| Groups | Blog | Home |
iis ftp : Ports needed to access FTP.
I tried that and it still hangs on "Getting contets of folder" and unltimately the following error message is displayed: "An erorr occurred opening that folder on the FTP Server. Make sure you hvae permission to access that folder. Details: The operation timed out." Maybe I need to allow the computer browser ports or something? TIA, Jarryd [quoted text, click to view] "Dave" <noone@nowhere.com> wrote in message news:O192WYvvFHA.2064@TK2MSFTNGP09.phx.gbl... > try adding port 20. > > "Jarryd" <noemail@nodomain.com> wrote in message > news:OzkpNFvvFHA.2312@TK2MSFTNGP14.phx.gbl... >> Hi, >> >> I want to allow someone access to my network by using vpn but restrict >> traffic to specific ports. I am using MS Server 2003 SP1 as the VPN >> server and have configure a Remote Access policy for the user. I edited >> the policy's profile to only allow access to TCP port 21. This is >> working well. I tested it by logging in to the VPN server using the >> userss (not my) login and doing a telnet in to various ports I know are >> running on the different servers and only port 21 works. When I login as >> myself then my profile kicks in and I can telnet everything. >> >> The problem I am having is that 21 doesn't seem to be enough. I have >> opened up the default FTP site in IE and after it logs me on it tell me I >> don't have permisson to access the site. When I remove the packet filter >> rule in the policy that applies to the user's login they can access the >> site, read its content and write to it. >> >> What else do I need to allow through? I have disabled annoymous access. >> The NTFS permissions on the home directory allow only myself and the user >> access (Full Control), all other accounts have been deleted from the >> folder's ACL. The site security is set to read/write. >> >> I imagine that I need to open some authentication ports, ldap 389 and >> kerberos. Is that correct? And is there anything else? >> >> TIA, >> >> Jarryd >> >> P.S. Is there a way to restrict access to a specific destination IP >> address? >> > >
Hi Dave,
I tried that and it still hangs on "Getting contets of folder" and unltimately the following error message is displayed: "An erorr occurred opening that folder on the FTP Server. Make sure you hvae permission to access that folder. Details: The operation timed out." Maybe I need to allow the computer browser ports or something? TIA, Jarryd [quoted text, click to view] "Dave" <noone@nowhere.com> wrote in message news:O192WYvvFHA.2064@TK2MSFTNGP09.phx.gbl... > try adding port 20. > > "Jarryd" <noemail@nodomain.com> wrote in message > news:OzkpNFvvFHA.2312@TK2MSFTNGP14.phx.gbl... >> Hi, >> >> I want to allow someone access to my network by using vpn but restrict >> traffic to specific ports. I am using MS Server 2003 SP1 as the VPN >> server and have configure a Remote Access policy for the user. I edited >> the policy's profile to only allow access to TCP port 21. This is >> working well. I tested it by logging in to the VPN server using the >> userss (not my) login and doing a telnet in to various ports I know are >> running on the different servers and only port 21 works. When I login as >> myself then my profile kicks in and I can telnet everything. >> >> The problem I am having is that 21 doesn't seem to be enough. I have >> opened up the default FTP site in IE and after it logs me on it tell me I >> don't have permisson to access the site. When I remove the packet filter >> rule in the policy that applies to the user's login they can access the >> site, read its content and write to it. >> >> What else do I need to allow through? I have disabled annoymous access. >> The NTFS permissions on the home directory allow only myself and the user >> access (Full Control), all other accounts have been deleted from the >> folder's ACL. The site security is set to read/write. >> >> I imagine that I need to open some authentication ports, ldap 389 and >> kerberos. Is that correct? And is there anything else? >> >> TIA, >> >> Jarryd >> >> P.S. Is there a way to restrict access to a specific destination IP >> address? >> > >
try adding port 20.
[quoted text, click to view] "Jarryd" <noemail@nodomain.com> wrote in message news:OzkpNFvvFHA.2312@TK2MSFTNGP14.phx.gbl... > Hi, > > I want to allow someone access to my network by using vpn but restrict > traffic to specific ports. I am using MS Server 2003 SP1 as the VPN > server and have configure a Remote Access policy for the user. I edited > the policy's profile to only allow access to TCP port 21. This is working > well. I tested it by logging in to the VPN server using the userss (not > my) login and doing a telnet in to various ports I know are running on the > different servers and only port 21 works. When I login as myself then my > profile kicks in and I can telnet everything. > > The problem I am having is that 21 doesn't seem to be enough. I have > opened up the default FTP site in IE and after it logs me on it tell me I > don't have permisson to access the site. When I remove the packet filter > rule in the policy that applies to the user's login they can access the > site, read its content and write to it. > > What else do I need to allow through? I have disabled annoymous access. > The NTFS permissions on the home directory allow only myself and the user > access (Full Control), all other accounts have been deleted from the > folder's ACL. The site security is set to read/write. > > I imagine that I need to open some authentication ports, ldap 389 and > kerberos. Is that correct? And is there anything else? > > TIA, > > Jarryd > > P.S. Is there a way to restrict access to a specific destination IP > address? >
Hi,
I want to allow someone access to my network by using vpn but restrict traffic to specific ports. I am using MS Server 2003 SP1 as the VPN server and have configure a Remote Access policy for the user. I edited the policy's profile to only allow access to TCP port 21. This is working well. I tested it by logging in to the VPN server using the userss (not my) login and doing a telnet in to various ports I know are running on the different servers and only port 21 works. When I login as myself then my profile kicks in and I can telnet everything. The problem I am having is that 21 doesn't seem to be enough. I have opened up the default FTP site in IE and after it logs me on it tell me I don't have permisson to access the site. When I remove the packet filter rule in the policy that applies to the user's login they can access the site, read its content and write to it. What else do I need to allow through? I have disabled annoymous access. The NTFS permissions on the home directory allow only myself and the user access (Full Control), all other accounts have been deleted from the folder's ACL. The site security is set to read/write. I imagine that I need to open some authentication ports, ldap 389 and kerberos. Is that correct? And is there anything else? TIA, Jarryd P.S. Is there a way to restrict access to a specific destination IP address?
On Wed, 21 Sep 2005 23:18:14 +0100, "Jarryd" <noemail@nodomain.com>
[quoted text, click to view] wrote: >Hi Dave, > >I tried that and it still hangs on "Getting contets of folder" and >unltimately the following error message is displayed: > >"An erorr occurred opening that folder on the FTP Server. Make sure you >hvae permission to access that folder. > >Details: >The operation timed out." > >Maybe I need to allow the computer browser ports or something? Or maybe you need to configure the correct permissions. Such as Logon Locally Right, NTFS permissions, etc. Jeff [quoted text, click to view] >
>"Dave" <noone@nowhere.com> wrote in message >news:O192WYvvFHA.2064@TK2MSFTNGP09.phx.gbl... >> try adding port 20. >> >> "Jarryd" <noemail@nodomain.com> wrote in message >> news:OzkpNFvvFHA.2312@TK2MSFTNGP14.phx.gbl... >>> Hi, >>> >>> I want to allow someone access to my network by using vpn but restrict >>> traffic to specific ports. I am using MS Server 2003 SP1 as the VPN >>> server and have configure a Remote Access policy for the user. I edited >>> the policy's profile to only allow access to TCP port 21. This is >>> working well. I tested it by logging in to the VPN server using the >>> userss (not my) login and doing a telnet in to various ports I know are >>> running on the different servers and only port 21 works. When I login as >>> myself then my profile kicks in and I can telnet everything. >>> >>> The problem I am having is that 21 doesn't seem to be enough. I have >>> opened up the default FTP site in IE and after it logs me on it tell me I >>> don't have permisson to access the site. When I remove the packet filter >>> rule in the policy that applies to the user's login they can access the >>> site, read its content and write to it. >>> >>> What else do I need to allow through? I have disabled annoymous access. >>> The NTFS permissions on the home directory allow only myself and the user >>> access (Full Control), all other accounts have been deleted from the >>> folder's ACL. The site security is set to read/write. >>> >>> I imagine that I need to open some authentication ports, ldap 389 and >>> kerberos. Is that correct? And is there anything else? >>> >>> TIA, >>> >>> Jarryd >>> >>> P.S. Is there a way to restrict access to a specific destination IP >>> address? >>> >> >> > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |