On Saturday 21 February 2004 19:34, Ray Leach wrote:
No, I'm saying because MSN Chat is able to work via a proxy AFAIK, security wise it is probably a better solution than using masquerading of the internal network and firewalling the ports in question. Except that MSN Messenger is a crafty little piece of cr#p. It uses UPnP (initially on TCP port 1863) to try and find a way through the firewall and bypass the squid proxy.
If you don't have a router between internal and external networks (only allow connections through proxies), MSN Chat will HAVE to use the Squid proxy. As far as I know SuSE doesn't even ship a UPnP aware firewall (if any exists for Linux at all), so the risk that it manages to punch a hole in your precious firewall is virtually non-existant. It may try to bypass the proxy, but it will most certainly fail doing so. Best regards, Arjen