Re: SBS 2003 ISA proxy for FTP fails

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Marina Roos [SBS-MVP] (marina_at_roos.nodontwantspam.nl.com)
Date: 08/02/04 

Date: Tue, 3 Aug 2004 01:34:59 +0200

Hi David,

Make sure the Firewall client is installed on the clients. Proxy should
point to your server and port 8080. 

-- 
Regards,
Marina
Microsoft SBS-MVP
"David Barnes" <david@nospam-bitsolve.com> schreef in bericht
news:i8APc.236$Jw6.1926354@news-text.cableinet.net...
> I'm stuck..
>
> Start again and ask the question properly this time...
>
> SBS2003 (premium)
> 2 NICs
> 'out of the tin' default settings
> SBS's 'CEICW' run and selected 'directly connected' and 'enable firewall'
> Servers connection to the internet is via a NAT/PAT firewall/router
> (FireBrick to be precise)
>
> NOTE1: ISA is pre-configured by the SBS setup with filters etc..
>
> From the SBS server itself I couldn't do any FTP access to any site at
all,
> from IE or the 'CMD> FTP' until I enabled the outbound port 21 and inbound
> port 20 filters that were there but disabled(why?) and created an
additional
> filter 'outbound, tcp, local=dynamic, remote=any'.
>
> Q1) Why didn't this 'work out of the tin'?
> Q1a) Is there an SBS wizard I should be running to fix this?
> Q1b) Is there a patch from MS for this?
> NOTE2: This should work out of the tin as MS market and sell SBS as a
> pre-configured solution for small businesses..
>
> At least I can get the server to ftp download the virus updates now..
>
> HOWEVER...
>
> on a client PC (in IE) goto ftp://ftp.hp.com  .. fails and I get:
> ISA Server: Extended error message:
> 200 type set to A.
> 500 Invalid PORT Command.
>
> NOTE3: the error returned to the client is an SBS/ISA error page..
> Client has NO default gateway
> Client has ISA(SBS) server defined as proxy for FTP
> Client does NOT have proxy firewall installed.
>
> Note: ftp.hp.com is just an example, also tried ftp.microsoft.com and
> ftp.nai.com..
>
> Q2) How do I get the Proxy FTP(read) to work?
> Q2a)What SBS wizard/setting do I have to run to enable this?
> Q2b) How do I diagnose it's failing?
>
>
>
> David Barnes
>
>

Relevant Pages

  • Re: Unable to print to networked printer - get access denied messa
    ... Check the permissions on the server assuming the client has a true RPC ... How is the Standard TCP/IP port configured for the device? ...
    (microsoft.public.windowsxp.print_fax)
  • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
    ... That's the problem tunneling (port forwarding) solves. ... >>can't get past the client firewall. ... > I don't understand why the server would be making the ... server initiates another connection to the client -- in this ...
    (Debian-User)
  • Re: Remote Connection Issue
    ... through port number 3389 and a workstation on the LAN through port number ... I understand that you want to allow a LAN client ... and you have configured server publishing rule ... > By default Terminal Server and Windows 2000 Terminal Services uses TCP ...
    (microsoft.public.windows.server.sbs)
  • Re: Please enter password for HTTP proxy
    ... Web Proxy log: WEBEXTDyyyymmdd.log ... This newsgroup only focuses on SBS technical issues. ... |> on to the SBS server that hosts the ISA. ... |> sure the problematic clients also have Firewall Client installed. ...
    (microsoft.public.windows.server.sbs)
  • Inktomi Traffic-Server XSS: man-in-the-middle XSS !
    ... this is a proxy cache server used by Large ISPs and Backbone ... THE PROBLEM (Tested on Traffic-Server 5.5.1 used by Telefónica in Spain) ... A special request by a client passing through the Inktomi Traffic-Server ... The trick of the exploit is that the socket opened is on port 80 to force the proxy to capture the connection, then you have to request an URL to an open port other than 80, for example 25. ...
    (Bugtraq)