Solutions for FTP under ISA (4)

With these two problems solved, the rest of the work is simple.

It can also be explained from the above that the FTP server for IIS cannot be published from the intranet because IIS has no option to choose the range of PASV ports or to return the addresses of the ISA extranet. And serv-u These two can be satisfied. Of course, there may also be a way to solve these two problems with IIS on the Microsoft Web site.

When publishing an FTP server, be aware that the FTP server has port and PASV two of modes. The common denominator is to use 21 ports for user authentication and management, the difference is in different ways of data transmission, Port mode FTP server data port fixed at 20, while the PASV mode is random between 1025-65535. This difference should be considered when publishing.

If the FTP server is in the internal network, when the Serverpublishrules is established (although Webpublishrules can also publish the FTP server, it does not provide processing of the port and PASV modes). The 21inbound entry in Protocoldefinitions is to establish a secondaryconnection for the inbound between inbound or 1025-65535 ports on port 20.

If the FTP server is built on the ISA Server, you need to set the relevant entry in Ippacketfilters, for port mode, very simple, open 20inbound is, but PASV mode is a bit troublesome, Because Ippacketfilters can not set the port segment, but we can not write tens of thousands of ports one at a time, only the LocalPort set to Dynamic,remoteport set to Allports, of course, security this is a damage.

Fortunately, some PASV-mode FTP servers are able to set the range of PASV mode ports, such as Serv-u, which can control the PASV mode port to a maximum of 50 ports, and if the number of concurrent users set for Serv-u is limited, Then we can write a filter for each PASV port without having to open all the ports. If you use an FTP server for IIS, this FTP server does not provide the ability to select the PASV mode port, only as described above, opening dynamic and allports.

Judging from the error message above, you should use IE to access the FTP server. The FTP client of IE, unlike other professional FTP clients, cannot automatically detect the type of FTP server and change the types of clients depending on the type of server. IE only provides a manual option to change the port and PASV client roles, that is, the Internet option-> advanced-> to enable the folder view for the FTP site, select it, IE is the PASV mode client, and the port client is not selected. You need to manually change this option based on the type of server. If the server's exit is a link to the ADSL class, the option to "Use Passive FTP (for firewall and DSL modem compatibility)" is selected, which is available only in the IE5.5 version.