Problems with active FTP and ISA 2004 proxy

Giganews Newsgroups
Subject: Problems with active FTP and ISA 2004 proxy
Posted by:  Soeren Muehlbauer (soeren.…@gmx.de)
Date: Fri, 25 May 2007

Hi,

here is a error posted by Toby Groves in February 2006.

----------------------begin---------------------------------------
From: Toby Groves <toby.groves@touchsystems.nospam.co.uk>
Subject: Problems with active FTP via ISA 2004 proxy
Date: Thu, 02 Feb 2006 11:10:01 +0000
Message-ID: <dop3u19t6638ti60gqrv2c4keee2v0e1…@4ax.com>
Lines: 31

Hope someone can help me out here.

I'm trying to establish FTP connections through an ISA 2004 server, on
which I have full FTP proxy permissions.

Using an FTP client such as WS_FTP Pro, I have no problems
establishing either an active or passive connection to an external
server.  I do not have to specify any proxy server details to achieve
this, so the ISA box is effectively transparent.

Using TIdFTP (Indy 10) however, passive works fine but active does
not.

Tracing it through, I can see that in the TIdFTP.InternalGet
procedure, the BoundIP property of the LPortSv listener socket is
being set to the external IP of the proxy server.  This agrees with
the WS_FTP client, which issues a PORT command using this very same IP
address.

Unfortunately, when I get to the LPortSv.Listen command, it throws an
EIdNotASocket error, as it's obviously trying to bind to an IP address
which doesn't exist on the client computer.

What am I doing wrong here?  Can anyone shed any light on how I can
make this work?  The above IP address is correct in so far as that's
the address that should be sent out in the PORT command, but surely I
need to be using the actual client's IP address to create the
listening socket?

----------------------end---------------------------------------

I trapped in the same error. We also have an ISA Server 2004. We also
get an bound-ip which is the external ip of the isa. I think this is
absolutly correct. The firewall client intercepts all winsock calls. So
you can bind to the returned external ip address. The problem comes
from TIdFTP.InternalGet:

LPortSv.BoundIP := (Self.IOHandler as TIdIOHandlerSocket).Binding.IP;
// The BoundIP is the external ip of the proxy
LPortSv.BoundPort := FDataPort;
LPortSv.BoundPortMin := FDataPortMin;
LPortSv.BoundPortMax := FDataPortMax;

if Assigned(FOnDataChannelCreate) then begin
  OnDataChannelCreate(Self, FDataChannel);
end;

// The next call works ok.
LPortSv.BeginListen;
if FUsingExtDataPort then begin
  SendEPort(LPortSv.Binding);
end else begin
  SendPort(LPortSv.Binding);
end;
if AResume then begin
  SendCmd('REST ' + Sys.IntToStr(ADest.Position), [350]);  {do not
localize}
end;
SendCmd(ACommand, [125, 150, 154]); //APR: Ericsson Switch FTP);
LPortSv.Listen; // This call results in the exception which Toby is
describing and which i also get.

So there has to be an condition inside of indy which doesnt work
correct. I have tried ICS and it works like many other ftp programs.

Thanks for the very nice designed and most of the time workings
components. And let me say thanks to all the supporting peoply in this
NG.

Soeren

Replies