Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 02 November 2024, 07:31:30 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  MSN Messenger on Transparent Proxy
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: MSN Messenger on Transparent Proxy  (Read 16087 times)
bkarankar
Full Member
***
Offline Offline

Posts: 33


« on: Thursday 24 May 2012, 06:51:39 pm »

Hi All,

I have configured Transparent Proxy to have access on port 80.
with this, i configured firewall to allow MSN Messenger on TCP/1863.

But still users are not able to log-in in MSN Messenger, is there any other port/policy required to set?

during troubleshoot, i found its also requesting for port 443 with random IPs. i tried to catch the IP and allow port 443 but every time found new IPs in list.

if you have any idea to allow MSN Messenger only via port 1863/443 then please let me know (we cannot allow port 443 access to all websites/IPs due to security reason and company policy).


Thanks
Bhupesh

Logged
rosch
Full Member
***
Offline Offline

Gender: Male
Posts: 20



« Reply #1 on: Thursday 24 May 2012, 07:06:30 pm »

It looks like msn also needs port 443 to be open: http://support.microsoft.com/kb/927847

I guess you have to whitelist some more of those IPs msn is trying to access on 443.
Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #2 on: Thursday 24 May 2012, 09:41:52 pm »

yes rosch,
It's using 443 & 1863, and there is a way to accomplish.

Add some rules in squid.conf.

(For port)
acl SSL_ports port 1863 (add this line if it still not work)
acl Safe_ports port 1863

(For access)
acl boss req_mime_type ^application/x-msn-messenger
.......
http_access allow/deny boss

Read more about squid
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid
Logged
bkarankar
Full Member
***
Offline Offline

Posts: 33


« Reply #3 on: Friday 25 May 2012, 03:16:52 pm »

It looks like msn also needs port 443 to be open: http://support.microsoft.com/kb/927847

I guess you have to whitelist some more of those IPs msn is trying to access on 443.

i cannot allow access on port 443 for all sites, it will open too many blocked sites. what i am doing currently, identifying the IP for msn and update the policy to allow 443 access.

but every time i found new IPs for msn.

thanks
Logged
bkarankar
Full Member
***
Offline Offline

Posts: 33


« Reply #4 on: Friday 25 May 2012, 03:30:37 pm »

yes rosch,
It's using 443 & 1863, and there is a way to accomplish.

Add some rules in squid.conf.

(For port)
acl SSL_ports port 1863 (add this line if it still not work)
acl Safe_ports port 1863

(For access)
acl boss req_mime_type ^application/x-msn-messenger
.......
http_access allow/deny boss

Read more about squid
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid

Hi kashifmax,

Thanks, i tried the same but did not solved my issue.
is there any other possible way in squid proxy which allow full access on msn messenger based on mime type, so we do not  need to care about policy and IPs.

Thanks
Bhupesh
Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #5 on: Sunday 27 May 2012, 05:54:33 pm »

I am using separate squid server and I'm not using EFW's Proxy. The only thing you can do, is to login to firewall via ssh, edit squid.conf file, there set these rules. I am posting here full rule for your ease....

acl msnurl url_regex -i msn live messenger (not necessary)
acl boss req_mime_type ^application/x-msn-messenger$
acl gwfile url_regex -i gateway.dll (required by messenger)
http_access allow/deny boss
http_access allow/deny gwfile
http_access allow/deny msnurl (not necessary)
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com