Re: Published FTP server: can't open data connection.



hi there,

is this iis ftp? is the ftp server a secureNAT client?

also, ftp is quite a tricky one for firewalls, i found this doc last night
and it's very informative in terms of the history and inner workings of ftp,
maybe it could assist you in publishing the ftp server

http://www.isaserver.org:80/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html



"baba" <burzi@xxxxxxxxx> wrote in message news:eh0853$vdn$1@xxxxxxxxxxxxxxxx
Hello,
I've tried to get this solved out but I couldn't.
Here it goes, then.

I've got a MS Windows 2003 Small Business Server with ISA Server 2000 and
last service pack installed.
The server has one external network card to connect the internet and one
for the LAN connection.
Both IP addresses are static.
This server is also the LAN gateway.

I succeeded in publishing an internal MS SQL Server service and this one
does work properly.
We also set up a publishing rule to "expose" an internal FTP server but in
this case we got the error: the control connection is set up and works
properly but as soon as we issue a 'ls' command the connection hangs up
and a 425 error code is returned.

We've read and followed step-by-step this two articles, with no luck, yet:

http://www.isaserver.org/tutorials/Publishing_FTP_Sites_on_an_Alternate_Port_Number.html
http://www.isaserver.org/tutorials/Install_and_Configure_FTP_Server_behind_ISA_Server_2000_with_unstandard_port.html

We've tried using both conventional (21) and not "well-known" (20021)
ports.

One more information: by issuing a "netstat -an" command to the FTP server
while trying an "ls" from an external (authorized or, according to the
published rule, belonging to the authorized client addresses set)
computer, I have noticed a SYN_SENT package connection hanging on the port
that would be used for the data channel (let's say 20 in case the FTP
service is running on port 21).

I've read _some_ docs up to now. Does anyone have a clue?

Thanks in advance,
baba


.