[THIN] Re: Winsock Proxy 2.0 -> NT TSE 4.0 + MF1.8

  • From: "Ryan Lambert" <rlambert@xxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Wed, 26 May 2004 11:04:03 -0400

Dennis,

Their firewall allows all tcp-est connections. Return traffic is
permitted.

From CTX953526:

1.Citrix client name resolution in which UDP browsing is required will
not function properly using Microsoft Proxy 2.x. This is a limitation of
Microsoft Proxy 2.x . It supports only the SOCKS 4 Standard. A SOCKS 5
server is required for UDP connections. <--- Interesting.

Another thing was...

"... Proxies do not translate address. Think of proxy making two
socketed connections. The first socket established by your client is to
port 1080. The second socket is established from the proxy to the
MetaFrame server on port 1494 using the address specified in the Server
field."

I think at this point I am in agreement that watching the log file is
the best route to go. This is one gremlin I do not want to try and
chase...

Oh well.

Thanks for the help, guys.


-----Original Message-----
From: Parker, Dennis [mailto:Dennis.Parker@xxxxxxxxxx]=20
Sent: Wednesday, May 26, 2004 10:24 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Winsock Proxy 2.0 -> NT TSE 4.0 + MF1.8

I don't claim to be a firewall expert by any stretch, but just some
common
TCP knowledge and your description would suggest that the port that it
is
connecting on is open (1494), but the return port is not (random).  I
know
that some how firewalls can be configured in different ways to either
allow
or not allow return traffic. =20

For instance, I have a connection to a Citrix server on port 1494 right
now,
but my local port is 2849.  It seems that maybe the Citrix server isn't
being allowed to talk back to port 2849.

Following Ron's suggestion, watch the firewall logs to see what ports
are
being blocked and how.

Dennis Parker, MCSE, CCA
Senior Systems Analyst
Fiserv EFT
4550 SW Macadam Ave, Ste 100
Portland, Or. 97239
Direct: 503-274-6785
Fax:    503-274-6619
=20
This e-mail is confidential and may well be legally privileged.   If you
have received it in error, you are on notice of its status.   Please
notify
us immediately by reply e-mail and then delete this message from your
system.   Please do not copy it or use it for any purposes, or disclose
its
contents to any other person.   To do so could violate state and Federal
privacy laws.  =20
Thank you for your cooperation.   Please contact me if you need
assistance.



-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx]
Sent: Wednesday, May 26, 2004 7:16 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Winsock Proxy 2.0 -> NT TSE 4.0 + MF1.8


Hey Ron,

No, it's definitely udp. Pretty wacky.

-----Original Message-----
From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx]=3D20
Sent: Wednesday, May 26, 2004 10:11 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Winsock Proxy 2.0 -> NT TSE 4.0 + MF1.8

You sure you are still using UDP? Might be a silly question. But when it
fails I would just watch the logs and see what port it really fails on.

Ron Oglesby
Senior Technical Architect
Microsoft MVP, Windows Server=3D3D20
=3D3D20
RapidApp, Chicago
Office 312.372.7188
Mobile 815.325.7618
email roglesby@xxxxxxxxxxxx
=3D3D20

-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx]=3D3D20
Sent: Wednesday, May 26, 2004 9:09 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Winsock Proxy 2.0 -> NT TSE 4.0 + MF1.8

Hi all,
=3D3D20

I've got a problem. Who knew? ;-)

=3D3D20

Anyways... a client of ours has a business partner that connects to a
published application via the Program Neighborhood client (7). When they
put the server name into the Server Locator list, they still cannot
browse the published applications. We have verified 1494 tcp and 1604
udp are open and accessible by the client. The only thing we have been
able to come up with is that it is something with the Proxy Server. If
the Security engineer on their side sets it to "Unlimited Access", then
it works just fine... however, specifying those two standard ports alone
does not seem to do the trick.

=3D3D20

Has anyone ever run across something like this, and if so... how did you
solve it?

=3D3D20

Any help is appreciated.

=3D3D20

--

Ryan Lambert, MCP, CCA

Network Engineer

OnlyOne IS

1242 East 49th St.

Cleveland, OH 44114

Ph/Fax: 216-373-2757

http://www.onlyoneis.com/

http://www.myonlyone.com <http://www.myonlyone.com/> /

=3D3D20


********************************************************
This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
http://www.tarantella.com/ttba
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D3D20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
http://www.tarantella.com/ttba
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
http://www.tarantella.com/ttba
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
http://www.tarantella.com/ttba
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
http://www.tarantella.com/ttba
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: