Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
msn setup in proxy.
  • From: Francisco Acosta <chesco@xxxxxxxxxxx>
  • Date: Mon, 21 Jul 2003 17:01:52 -0400
  • Message-id: <3F1C54C0.9040005@xxxxxxxxxxx>
(First, my english is not good)

Hi,
In my network, people want and are allowed to use msn. A new release 6 was installed in some windows machines.
With iptables, i set policies to drop in input, output and forward.
Then, accept established an related connections:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

And finally allow connections to everywhere, port 1863

iptables -A FORWARD -p tcp -s 10.0.0.0/8 --destination-port 1863 -m state --state NEW -j MSN
iptables -A MSN -j LOG --log-prefix "MSN ACCEPT "
iptables -A MSN -j ACCEPT

I've captured sessions of connections with tcpdump, and as far as i can see, the client connect, first to a messenger.hotmail.com, then
negotiate the connections to another site
baym-csxxx.msgr.hotmail.com
where xxx is the final number of the ip.
It seems that always use only the port 1863, but is not working.
I've even configured dante, and didn't worked too.

Is there any error in my configuration of iptables?. Or is just a FUD?, because connections going through ISA Server work fine.




< Previous Next >
This Thread
  • No further messages