RE: Custom App doing port redirection...

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 21 Aug 2003 18:26:29 -0500

Hi Sean,
 
Its hard to tell what this application wants. However, it sounds like it
sends outbound packets to TCP 443 and the responses are to 1214 and
1215. If that is so, then you'll need to become a master of the
mspclnt.ini file, as this application isn't "firewall friendly". Think
about it. The remote server accepts requests on its TCP 443 listener. It
expects that the client will be able to receive responses on its 1214
and 1215 ports. The problem is, how do you let the firewall know that
this is required? The firewall isn't a mind reader and has no built in
knowledge of this protocol.
 
Therefore, you have to have a mechanism that allows the firewall to be
aware of the application protocols. You have three choices:
 
1. Hone your C++ skills and create an application filter
2. Install the firewall client on the machines that need to use this
app, and burn the midnight out and figure out how to configure the
mspclnt.ini file to support your app
3. Inform the devs of the application that firewalls are now all the
rage and they might consider that fact when creating network
applications ;-)
 
HTH,
Tom
 

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 

        -----Original Message-----
        From: Sean Rector [mailto:srector@xxxxxxxxxxxxxxxx] 
        Sent: Thursday, August 21, 2003 8:07 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Custom App doing port redirection...
        
        
        http://www.ISAserver.org
        
        
        Hello
         
        My 1st post.  I have a customer who is running SBS2000, and has
ISA enabled.  They have a custom application that looks like a printer
to their local computer, but it is actually sending a form via email.
The local ports are 1214 and 1215, and the remote port is 443 (according
to one of the app's tech support people, who got this information by
running it on his home computer, and Norton Internet Security reported
it as such).
         
        I've set up two Protocol Filters allowing 1214 and 1215 to
redirect to 443, but the error is as follows: "Access Denied.  The proxy
server needs authentication.  The handle is in the wrong state for the
requested operation."
         
        The application is called MortgageMail by EllieMae, and works
with their "The Loan Handler" and "The Loan Closer" applications.
         
        Any help would be greatly appreciated.
         
        Sean
        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2003