[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] msn setup in proxy.
(First, my english is not good)
In my network, people want and are allowed to use msn. A new release 6
was installed in some windows machines.
With iptables, i set policies to drop in input, output and forward.
Then, accept established an related connections:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
And finally allow connections to everywhere, port 1863
iptables -A FORWARD -p tcp -s 10.0.0.0/8 --destination-port 1863 -m
state --state NEW -j MSN
iptables -A MSN -j LOG --log-prefix "MSN ACCEPT "
iptables -A MSN -j ACCEPT
I've captured sessions of connections with tcpdump, and as far as i can
see, the client connect, first to a messenger.hotmail.com, then
negotiate the connections to another site
where xxx is the final number of the ip.
It seems that always use only the port 1863, but is not working.
I've even configured dante, and didn't worked too.
Is there any error in my configuration of iptables?. Or is just a FUD?,
because connections going through ISA Server work fine.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here