Install and Configure FTP Server behind ISA Server 2000 with unstandard port.
In this example we use the Serv-U FTP server for our FTP service. The FTP Server's configuration as below:
After you finish making the change, click OK. In this example, Serv-U is listening to port 65535. Then add some users who you want to access your ftp server.
The next step requires that you create an ?bwspcfg.ini file, which you will place in the Serv-U's folder. The file contents should look like this:
[serv-u32]
ServerBindTcpPorts=65535 咴his number is the port number which you want to use
LocalBindTcpPorts=20??Rember,don't change this number
Persistent=1
KillOldSession=1 ?If you have some problems, try to change "1" to"0"
ForceCredentials=1
Save the file and close it.
Using the CREDTOOL.EXE Application at the FTP Server
Now, let's turn to your Firewall Client software folder on the FTP server. You should find the file credtool.exe and use this command with some parameters to add the security information to the client pc's registry. For example:
CREDTOOL [-r|-w|-d] -n appname [-c User Domain Password]
-r reads the credentials
-w writes, or stores the credentials
-d deletes the credentials
-n appname specifies the name of the application executable
? file without the extension
-c user domain password specifies the account credentials
This command should be used only when your ISA server outbound access controls are configured to require authentication. In many companies, the network administrator will use access controls to restrict employees accessing the Internet. Each person who wants to access the Internet must have the valid user name and password. The staff will have all kinds of rights, such as upload, download, listen to the online music, visit the specified web site, and so on.
If you want the FTP server to work correctly through your ISA server, you must do some configuration using credtool.exe to add the security information in your PC's registry. The FTP server will be asked the valid user name and password when it's running. Don't worry about it. This information is only passed through the internal network.
You see, we have finished the configuration of ?he FTP server on the ISA Server client PC. Let's turn to ISA server.
Creating a Protocol Definition
At this time, if you want to publish a server to the Internet using ISA server, you must have a protocol definition with its primary connection set for inbound access. You will have to create a custom FTP server Protocol Definition that uses the alternate port number. Let's go through the process.
For example, we add a new protocol which definition name is "new service", then click Next to continue.
On the Primary Connection Information page, you should edit the port number to 65535 (or whatever alternate port number you wish to use), the protocol type is TCP. Make sure no other service is using this port! Then select the Direction as Inbound. After doing this, click Next.
The Secondary Connections page asks you whether you want to use the secondary connections when you publish this service. Since you don't require secondary connections, just click Next.
On Completing the New Protocol Definition page, you will see all of your settings for the Protocol Definition. You can review it now. If you find something wrong, you could click the Back button to correct it.
Click Finish to save it when you have no doubts about your settings.
Creating the Publishing Rule
After we create the new Protocol Definition named new service, we can create a Server Publishing Rule that uses this Protocol Definition. We must create the Publishing Rule because we know that ISA will refuse each connection from any port, if they have not been published or have a static packet filter in place. So we must let ISA know which port it can use to accept inbound connections to our FTP server that uses an alternate port number.
Ok, take it easy; let's see what will happen.
At the ISA Management console, expand your server, expand the Publishing node, and right click Server Publishing Rules to publish your internal service.
On the Server Publishing Rules, click right, then click New and then click Rule.
We can use the same name, new service, to publish our FTP server.
Click Find to find the FTP server on your internal network, or just type in the IP address. Click Browse to select the Internet IP address, which is used by ADSL line in this example. If the xDSL modem hasn't dial up to Internet, please do it manually.
You must have an external IP address when you make configuration changes on this page because the external IP address will not show up on dial-up connections until the dial-up connection has been established and an IP address has been assigned to the external interface. Note that while this rule will work with dial-up connections that use static IP addresses, the rule will fail if you use dynamic IP addresses. The reason for this is that the Server Publishing Rule will not automatically change the external IP address to match the new one assigned to the external interface.
Remember: If you don't have a static Internet IP address, you must change this option manually each time you IP address changes.
Select the protocol new service (or whatever name you assigned to your Protocol Definition) to apply this rule, click Next again.
If you want everyone to access your service, please select Any request. If you want to use it with some restrictions, select specific computers and confirm the client IP address setting. If you wondering how to do it , please refer to the ISA Server Help File.
At last, review your configuration. If everything is ok, click finish to save it.
Conclusion
Congratulations! We have finished the configuration of FTP server Publishing Rule. You have succeeded in publishing an FTP server behind ISA Server using non-standard ports. Make sure to restart your FTP server and enjoy your new service now.
You can modify the configuration for any service that?you want to publish to the Internet. More important of all, ISA Server is the upgrade version of MS Proxy Server 2.0; many functions are inherited from MS Proxy Server 2.0. So if you have some question about ISA, try to use the same way in MS Proxy Server 2.0,maybe you will obtain the new discovery, good luck.
