+ Post New Thread
Results 1 to 5 of 5
Windows Server 2000/2003 Thread, FTP Issue in Technical; I'm having an issue getting propper access to FTP sites. I can log in fine but every time I do ...
  1. #1

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,679
    Thank Post
    122
    Thanked 126 Times in 102 Posts
    Rep Power
    46

    FTP Issue

    I'm having an issue getting propper access to FTP sites. I can log in fine but every time I do I get read only access.

    Our set up is this. Win2K3 ISA 2006 Server connecting to a hardware firewall (netscreen 5 XP). This acts as router connecting our two networks and the internet together. I aslo have a second "back door" fire wall plugged into the network I am on that only I know about that's plugged into the internet.

    Everyone's default gateway is the ISA server and the ISA server's default gateway in the firewall.

    When people try and connect to an FTP site they can read from it even if it requires a log in and does not support anonymous access. However every time they try and write/delete they are greated with an 550 error, access denied. If I alter my default gateway to my back door firewall I connect and can write/delete fine. This leads me to believe that the issue is with the config on my ISA server or the firewall.

    When normal users try and connect through Windows explorer you get an warning message that the "Proxy is not configured to allow full access". However I don't get this message as I am using a different proxy and can't get access. I still have our ISA server as the default gateway. That would imply the issue is ont he ISA server. And it was a while ago but I think this started when I put in the ISA server...

    I've attached the ISA firewall policy. I know it's rubbish but I had to set it up in a rush and haven't had the opportunity to correct it (or lear how to use it properly). However the hardware firewall is actually protecting my network so I'm relatively happy for the ISA to pass all traffic through. As far as I understand I've got it to allow all traffic, from any source to any destination.

    The worse (infact stupid) news is that I can't currently get into my hardware firewall admin . Whilst I think I know what I need to do people get a bit shirty if I disconnect the internet, however briefly which is what I need to do to resolve. However I am 95% sure that the outgoing rule on the firewall is to allow all traffic out.

    So why the heck can't I connect to FTP sites properly?

    My next test will be to insert a computer between the ISA and the firewall (when I can disconnect them) and see if I can get access to FTP sites thus testing if it's the ISA server or the firewall. Hopefully at the same time I can get access to the firewall admin. However I won't have oportunity to do that for a week or so if I'm lucky so I was wondering if anyone might have any pointers in the mean time...
    Attached Images Attached Images
    Last edited by Stuart_C; 20th January 2010 at 11:33 AM.

  2. #2
    tonyd's Avatar
    Join Date
    Mar 2006
    Location
    Kent (Sometimes), UK
    Posts
    163
    Thank Post
    17
    Thanked 42 Times in 31 Posts
    Rep Power
    25
    By default the FTP access filter is set to read only. See this document for information on changing the setting FTP Client Access from an ISA Server Network. Oops, that's ISA 2000 - try Enabling Secure FTP Access Through ISA 2006 Firewalls (Part 1)
    Last edited by tonyd; 20th January 2010 at 11:37 AM.

  3. Thanks to tonyd from:

    Stuart_C (20th January 2010)

  4. #3

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,679
    Thank Post
    122
    Thanked 126 Times in 102 Posts
    Rep Power
    46
    Thanks for the quick response, if I could just ask for a bit more help.
    Assuming that I can overcome my own stupitidy and read this correctly...

    Given that i don't have a specific "Allow FTP access" rule I'm allowing everything. Also given that I'm not hosting the FTP site I just want to get on other FTP site's on the internet from here... I would open the firewall policy tab, using the toolbox on the right hand side expand the "all protocols'" section find FTP and untick "FTP Access Filter". This should allow proper authentication?

    Second question is what is the downside to doing this? i.e am I going to cock anything else up?

  5. #4
    tonyd's Avatar
    Join Date
    Mar 2006
    Location
    Kent (Sometimes), UK
    Posts
    163
    Thank Post
    17
    Thanked 42 Times in 31 Posts
    Rep Power
    25
    In an allow rule for FTP, goto the protocols tab, select FTP then click the 'Filtering' button, now untick the 'Read Only' box. This should only affect FTP and nothing else.

  6. Thanks to tonyd from:

    Stuart_C (20th January 2010)

  7. #5

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,679
    Thank Post
    122
    Thanked 126 Times in 102 Posts
    Rep Power
    46
    Ah, found that. Cheers... I'll think I'll wait for a quite time next week when I can give it a go with a minimum of risk and disruption. Thanks for that. I'll post back next week with an update of how I got on.



SHARE:
+ Post New Thread

Similar Threads

  1. Allow Students To Use FTP
    By DaveP in forum How do you do....it?
    Replies: 8
    Last Post: 25th November 2009, 06:56 PM
  2. FTP Server
    By DSapseid in forum Windows
    Replies: 3
    Last Post: 11th February 2009, 12:20 PM
  3. HELP: Need some ftp downloads
    By contink in forum Wireless Networks
    Replies: 5
    Last Post: 5th June 2008, 03:12 PM
  4. FTP proxy
    By NetworkGeezer in forum Wireless Networks
    Replies: 1
    Last Post: 2nd February 2007, 09:59 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •