Re: ftp problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Param R. (pr_at_nospam.com)
Date: 12/13/04 

Date: Mon, 13 Dec 2004 15:26:28 -0600

I am confused. So you are saying I dont need to open any outbound or inbound
ports on ISA on the client's end? The remote FTP server is on a remote
network running Windows 2000 behind a CISCO firewall. Does anything need to
be done on that end?

thanks!

"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:%23OVdNyU4EHA.3708@TK2MSFTNGP14.phx.gbl...
> Hi Param,
>
> You don't need to open port 20 or 21 outbound and definitely not inbound
> for
> a client to be able to ftp out. You also don't need to create manually
> protocol rules or whatever in ISA. You also don't enable the FTP server in
> CEICW, as this is to open up the ftp ports to your sbs server, and I don't
> think you will want your sbs server act as a ftp server.
>
> Just make sure you have installed the firewall client on the workstations
> and check that 'auto discovery' is turned off and that it is pointing to
> the
> server.
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
>
> "Param R." <pr@nospam.com> schreef in bericht
> news:upOqK4R4EHA.936@TK2MSFTNGP12.phx.gbl...
>> Do I have to open up outbound Port 20 on the client side or server side
>> or
>> both?
>>
>> thanks!
>>
>> "TSU" <TSU@discussions.microsoft.com> wrote in message
>> news:18532E0C-4D5D-4F55-A2F2-F569833A1255@microsoft.com...
>> > Hello Param,
>> >
>> > There are two FTP modes, and your Server is configured to support only
>> > PORT
>> > mode.
>> >
>> > Both modes initially connect and authenticate on port 21, but from
>> > there
>> > PORT will transfer data on port 20 whereas PASV will negotiate a pair
>> > of
>> > ports in a high port range for data transfer.
>> >
>> > If it doesn't matter to you which mode to use, from your log entries if
>> > you
>> > use an FTP client configured for PORT FTP, you won't see any errors.
>> >
>> > Also, your FTP client issued a FEAT command. It's a command requesting
> the
>> > Server identify any optional commands if they exist, so is not a
> criticial
>> > error if there is no response.
>> > http://www.networksorcery.com/enp/rfc/rfc2389.txt
>> >
>> > HTH,
>> >
>> > Tony Su
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > "Param R." wrote:
>> >
>> >> Hi all, it seems that ISA seems to be blocking ftp transactions from
>> >> clients. We have a remote FTP server on another remote network running
> on
>> >> Windows 2000 & IIS 5. Clients from my SBS network trying to connect to
> it
>> >> are failing. Here is a log from SmartFTP. Any ideas? Under Protocol
> Rules
>> >> in
>> >> ISA I have FTP, FTP Download Only & FTP Server checked.
>> >>
>> >> Resolving host name ftp.mycompany.com...
>> >>
>> >> Connecting to (ftp.mycompany.com) -> IP: 69.2.aa.bb PORT: 21
>> >>
>> >> Connected to (ftp.mycompany.com) -> Time = 78ms
>> >>
>> >> Socket connected waiting for login sequence.
>> >>
>> >> 220 webserver Microsoft FTP Service (Version 5.0).
>> >>
>> >> USER lgdatacenter\sterling
>> >>
>> >> 331 Password required for lgdatacenter\sterling.
>> >>
>> >> PASS (hidden)
>> >>
>> >> 230-welcome to ftp.mycompany.com
>> >>
>> >> 230 User lgdatacenter\sterling logged in.
>> >>
>> >> SYST
>> >>
>> >> 215 Windows_NT version 5.0
>> >>
>> >> FEAT
>> >>
>> >> 500 'FEAT': command not understood
>> >>
>> >> REST 100
>> >>
>> >> 350 Restarting at 100.
>> >>
>> >> REST 0
>> >>
>> >> 350 Restarting at 0.
>> >>
>> >> PWD
>> >>
>> >> 257 "/" is current directory.
>> >>
>> >> CWD /sw48
>> >>
>> >> 250 CWD command successful.
>> >>
>> >> PWD
>> >>
>> >> 257 "/sw48" is current directory.
>> >>
>> >> TYPE A
>> >>
>> >> 200 Type set to A.
>> >>
>> >> PASV
>> >>
>> >> 227 Entering Passive Mode (69,2,aa,bb,16,98).
>> >>
>> >> Opening data connection IP: 69,2,aa,bb,16,98 PORT: 4194.
>> >>
>> >> A connection attempt failed because the connected party did not
> properly
>> >> respond after a period of time, or established connection failed
> because
>> >> connected host has failed to respond.
>> >>
>> >> PORT 192,168,1,254,10,155
>> >>
>> >> 200 PORT command successful.
>> >>
>> >> Opening data connection IP: 192.168.1.254 PORT: 2715.
>> >>
>> >> LIST -aL
>> >>
>> >> 150 Opening ASCII mode data connection for /bin/ls.
>> >>
>> >> 136 bytes received successfully. (136 B/s) (00:00:01).
>> >>
>> >> 226 Transfer complete.
>> >>
>> >> NOOP
>> >>
>> >> 200 NOOP command successful.
>> >>
>> >> NOOP
>> >>
>> >> 200 NOOP command successful.
>> >>
>> >> NOOP
>> >>
>> >> 200 NOOP command successful.
>> >>
>> >> Any Ideas?
>> >>
>> >>
>> >>
>>
>>
>
>

Relevant Pages

  • Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7)
    ... > fairly tight(only allowing 4 ports in), but perhaps I could tighten it ... The host systems firewall rules govern the access to the jailed system. ... What connections does your server need to ... Perhaps there is a 0-day for your ftp server out there. ...
    (Incidents)
  • RE: FTP and ISA setup
    ... Please follow the instruction described on the following KB to enable external clients to access your FTP server. ... Local port: Fixed port ... Change the EnablePortAttack value to 1. ...
    (microsoft.public.windows.server.sbs)
  • Re: Is this a 3-Leg Perimeter scenario?
    ... Do you mean the FTP server is hosted on the ... This newsgroup only focuses on SBS technical issues. ... The detailed network diagram. ...
    (microsoft.public.windows.server.sbs)
  • Re: Microsoft FTP Server problem on W2K?
    ... client (rather than another server, as in proxy transfer), the IP address ... port) currently in use on the control connection. ... >the remote FTP server was, at least at a TCP level, prepared to accept the ...
    (microsoft.public.inetserver.iis.security)
  • Re: How to develop FTP Server On PPC?
    ... FTP server due to licensing restrictions. ... the server portions (there's no FTP client to my knowledge on CE), ... © 2003 Microsoft Corporation. ...
    (microsoft.public.windowsce.embedded.vc)