protocol DNS
- From: DNS server
- To External
Web Access access rule:
- Protocol FTP, FTP through HTTP, HTTP, HTTPS, Live Messenger, FTP Server, HTTPS Server
- From Internal
- To All networks (and local host). I also put External.
I published a non web server protocol called Acceso FTP with the following features:
- Traffic: FTP Server. Removed the Read only check, the FTP Access filter is checked, the port is 21
- From: anywhere. I also put External, just in case.
- To: 192.168.1.243 (FTP server IP). The requests seems to come from Forefront TMG machine.
- Networks: External and Internal
Then, on my external computer I open CMD and run ftp 126.96.36.199. After some time the ftp> cursor appears but I am not connected. What It should happen is that it asks me for my user and pass.