Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 30 November 2024, 04:37:45 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Unable to proxy AIM traffic on green or from openvpn client...
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Unable to proxy AIM traffic on green or from openvpn client...  (Read 23753 times)
lightenup
Full Member
***
Offline Offline

Posts: 11


« on: Wednesday 26 August 2009, 03:02:27 am »

First off, this past weekend I moved from IPcop to Endian. Endian is really great!

Now for my issue, I am unable to connect with AOL(Pidgin) instant messenger using Endian's proxy (configured in transparent mode).  If I configure the Pidgin client to use the Endian proxy on port 8080 it will not connect. If I configure pidgin to connect directly (no proxy) I am able to do so without issue. There is nothing in the logs that I can find indicating why this connection is being dropped. If I do a tcpdump on the interface closest to the client I see the three-way handshake complete, but then the Endian firewall sends back a reset packet to the client!  Angry  Is anyone else able to connect with AIM using the proxy explicitly?  I have tried to connect via the proxy from the green network and openvpn client connections, neither want to work. I am able to access web sites via a browser (explicit proxy configuration) from both the green and openvpn connections. Any help would be appreciated.

Lightenup
Logged
lightenup
Full Member
***
Offline Offline

Posts: 11


« Reply #1 on: Wednesday 26 August 2009, 04:20:13 am »

Another odd thing I noticed was that the proxy connection from the client does not seem to make it to the firewall, as you can see the three way handshake completes and then the client tries to do a the proxy connect in packet 14:16:08.191335:

windump from the client:

C:\>WinDump.exe -nn -i \Device\NPF_{DD9808FE-2283-4750-847F-23648594D9BF} host 10.200.10.1
WinDump.exe: listening on \Device\NPF_{DD9808FE-2283-4750-847F-23648594D9BF}
14:16:08.190494 IP 10.200.10.10.4350 > 10.200.10.1.8080: S 90949042:90949042(0) win 65535 <mss 8960,nop,nop,sackOK>
14:16:08.190788 IP 10.200.10.1.8080 > 10.200.10.10.4350: S 359732416:359732416(0) ack90949043 win 5840 <mss 1460>
14:16:08.190814 IP 10.200.10.10.4350 > 10.200.10.1.8080: . ack 1 win 65535
14:16:08.191335 IP 10.200.10.1.22 > 10.200.10.10.4325: P 3301350550:3301350890(340) ack 744889867 win 8576
14:16:08.192721 IP 10.200.10.10.4350 > 10.200.10.1.8080: P 1:233(232) ack 1 win 65535
14:16:08.193018 IP 10.200.10.1.22 > 10.200.10.10.4325: P 340:472(132) ack 1 win 8576
14:16:08.193043 IP 10.200.10.10.4325 > 10.200.10.1.22: . ack 472 win 64471
14:16:09.691978 IP 10.200.10.10.4325 > 10.200.10.1.22: P 1:53(52) ack 472 win 64471
14:16:09.692304 IP 10.200.10.1.22 > 10.200.10.10.4325: P 472:524(52) ack 53 win 8576
14:16:09.692372 IP 10.200.10.1.22 > 10.200.10.10.4325: P 524:656(132) ack 53 win 8576
14:16:09.692384 IP 10.200.10.10.4325 > 10.200.10.1.22: . ack 656 win 64287
14:16:09.702812 IP 10.200.10.1.22 > 10.200.10.10.4325: P 656:772(116) ack 53 win 8576
14:16:09.888940 IP 10.200.10.10.4325 > 10.200.10.1.22: . ack 772 win 64171

tcpdump from the firewall:

root@endian:~ # tcpdump -nn -i eth0 port 8080
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:16:08.237276 IP 10.200.10.10.4350 > 10.200.10.1.8080: S 90949042:90949042(0) win 65535 <mss 8960,nop,nop,sackOK>
14:16:08.237376 IP 10.200.10.1.8080 > 10.200.10.10.4350: S 359732416:359732416(0) ack 90949043 win 5840 <mss 1460>
14:16:08.237493 IP 10.200.10.10.4350 > 10.200.10.1.8080: . ack 1 win 65535
14:16:08.239467 IP 10.200.10.1.8080 > 10.200.10.10.4350: R 359732417:359732417(0) win 0

The above captures are for the same connection. Also of note, I am unable to access any port 443 sites when explicitly using the proxy, port 80 works fine. So it seems like there is a general issue with the ports being permitted to access squid with.

Lightenup

Logged
lightenup
Full Member
***
Offline Offline

Posts: 11


« Reply #2 on: Wednesday 26 August 2009, 07:10:32 am »

Ok, I just got home from work and fired up my laptop (connects off of the blue interface) and found that I can connect to port 443 sites via the proxy and connect via AIM as well. Time for some more investigation work...
Logged
lightenup
Full Member
***
Offline Offline

Posts: 11


« Reply #3 on: Wednesday 26 August 2009, 08:57:13 am »

Well I reloaded from the CD, configured just a red and green interface. Enabled transparent proxy on green and it still does not work. In my browser if I explicitly define the proxy server I am unable to connect to any site port 443/https. If I remove the explicit proxy setting I am able to browse ssl enabled sites  Huh
Logged
lightenup
Full Member
***
Offline Offline

Posts: 11


« Reply #4 on: Friday 28 August 2009, 11:53:01 am »

So I changed the proxy port to 800, restarted the proxy via '/etc/init.d/squid restart' and now it works without a problem.  Grin
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com