RE: Access External FTP Site from Inside SBS2003 Std Network
- From: Hugh <Hugh@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 29 Apr 2007 01:10:02 -0700
Hi Terence,
Thanks for your response. I have gone back and followed all the steps you
suggested. i.e.
1] Re-ran the CEICW, which made no difference. NB: I left FTP un-checked in
the firewall exception rules as I understand that unchecking this box opens
up incoming ftp requests to the server - which is not what I am trying to do.
Let me know if you think this is an error.
2] Checked all the settings in KB825763 as you suggested. This is our
standard build procedure so everything was, and is, compliant with the KB
recommendations.
3] I have confirmed that the internal client default gateway is pointing at
the server internal LAN ip address.
4] Yes I can access ftp://ftp.microsoft.com from the internal client.
5] Yes I am getting the same problem on all internal clients in the domain,
and also on my laptop (which is not a domain member) when I plug it into
their LAN.
6] The error messages I am getting relate to not being able to list the
remote directory contents. I have forwarded them to your email address as
requested. The ftp process proceeds as expected during the authentication
process and then bombs out as soon as we attempt to list the remote directory
contents.
Thanks for your time Terence.
I look forward to hearing back from you.
regards,
Hugh
"Terence Liu [MSFT]" wrote:
Hello Hugh,.
Thank you for posting here.
According to your description, I understand that you can not access
external active mode FTP site from internal client. If I have misunderstood
the problem, please don't hesitate to let me know.
This is a complex issue, I suggest we try to rerun the CEICW first to see
if there is any effect.
Go through the follow KB and Rerun CEICW again carefully.
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us
Meanwhile, please ensure the client computer's default gateway is pointing
to SBS internal network interface.
Then, before we go any further, please let me know the following
information so that we can understand your situation more clearly.
1. Can you access external passive mode FTP site from internal client, like
ftp://ftp.microsoft.com/?
2. Does this issue happen on all internal clients?
3. Do you get any error message when you access the external active mode
FTP site? Please capture screenshots on the error messages and send the
pictures to me at v-terliu@xxxxxxxxxxxxx
I appreciate your time and look forward to hearing from you.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Access External FTP Site from Inside SBS2003 Std Network
| thread-index: AceHHog4cOltcGt2Rg2965lCq1DmGQ==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?SHVnaA==?= <Hugh@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Access External FTP Site from Inside SBS2003 Std Network
| Date: Wed, 25 Apr 2007 02:46:00 -0700
| Lines: 40
| Message-ID: <13F920ED-3EB3-40FC-831B-CE9B6DC320B4@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:32520
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have a client who has a pretty std configuration of:
| SBS2003 Std (no ISA obviously)
| Dual NICs
|
| They need to access an active ftp site out on the internet from inside
their
| LAN. i.e. an internal workstation must be able to initiate an active ftp
| session which will travel out through SBS firewall, then out through
their
| perimeter router, then connect to the outside world ftp server.
|
| I can make this work up to the point where we do a directory listing of
the
| remote ftp site, then it just hangs until the connection times out. From
my
| reading I believe that this is the point where the ftp session is
switching
| from the control channel port to a randomly chosen data channel port.
|
| I have tried adding exceptions to the workstation firewall for the ftp
| client (filezilla) - which makes no difference.
|
| I can plug my laptop directly into their LAN (without joining the domain)
| and get the same problem.
|
| If I plug my laptop directly into their perimeter router I can connect to
| the ftp site normally (using filezilla or IE) and happily transfer files
etc.
|
| So it seems that the server firewall is the issue.
|
| Anyone know a way to configure the server firewall to make this work
without
| leaving gaping security holes??
|
| As a short term solution I have installed a 2nd NIC in one of the
| workstations which bypasses the server and plugs straight into the
router,
| and my client has to disable their standard netrwork connection and
enable
| the second NIC each time they want to transfer a batch of files - then
| hopefully remember to reverse it when they are finished.
|
| I am hoping for a more elegant solution
|
| Regards,
|
| Hugh
|
|
- Follow-Ups:
- RE: Access External FTP Site from Inside SBS2003 Std Network
- From: Terence Liu [MSFT]
- RE: Access External FTP Site from Inside SBS2003 Std Network
- References:
- RE: Access External FTP Site from Inside SBS2003 Std Network
- From: Terence Liu [MSFT]
- RE: Access External FTP Site from Inside SBS2003 Std Network
- Prev by Date: Re: How to install SBS 2003 in existing AD domain (one Win2K DC)
- Next by Date: Re: DNS Suspect
- Previous by thread: RE: Access External FTP Site from Inside SBS2003 Std Network
- Next by thread: RE: Access External FTP Site from Inside SBS2003 Std Network
- Index(es):
Relevant Pages
|
