Solved

WinSock Proxy clients behind zonealarm pro firewall

Posted on 2004-08-26
20
413 Views
Last Modified: 2008-03-17
Hello, this is the escenario, i have a nt server 4.0 server, 2 nics, one to the isp, the other one to my private network, before installing the zonealarm firewall my clients connected to internet through proxy 2.0 winsock, for example msn messenger connected ok, now that i have this firewall it doesnt. Anyone have any idea about the ports i have to allow so the Wspsrv server gets to work.
0
Comment
Question by:jcaceres
  • 7
  • 7
  • 4
  • +1
20 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11908892
Zone Alarm is most likely blocking the communication in and out of the NT box, not the actual proxy server

For messenger:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q278887
To enable voice communications, make sure that outgoing TCP connections from port 6901 are enabled. Also enable UDP packets where either the source or the destination port is 6901.

To enable file transfers, enable both incoming and outgoing TCP connections to the 6891-6900 range of TCP ports. This allows each sender to perform up to 10 simultaneous file transfers. Note that if only TCP port 6891 is open, users are only able to perform one file transfer at a time.

To enable messaging, enable outgoing TCP connections to TCP port 1863.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11908906
Something else I found:

go into the program control options of zone alarm , click on programs scroll down to messenger and in the access column left click and a box will come up check to allow in both options trusted zone and internet zone,then everything will be cool....happy surfin!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11912848
Still not working, when i shutdown the zonealarm pro firewall my clients can connect to msn and ftp sites etc.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11913003
ftp requires you open ports 20 and 21
msn probably requires ssl which is port 443

ZoneAlarm can keep a log of denied packets, check the logfile for a complete lists of ports that these programs are trying to use.
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11913754
I guess this is not specificly a problem for msn, but for the winsock applications, my wsp client cant route them to internet.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11913845
If it doesn't work when you run ZoneAlarm, but works when you disable it, then it is a ZoneAlarm configuration problem.  99% of what ZoneAlarm is all about is blocking ports.  You need to open them.

try opening ports 20, 21, 23, 53, 80, 137, 138, 139, 443, 445, 8989, 8999, and 12173.

That have you covered pretty wel.l
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915135
hello,

can you list the version of zone alarm you are using?
and is the application level blocking is enabled?

if you are using the recent version which supports the application blocking than you should check the programs listed there ...... and in allowing programs to communicate zone alarm offers to allow the program to act as a server.

you should let the zone alarm to trust your winsocks proxy applications and let them open the port required by that program!!!

which you good luck!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11915201
zonealarm pro 5, application level blocking is enabled, I have checked the winsock proxy server to be allowed to communicate as server too but still  nothing.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915427
is it possible for you to list the application which are not allowed to act as a server?
and your blocking levels!
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 9

Expert Comment

by:imnajam
ID: 11915436
btw, do you have added your Local Area Table in the trusted zone of your Z.A pro
like
192.168.0.0-192.168.0.255 add this to your trusted range might help you
also check adding a trusted subnets!!

0
 
LVL 1

Author Comment

by:jcaceres
ID: 11915802
Yes i have 2 zones, trusted one, an internet.  Trusted my 192... network.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915860
u didn't list the blocked application!!!
btw, can your client updates the winsocks client installed out there? or can they surf sites without using proxies?
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11916219
none is blocked, clients cant update winsocks client, to surf sites we have to use de http proxy server.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11916238
is MSN on clients are using socks proxy to connect?
and have you tried to connect to MSN without socks proxy thorough winsocks client?
and what about surfing the site thorough web proxy!!!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11916305
msn used to connect ok with socks proxy before firewall, now, cant connect at all, even trying without socks proxy. clients are able to surf sites thorough web proxy.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11916375
have configured your Zone Alarm to allow trafic on port 1080 and than tried to connect MSN thorough Socks proxy.
also checkout the reports for watching the connections being blocked by zone alarm that would help you to see what causes the problem and than to rectify it.
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11931468
I gave up and configured ms proxy 2.0 to filter packets and work as a firewall. So far so good. thanks for the suggestions, seems like this software is no good for servers.

quote:

Thank you for contacting Zone Labs Support

This Information Applies to:

All ZoneAlarm Products

Summary

I'm having a problem running ZoneAlarm on a server.

Solution:

Zone Labs does not officially support ZoneAlarm installations on
servers at this time. ZoneAlarm was designed specifically for client
applications on an endpoint machine.

Please check our website for any developments regarding server
support.

Thank you
Bill
Zone Labs Support

so i guess the answer is zonealarm is no good for my network.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11931854
hmm u can give a try to other firewalls if you wish to otherwise good luck with proxy filters:)

all the best!!!
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 11978744
PAQd, 500 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

Suggested Solutions

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now