Re: F.A O Eriq Neale

Hi Eriq,

I did try the Active/passive thing but with no success, I will try the FTP
from the Mac command line and let you know the results.

Many thanks for the help to date.

Terry

"Eriq Neale" <eon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2005051107233316807%eon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hey Terry.
>
> The most likely cause of the FTP problem for the Macs is active vs.
> passive FTP.
>
> What application are you using to tes FTP florm the Mac? Have you tried
> FTP using theMac command line? (It still seems weird to say things like
> that... ;)
>
> If you can FTP from the Mac command line but cannot from within an
> application, you've got the active/passive issue (and this honestly may
> be the case with your PC apps, too).
>
> In the System Preferences on the Mac, look in the Proxies tab for the
> passive mode chekbox. Change the setting on that and see if i helps you
> any.
>
> If you like, drop me an e-mail directly and we can work this off-line
> and post back the successful results.
>
> -Eriq
>
> On 2005-05-11 01:49:44 -0500, "Terry" <terry@xxxxxxxxx> said:
>
> > Hi Eriq, (please see previous thread below re FTP from Mac clients)
> >
> > Tried this...didn't help. Also, although the PC's can access out to FTP
they
> > cant update some programs (i.e when they click on program update in
Adobe
> > Photoshop, it fails).??!!??
> >
> > Also tried creating a Site & Content rule called MAC, enabled, set
> > destination to all, Schedule to always allow, action to allowed, Applies
to
> > any request and HTTP content to all.
> >
> > Then created a protocol rule called MAC, enabled, set action to allow,
> > protocol to all IP traffic, schedule to always, and applies to client
> > address sets = MAC, the details of the MAC address sets was set to the
IP
> > range of the MAC's.
> >
> > Still no joy, they can all talk to the Net but no FTP for the MAC's and
no
> > program updates for the PC's (Although windowsupdate seems OK)
> >
> > Cheers
> >
> > Terry
> >
> > Cheers
> >
> > TErry
> > "Eriq Neale" <eon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:2005042909535016807%eon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >> On 2005-04-28 23:57:14 -0500, "Terry" <terry@xxxxxxxxx> said:
> >>
> >>> Hi,
> >>>
> >>> I have an SBS2003 server, windows2000 clients and Mac clients. SBS
> > server
> >>> has 2 Nics and runs ISA. It also has a netscreen firewall which also
has
> > a
> >>> VPN channel to another office.
> >>>
> >>> The problem I have is that none of the Mac clients in the main office
> > can
> >>> access outside FTP sites to download files. (no problems now with the
> >>> Windows clients)
> >>>
> >>> The other office runs server 2003 and also has a netscreen firewall.
> > This
> >>> does NOT run ISA. The other office can access outside FTP sites to
> > download
> >>> files no problem.
> >>>
> >>> The Netscreen setup is identical both sides which leads me to believe
> > that
> >>> the problem lies either in the multihome of the server or in the ISA
> > config.
> >>>
> >>> Any ideas on how I cure this problem??
> >>>
> >>> TIA
> >>>
> >>> Terry
> >>
> >> Hey Terry.
> >>
> >> This is most likley an ISA config issue. The Windows PCs are able to
> >> FTP because they are most likely using the Firewall client for ISA.
> >> There is no such beast for the Mac. What you'll need to do is modify
> >> the ISA config to allow outbound access for unauthenticated clients.
> >>
> >> In your ISA management console, under Access Policy, take a look at
> >> both the Site and Content Ruls and Protocol Rules folders. Under
> >> Protocol Rules, you will see the Small Business Internet Access
> >> Protocol Rule. Open the properties for that rule, click on Applies To,
> >> and you will probably see that the Users and groups button is selected.
> >> Change that to Any request and click Apply. You may need to mak the
> >> same modifications to the Small Business rules under Site and Content
> >> Rules.
> >>
> >> The best way to do this is to set up a Client Address Set for the Macs
> >> (provided they have IP addresses within a set range) a limit outbound
> >> access to that client address set. This will prevent anyone from
> >> grabbing an IP on your netwok and bein able to get out to the public
> >> Internet.
> >>
> >> HTH...
> >>
> >> -Eriq
> >> --
> >> Eriq Neale - MCSE, MCSA Messaging, MCP Small/Medium Business, Mac Guru
> >> EON Consulting - www.eonconsulting.net
> >> Need additional IT insight? E-mail "support at eonconsulting dot net"
>
>
> --
> Eriq Neale - MCSE, MCSA Messaging, MCP Small/Medium Business, Mac Guru
> EON Consulting - www.eonconsulting.net
> Need additional IT insight? E-mail "support at eonconsulting dot net"
>


.