Menu
▾
▴
Re: [proxyTools-users] ISA server problem ????
|
From: wayne <wa...@ny...> - 2003-04-24 04:11:33
|
> From: Nabil Jaffar <nf...@ya...> > Subject: Re: [proxyTools-users] ISA server problem ???? > To: pro...@li... > > My questions: > 1) why do you want ftp? Ftp is difficult to set up in that kind > of environment, even with LP. Many ftp archives these days also > offer http access; are you sure that possibility won't work for > you? > >>> http has no problems, but as i often use to download > lot of project work with large file sizes and ofcourse ok, that covers the need for ftp you thought you had. Use http. > i use kazaa or any other p2p applications/utilities > on my workstation.... This is a new requirement. Also not easy. Each one requires you to look into the protocol, see if it's a simple TCP protocol, and implement the tunnel configuration. I added E-Donkey to the LP services once; you may find that interesting. > 2) you should confirm that the relevant ports are actually > blocked > by your firewall. Run master.pl to see this. > >>> as you can see the results of various utilities pasted below > and yes that particular port is blocked.... I didn't see any master.pl test reports, but I'm sure you're correct. In one place like this, I once found the firewall allowed access on a port to local ISP proxies (which happened to allow CONNECT). Master.pl indicated that they were blocked because it tested for connection to login.icq.com (which *was* blocked). Unlikely, but maybe worth a look. > 3) LP could only be used to give you an ftp service, if the http > > proxy you use allows CONNECT, and even then it is difficult to > arrange (and I would need to add some code to LP). So far, this > hasn't been necessary. Use statProxy to see if your proxy has > this capability. > >>> i have tried and also you can see the result output below... No CONNECT allowed to useful ports. That's normal for MS. > 4) Does your proxy need a password? If so, do you know if it > requires NTLM authentication? > >>> no it does not.... Probably next week ... No problem though - LP can use a Perl NTLM proxy. Will post if anyone needs this. > ONE MORE QUESTION , A GENERAL ONE, AND MAY BE YOU BE ABLE TO > HELP... > I ALSO RUN A LINUX WORKSTATION, I CAN PING OTHER HOSTS AND ALSO > THE ISA SERVER BUT I CANT BROWSE, DOES THIS HAVE TO DO ANYTHING > WITH THE ISA SERVER, IS THERE ANY SETTING OR CANT DO? 1) You're sure there's no NTLM? 2) What are you using to browse with? Netscape/Mozilla? Or lynx etc? 3) Is there a MS domain involved? 4) It's critical that you have a name server configured! Try this: export http_proxy=http://192.168.0.1:8080 lynx http://166.84.63.251/ and see if it works. If it does not, you might get a useful error. Netscape/Mozilla should also work, if you configure that proxy. If they don't, try (on one line): lynx -useragent='User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)' http://166.84.63.251/ to see if they are blocking access from other browsers. > THANKS > NJ > D:\bakup\local-proxy\winbin>statproxy 192.168.0.1:8080 > Can't find your name server(s) using nslookup, ipconfig /all > etc. What operating system was this? Oh, I see from below that you have no name server set up. Surely there is one available. Find out, and configure it. [...] > statProxy v4.143 report from 192.168.0.37(User0): > 192.168.0.1 :8080 PFFFFFFPFFFFPPPPFP P 9.0/14.0 via:1.0 All the CONNECT tests failed (except to 443/https), so you can't use LP/commStrat 1 to make tunnels for even simple tcp protocols. LP commStrat 2 could allow access to blocked web sites, but that's all the help it can give you in this environment. That means that to implement any of the p2p stuff, you need to use an outside service (not just an http proxy) of some sort to make a tunnel. Try http_tunnel. IIRC, there are free servers running to test with, but you'd want to run your own somewhere (home?). I will have to handle a similar environment in a couple of weeks, so I might be able to help with details then. [...] > D:\bakup\local-proxy\winbin>statProxy -t 0 -C 213.42.1.171:8080 > 192.168.0.1:8080 > > Tests done via CONNECT (thru 213.42.1.171:8080) > Can't find your name server(s) using nslookup, ipconfig /all > etc. > Extracting proxy strings, safeing, expanding/skipping ports, > validating, resolving, deduping... > 1 proxies to test (after processing) > ctrl-c to see results so far; double-ctrl-c to abort > Running test: 0 Can't connect to CONNECT proxy - refused Heh, nice try, but not a surprising result :-) -- wa...@ny... http://proxytools.sourceforge.net/ |
