Solutions for FTP under ISA (3)

The solution I also put my method to do a bit of experiment, use serv-u do, have a little mistake, but after all do come out, the following summary:

PASV server is placed behind Isa, in fact, is to solve two problems:

1, PASV port. My method above suggests using secondary connection, but it turns out that it's not true that you should create a primary connection for each PASV port, and then create the server publishing rules, how many PASV ports, How many will be built.
Another topic here is the use of the Web publishing rules, Tony you should know, the Web publishing rules can also publish FTP server, but the rule inside only gives an FTP port option, it is obvious that This is for Port mode FTP server, because the port mode of the data connection is initiated by the server, on the side of the server, there is no problem through the firewall.

A very exciting feature of using the Web publishing rules is that it supports dynamic public IP users and does not need to modify an external address for every dial number, like the server publishing rules. If you can handle the PASV problem in the Web publishing rules, it's great news for those who use dial-up Internet and want to post PASV servers in the intranet.

What you need to think about is how to publish a random PASV port via the option to fill in only one port? I found a little inspiration from today's experiment, which is that, as mentioned above, each PASV port is set up with a Web publishing rules! I haven't done this experiment yet, I don't know if I can do it, I believe it will come out in the evening.

Of course, you also need to consider how to control the range of PASV mode ports, Serv-u can be set, and IIS FTP is not.

2, is the server to the client to send IP problem. When the FTP client logs into the server, PASV mode server to the client to send the local IP address and data port, when the server is placed in the intranet, the server will return to the client intranet IP, this is of course not complete the connection, need to let the server return to the ISA extranet address. Originally, the workaround could use the Nameresolutionforlocalhost parameter in the application settings of Firwall client, and set it to p to allow the application to return to the ISA's extranet address. However, this parameter is for Firewall client use, and the Publisher cannot install Firewall client, which is a pity.

Fortunately, the good news is that serv-u itself has the ability to return the ISA extranet address by first selecting the properties of the new FTP server and selecting Enable Dynamic DNS in the Domain tab, where the second label appears, called Dynamic DNS ", and then to tz0.com to apply for a dynamic domain name, the application will get a key, this tag to fill in this key can be. The final step is to go to the settings property of the new server, select the Advanced tab, select "Allow passive mode data transfer", and leave the IP address box next to leave blank. This box does not need to be filled in for dial-up users, only the export uses a fixed address.

In this way, serv-u to the client to return IP and port before, will first to tz0.com query to the ISA extranet address, and then sent to the client.