none
Publishing FTP server doesn't work

    Question

  • Hi together,

    I am currently trying to replace an existing infrastructure with current Software, atm implementing a Forefront TMG to replace an old ISA2000 (SBS2k)

    I have the following network setup:

    internal(192.168.0.0/24)<---->Forefront<----route--->DMZ (192.168.1.0/24)<---NAT--->Internet

    I have an internal FTP server running on the 2000-Server (will also be replaced) which is working fine for internal connections.
    When I now enter a FTP-Publishing rule, I can not connect to the FTP-server from neither the DMZ, nor the internet.

    I setup monitoring in TMG and can see that the connection fails because it is not allowed according to the default rule.

    I configured the ftp-filter as well as I allowed the write access, but all that didn't change a bit.

    That is the point where I'm lost. Any idea?

    Kind regards

    Stefan

    Thursday, April 28, 2011 10:36 PM

Answers

  • Hi,

    the FTP Server is a SecureNAT client and the network relationship on TMG between the External and Perimeter network is NAT? The FTP filter is bound to the FTP protocol definition?


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    • Marked as answer by birdies72 Wednesday, May 04, 2011 7:23 PM
    Wednesday, May 04, 2011 4:11 AM

All replies

  • Hi,

    please post the details of your FTP Server publishing rule in this forum and compare your configuration with this article:
    http://www.isaserver.org/tutorials/microsoft-forefront-tmg-ftp-and-ftp-server-publishing.html
    http://technet.microsoft.com/en-us/library/cc995163.aspx


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    Friday, April 29, 2011 5:07 AM
  • Hi Marc,

    I have checked with both articles, tis is exactly what I did.

    1. I have tried to build a Non-Webserver-Publishing with Protocol FTP-Server from external and permimeter networks to the internal FTP-server

    2. I have also tried to do a firewall rule alowing traffic from external and perimeter to the internal FTP-Server.

    For testing I have a windows client in the DMZ
    1. in a cmd "FTP ip-of-firewall"
    2. in a cmd "FTP ip-of-internal-server"

    in both tests I see the message that the default rule does not allow access (0x004000d FWX_E_POLICY_RULES_DENIED)

    Accessing the FTP from any internal client works fine of course.

    Regardws

    Stefan

    Tuesday, May 03, 2011 10:20 PM
  • Hi,

    the FTP Server is a SecureNAT client and the network relationship on TMG between the External and Perimeter network is NAT? The FTP filter is bound to the FTP protocol definition?


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    • Marked as answer by birdies72 Wednesday, May 04, 2011 7:23 PM
    Wednesday, May 04, 2011 4:11 AM
  • Ahaaa, I changed it to NAT... was on Routing by default.

    Now it works. thanks!

     

    CU Stefan

    Wednesday, May 04, 2011 7:23 PM
  • Ahaaa, I changed it to NAT... was on Routing by default.

    Now it works. thanks!

     

    CU Stefan


    Hi Stefan!

     

    Where and what did you changed from Routing to NAT?

     

    Something on Web-/FTP-server or a parameter von TMG server system?

     

    Unfortunately I got the same problem.

     

    Best regards,

    Christian

    Saturday, July 30, 2011 5:38 PM
  • Now this was some time ago.

    If I remember correct that was in Networking/Networkrules (translated from German) in the TMG Console.

    CU

    Stefan


    Regards Stefan
    Saturday, July 30, 2011 9:18 PM