EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 23 November 2024, 01:08:21 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14258
Posts in
4377
Topics by
6516
Members
Latest Member:
DaveH
Search:
Advanced search
EFW Support
Support
EFW SMTP, HTTP, SIP, FTP Proxy Support
MSN Messenger on Transparent Proxy
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: MSN Messenger on Transparent Proxy (Read 16652 times)
bkarankar
Full Member
Offline
Posts: 33
MSN Messenger on Transparent Proxy
«
on:
Thursday 24 May 2012, 06:51:39 pm »
Hi All,
I have configured Transparent Proxy to have access on port 80.
with this, i configured firewall to allow MSN Messenger on TCP/1863.
But still users are not able to log-in in MSN Messenger, is there any other port/policy required to set?
during troubleshoot, i found its also requesting for port 443 with random IPs. i tried to catch the IP and allow port 443 but every time found new IPs in list.
if you have any idea to allow MSN Messenger only via port 1863/443 then please let me know (we cannot allow port 443 access to all websites/IPs due to security reason and company policy).
Thanks
Bhupesh
Logged
rosch
Full Member
Offline
Gender:
Posts: 20
Re: MSN Messenger on Transparent Proxy
«
Reply #1 on:
Thursday 24 May 2012, 07:06:30 pm »
It looks like msn also needs port 443 to be open:
http://support.microsoft.com/kb/927847
I guess you have to whitelist some more of those IPs msn is trying to access on 443.
Logged
kashifmax
Sr. Member
Offline
Gender:
Posts: 108
Re: MSN Messenger on Transparent Proxy
«
Reply #2 on:
Thursday 24 May 2012, 09:41:52 pm »
yes rosch,
It's using 443 & 1863, and there is a way to accomplish.
Add some rules in squid.conf.
(For port)
acl SSL_ports port 1863 (add this line if it still not work)
acl Safe_ports port 1863
(For access)
acl boss req_mime_type ^application/x-msn-messenger
.......
http_access allow/deny boss
Read more about squid
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid
Logged
bkarankar
Full Member
Offline
Posts: 33
Re: MSN Messenger on Transparent Proxy
«
Reply #3 on:
Friday 25 May 2012, 03:16:52 pm »
Quote from: rosch on Thursday 24 May 2012, 07:06:30 pm
It looks like msn also needs port 443 to be open:
http://support.microsoft.com/kb/927847
I guess you have to whitelist some more of those IPs msn is trying to access on 443.
i cannot allow access on port 443 for all sites, it will open too many blocked sites. what i am doing currently, identifying the IP for msn and update the policy to allow 443 access.
but every time i found new IPs for msn.
thanks
Logged
bkarankar
Full Member
Offline
Posts: 33
Re: MSN Messenger on Transparent Proxy
«
Reply #4 on:
Friday 25 May 2012, 03:30:37 pm »
Quote from: kashifmax on Thursday 24 May 2012, 09:41:52 pm
yes rosch,
It's using 443 & 1863, and there is a way to accomplish.
Add some rules in squid.conf.
(For port)
acl SSL_ports port 1863 (add this line if it still not work)
acl Safe_ports port 1863
(For access)
acl boss req_mime_type ^application/x-msn-messenger
.......
http_access allow/deny boss
Read more about squid
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid
Hi kashifmax,
Thanks, i tried the same but did not solved my issue.
is there any other possible way in squid proxy which allow full access on msn messenger based on mime type, so we do not need to care about policy and IPs.
Thanks
Bhupesh
Logged
kashifmax
Sr. Member
Offline
Gender:
Posts: 108
Re: MSN Messenger on Transparent Proxy
«
Reply #5 on:
Sunday 27 May 2012, 05:54:33 pm »
I am using separate squid server and I'm not using EFW's Proxy. The only thing you can do, is to login to firewall via ssh, edit squid.conf file, there set these rules. I am posting here full rule for your ease....
acl msnurl url_regex -i msn live messenger (not necessary)
acl boss req_mime_type ^application/x-msn-messenger$
acl gwfile url_regex -i gateway.dll (required by messenger)
http_access allow/deny boss
http_access allow/deny gwfile
http_access allow/deny msnurl (not necessary)
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com