Re: F.A O Eriq Neale

Hey Terry.

The most likely cause of the FTP problem for the Macs is active vs. passive FTP.

What application are you using to tes FTP florm the Mac? Have you tried FTP using theMac command line? (It still seems weird to say things like that... ;)

If you can FTP from the Mac command line but cannot from within an application, you've got the active/passive issue (and this honestly may be the case with your PC apps, too).

In the System Preferences on the Mac, look in the Proxies tab for the passive mode chekbox. Change the setting on that and see if i helps you any.

If you like, drop me an e-mail directly and we can work this off-line and post back the successful results.

-Eriq

On 2005-05-11 01:49:44 -0500, "Terry" <terry@xxxxxxxxx> said:

Hi Eriq, (please see previous thread below re FTP from Mac clients)

Tried this...didn't help. Also, although the PC's can access out to FTP they
cant update some programs (i.e when they click on program update in Adobe
Photoshop, it fails).??!!??

Also tried creating a Site & Content rule called MAC, enabled, set
destination to all, Schedule to always allow, action to allowed, Applies to
any request and HTTP content to all.

Then created a protocol rule called MAC, enabled, set action to allow,
protocol to all IP traffic, schedule to always, and applies to client
address sets = MAC, the details of the MAC address sets was set to the IP
range of the MAC's.

Still no joy, they can all talk to the Net but no FTP for the MAC's and no
program updates for the PC's (Although windowsupdate seems OK)

Cheers

Terry

Cheers

TErry
"Eriq Neale" <eon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2005042909535016807%eon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On 2005-04-28 23:57:14 -0500, "Terry" <terry@xxxxxxxxx> said:

Hi,

I have an SBS2003 server, windows2000 clients and Mac clients. SBS
server
has 2 Nics and runs ISA. It also has a netscreen firewall which also has
a 
VPN channel to another office.

The problem I have is that none of the Mac clients in the main office
can 
access outside FTP sites to download files. (no problems now with the
Windows clients)

The other office runs server 2003 and also has a netscreen firewall.
This
does NOT run ISA. The other office can access outside FTP sites to
download 
files no problem.

The Netscreen setup is identical both sides which leads me to believe
that
the problem lies either in the multihome of the server or in the ISA
config. 

Any ideas on how I cure this problem??

TIA

Terry 

Hey Terry.

This is most likley an ISA config issue. The Windows PCs are able to
FTP because they are most likely using the Firewall client for ISA.
There is no such beast for the Mac. What you'll need to do is modify
the ISA config to allow outbound access for unauthenticated clients.

In your ISA management console, under Access Policy, take a look at
both the Site and Content Ruls and Protocol Rules folders. Under
Protocol Rules, you will see the Small Business Internet Access
Protocol Rule. Open the properties for that rule, click on Applies To,
and you will probably see that the Users and groups button is selected.
Change that to Any request and click Apply. You may need to mak the
same modifications to the Small Business rules under Site and Content
Rules.

The best way to do this is to set up a Client Address Set for the Macs
(provided they have IP addresses within a set range) a limit outbound
access to that client address set. This will prevent anyone from
grabbing an IP on your netwok and bein able to get out to the public
Internet.

HTH...

-Eriq
--
Eriq Neale - MCSE, MCSA Messaging, MCP Small/Medium Business, Mac Guru
EON Consulting - www.eonconsulting.net
Need additional IT insight? E-mail "support at eonconsulting dot net"



--
Eriq Neale - MCSE, MCSA Messaging, MCP Small/Medium Business, Mac Guru
EON Consulting - www.eonconsulting.net
Need additional IT insight? E-mail "support at eonconsulting dot net"

.