Solved

WinSock Proxy clients behind zonealarm pro firewall

Posted on 2004-08-26
20
416 Views
Last Modified: 2008-03-17
Hello, this is the escenario, i have a nt server 4.0 server, 2 nics, one to the isp, the other one to my private network, before installing the zonealarm firewall my clients connected to internet through proxy 2.0 winsock, for example msn messenger connected ok, now that i have this firewall it doesnt. Anyone have any idea about the ports i have to allow so the Wspsrv server gets to work.
0
Comment
Question by:jcaceres
  • 7
  • 7
  • 4
  • +1
20 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11908892
Zone Alarm is most likely blocking the communication in and out of the NT box, not the actual proxy server

For messenger:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q278887
To enable voice communications, make sure that outgoing TCP connections from port 6901 are enabled. Also enable UDP packets where either the source or the destination port is 6901.

To enable file transfers, enable both incoming and outgoing TCP connections to the 6891-6900 range of TCP ports. This allows each sender to perform up to 10 simultaneous file transfers. Note that if only TCP port 6891 is open, users are only able to perform one file transfer at a time.

To enable messaging, enable outgoing TCP connections to TCP port 1863.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11908906
Something else I found:

go into the program control options of zone alarm , click on programs scroll down to messenger and in the access column left click and a box will come up check to allow in both options trusted zone and internet zone,then everything will be cool....happy surfin!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11912848
Still not working, when i shutdown the zonealarm pro firewall my clients can connect to msn and ftp sites etc.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 15

Expert Comment

by:adamdrayer
ID: 11913003
ftp requires you open ports 20 and 21
msn probably requires ssl which is port 443

ZoneAlarm can keep a log of denied packets, check the logfile for a complete lists of ports that these programs are trying to use.
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11913754
I guess this is not specificly a problem for msn, but for the winsock applications, my wsp client cant route them to internet.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11913845
If it doesn't work when you run ZoneAlarm, but works when you disable it, then it is a ZoneAlarm configuration problem.  99% of what ZoneAlarm is all about is blocking ports.  You need to open them.

try opening ports 20, 21, 23, 53, 80, 137, 138, 139, 443, 445, 8989, 8999, and 12173.

That have you covered pretty wel.l
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915135
hello,

can you list the version of zone alarm you are using?
and is the application level blocking is enabled?

if you are using the recent version which supports the application blocking than you should check the programs listed there ...... and in allowing programs to communicate zone alarm offers to allow the program to act as a server.

you should let the zone alarm to trust your winsocks proxy applications and let them open the port required by that program!!!

which you good luck!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11915201
zonealarm pro 5, application level blocking is enabled, I have checked the winsock proxy server to be allowed to communicate as server too but still  nothing.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915427
is it possible for you to list the application which are not allowed to act as a server?
and your blocking levels!
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915436
btw, do you have added your Local Area Table in the trusted zone of your Z.A pro
like
192.168.0.0-192.168.0.255 add this to your trusted range might help you
also check adding a trusted subnets!!

0
 
LVL 1

Author Comment

by:jcaceres
ID: 11915802
Yes i have 2 zones, trusted one, an internet.  Trusted my 192... network.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915860
u didn't list the blocked application!!!
btw, can your client updates the winsocks client installed out there? or can they surf sites without using proxies?
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11916219
none is blocked, clients cant update winsocks client, to surf sites we have to use de http proxy server.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11916238
is MSN on clients are using socks proxy to connect?
and have you tried to connect to MSN without socks proxy thorough winsocks client?
and what about surfing the site thorough web proxy!!!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11916305
msn used to connect ok with socks proxy before firewall, now, cant connect at all, even trying without socks proxy. clients are able to surf sites thorough web proxy.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11916375
have configured your Zone Alarm to allow trafic on port 1080 and than tried to connect MSN thorough Socks proxy.
also checkout the reports for watching the connections being blocked by zone alarm that would help you to see what causes the problem and than to rectify it.
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11931468
I gave up and configured ms proxy 2.0 to filter packets and work as a firewall. So far so good. thanks for the suggestions, seems like this software is no good for servers.

quote:

Thank you for contacting Zone Labs Support

This Information Applies to:

All ZoneAlarm Products

Summary

I'm having a problem running ZoneAlarm on a server.

Solution:

Zone Labs does not officially support ZoneAlarm installations on
servers at this time. ZoneAlarm was designed specifically for client
applications on an endpoint machine.

Please check our website for any developments regarding server
support.

Thank you
Bill
Zone Labs Support

so i guess the answer is zonealarm is no good for my network.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11931854
hmm u can give a try to other firewalls if you wish to otherwise good luck with proxy filters:)

all the best!!!
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 11978744
PAQd, 500 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Weird Issues with AD GPOs 5 93
OWA and AppPool problem 20 135
Running VB/Batch script through Group policy 30 101
Setting up a VPN 60 139
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Resolve DNS query failed errors for Exchange
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question