|
sponsored links |
|
|
sponsored links
|
|
1
9th June 21:42
External User
Posts: 1
|
ISA 2000 FTP Server publishing
Hi
I published FTP server on ISA 2000 Server according to "Publishing FTP Server on ISA" article from isaserver.org and I receive error "500 Invalid PORT command" when client connects. I had instaled SP2 and also tried hotfix as described i MS Article ID 816459, even it is part of SP2. Anyone knows how to resolve this issue ? I published FTP Server on ISA 2004 without any problems. Please do not advise migration to 2004. Zeljko |
|
|
|
2
9th June 21:43
External User
Posts: 1
|
ISA 2000 FTP Server publishing
Hello,
Try the following: Step 1 : Disable Socket Pooling for the FTP Service The first thing you need to do is disable Socket Pooling for the FTP Service. Socket Pooling allows IIS to listen on all IP addresses assigned to a particular server. You can check this by typing the following command at the command prompt: netstat -na Perform these steps to disable Socket Pooling for the FTP Service : Open a command prompt and navigate to the \Inetpub\adminscripts\ folder Type net stop msftpsvc and press [ENTER] Type the following command: cscript adsutil.vbs set msftpsvc/disablesocketpooling true and press [ENTER] At the command prompt type net start msftpsvc and press [ENTER] Check with netstat -na to confirm that TCP port 21 is now listening on one IP address instead of listening on 0.0.0.0. Step 2 : Configure the FTP service to listen only on the internal interface Open the Internet Information Services console from the Administrative Tools Right click on the default and click Properties In the Default FTP Site Properties dialog box, select the IP address where your FTP server must listen on, click Apply and then OK After making these changes, restart the FTP Service. Step 3 : Disabling the FTP Port Attack Setting Some implementations of FTP servers allow a PORT command to open a connection between the FTP server and an arbitrary port on another machine. This allows the attacker to establish connections to arbitrary ports on machines other than the actual source machine. To disable the Port Attack Setting, perform the following steps: Open Regedt32 go to following key : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Msftpsvc\ParametersDefault setting is 0 Change/Add the EnablePortAttack Dword value to 1 Change/Add EnableDataConnTo3rdIP dword value 1 Close Regedt32 and restart the FTP service Step 4 : Create the Publishing Rule If you use the Web Publishing Wizard you can publish multiple FTP Servers with the same IP address on the external interface of the ISA Server. If you use the Server Publishing Wizard, you can only publish a single FTP server per IP address. Open the ISA Management console, expand your server and then expand the Publishing node. Click on Server Publishing Rules, click New and then click Rule. On the Welcome page type a name for the FTP server publishing rule then click Next. On the Address Mapping page, type in the IP address of the internal interface of the ISA server IP address of internal server text box and the IP address of the external interface in the External IP address on ISA server text box, click Next. On the Protocol Settings page select FTP Server protocol, then click Next. On the Client Type page select either Any request or Specific computer option, click Next. On the last page of the wizard, confirm your settings and click Finish. regards, Henk |
|
|
Linear Mode
