[suse-security] msn setup in proxy.

[Francisco Acosta <chesco@xxxxxxxxxxx>]

(First, my english is not  good)

Hi,
In my network, people want and are allowed to use msn. A new release 6 
was installed in some windows machines.
With iptables, i set policies to drop in input, output and forward.
Then, accept established an related connections:

iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

And finally allow connections to everywhere, port 1863

iptables -A FORWARD -p tcp  -s 10.0.0.0/8  --destination-port 1863  -m 
state --state NEW  -j MSN
iptables -A MSN  -j LOG  --log-prefix "MSN ACCEPT "
iptables  -A MSN -j ACCEPT

I've captured sessions of connections with tcpdump, and as far as i can 
see, the client connect, first to a messenger.hotmail.com, then
negotiate the connections to another site
baym-csxxx.msgr.hotmail.com
where xxx is the final number of the ip.
It seems that always use only the port 1863, but is not working.
I've even configured dante, and didn't worked too.

Is there any error in my configuration of iptables?. Or is just a FUD?, 
because connections going through ISA Server work fine.




--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here