?
Solved

WinSock Proxy clients behind zonealarm pro firewall

Posted on 2004-08-26
20
Medium Priority
?
424 Views
Last Modified: 2008-03-17
Hello, this is the escenario, i have a nt server 4.0 server, 2 nics, one to the isp, the other one to my private network, before installing the zonealarm firewall my clients connected to internet through proxy 2.0 winsock, for example msn messenger connected ok, now that i have this firewall it doesnt. Anyone have any idea about the ports i have to allow so the Wspsrv server gets to work.
0
Comment
Question by:jcaceres
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 4
  • +1
20 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11908892
Zone Alarm is most likely blocking the communication in and out of the NT box, not the actual proxy server

For messenger:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q278887
To enable voice communications, make sure that outgoing TCP connections from port 6901 are enabled. Also enable UDP packets where either the source or the destination port is 6901.

To enable file transfers, enable both incoming and outgoing TCP connections to the 6891-6900 range of TCP ports. This allows each sender to perform up to 10 simultaneous file transfers. Note that if only TCP port 6891 is open, users are only able to perform one file transfer at a time.

To enable messaging, enable outgoing TCP connections to TCP port 1863.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11908906
Something else I found:

go into the program control options of zone alarm , click on programs scroll down to messenger and in the access column left click and a box will come up check to allow in both options trusted zone and internet zone,then everything will be cool....happy surfin!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11912848
Still not working, when i shutdown the zonealarm pro firewall my clients can connect to msn and ftp sites etc.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 15

Expert Comment

by:adamdrayer
ID: 11913003
ftp requires you open ports 20 and 21
msn probably requires ssl which is port 443

ZoneAlarm can keep a log of denied packets, check the logfile for a complete lists of ports that these programs are trying to use.
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11913754
I guess this is not specificly a problem for msn, but for the winsock applications, my wsp client cant route them to internet.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11913845
If it doesn't work when you run ZoneAlarm, but works when you disable it, then it is a ZoneAlarm configuration problem.  99% of what ZoneAlarm is all about is blocking ports.  You need to open them.

try opening ports 20, 21, 23, 53, 80, 137, 138, 139, 443, 445, 8989, 8999, and 12173.

That have you covered pretty wel.l
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915135
hello,

can you list the version of zone alarm you are using?
and is the application level blocking is enabled?

if you are using the recent version which supports the application blocking than you should check the programs listed there ...... and in allowing programs to communicate zone alarm offers to allow the program to act as a server.

you should let the zone alarm to trust your winsocks proxy applications and let them open the port required by that program!!!

which you good luck!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11915201
zonealarm pro 5, application level blocking is enabled, I have checked the winsock proxy server to be allowed to communicate as server too but still  nothing.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915427
is it possible for you to list the application which are not allowed to act as a server?
and your blocking levels!
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915436
btw, do you have added your Local Area Table in the trusted zone of your Z.A pro
like
192.168.0.0-192.168.0.255 add this to your trusted range might help you
also check adding a trusted subnets!!

0
 
LVL 1

Author Comment

by:jcaceres
ID: 11915802
Yes i have 2 zones, trusted one, an internet.  Trusted my 192... network.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915860
u didn't list the blocked application!!!
btw, can your client updates the winsocks client installed out there? or can they surf sites without using proxies?
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11916219
none is blocked, clients cant update winsocks client, to surf sites we have to use de http proxy server.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11916238
is MSN on clients are using socks proxy to connect?
and have you tried to connect to MSN without socks proxy thorough winsocks client?
and what about surfing the site thorough web proxy!!!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11916305
msn used to connect ok with socks proxy before firewall, now, cant connect at all, even trying without socks proxy. clients are able to surf sites thorough web proxy.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11916375
have configured your Zone Alarm to allow trafic on port 1080 and than tried to connect MSN thorough Socks proxy.
also checkout the reports for watching the connections being blocked by zone alarm that would help you to see what causes the problem and than to rectify it.
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11931468
I gave up and configured ms proxy 2.0 to filter packets and work as a firewall. So far so good. thanks for the suggestions, seems like this software is no good for servers.

quote:

Thank you for contacting Zone Labs Support

This Information Applies to:

All ZoneAlarm Products

Summary

I'm having a problem running ZoneAlarm on a server.

Solution:

Zone Labs does not officially support ZoneAlarm installations on
servers at this time. ZoneAlarm was designed specifically for client
applications on an endpoint machine.

Please check our website for any developments regarding server
support.

Thank you
Bill
Zone Labs Support

so i guess the answer is zonealarm is no good for my network.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11931854
hmm u can give a try to other firewalls if you wish to otherwise good luck with proxy filters:)

all the best!!!
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 11978744
PAQd, 500 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question