Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Outbound Web Requests on port 8080

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> General >> Outbound Web Requests on port 8080 Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Outbound Web Requests on port 8080 - 23.Jan.2003 5:31:00 AM   
lewishan

 

Posts: 34
Joined: 14.Oct.2002
Status: offline 		Hello,
How do I enable websites to be viewed that specify a different port.

ie,
http://samplesite.com:8080/

At present the client receives a:
Page Cannot be displayed
10060 - Connection timeout

Do I have to configure the outbound listener?

Thanks,
Daniel.
Post #: 1
RE: Outbound Web Requests on port 8080 - 23.Jan.2003 9:09:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Daniel,

just allow access to the unstandard HTTP port number in a protocol rule. Of course, you need to create first a protocol definition for TCP port 8080 outbound.

HTH,
Stefaan

(in reply to lewishan)
Post #: 2
RE: Outbound Web Requests on port 8080 - 23.Jan.2003 11:25:00 PM   
lewishan

 

Posts: 34
Joined: 14.Oct.2002
Status: offline 		Yes that is what I would have thought but I've already tried that and it still is a problem. There must be something else I haven't got configured right.

There is nothing showing up in the Firewall logs as being blocked.
[Confused]
I'm a little bit puzzled. Any further ideas?
Thanks,
Dan

(in reply to lewishan)
Post #: 3
RE: Outbound Web Requests on port 8080 - 23.Jan.2003 11:33:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Daniel,

how are the clients configured: as Web proxy and/or Firewall and/or SecureNAT clients. If only Firewall or SecureNAT, how is the HTTP Redirector set? What do you see in the Web proxy log?

HTH,
Stefaan

(in reply to lewishan)
Post #: 4
RE: Outbound Web Requests on port 8080 - 23.Jan.2003 11:44:00 PM   
lewishan

 

Posts: 34
Joined: 14.Oct.2002
Status: offline 		I'm running a B2B DMZ and the internal clients are both web proxy and firewall clients.

The HTTP Redirector is configured to "Redirect to local Web Proxy Service"

I have not configured any web proxy chaining.

Dan.

(in reply to lewishan)
Post #: 5
RE: Outbound Web Requests on port 8080 - 23.Jan.2003 11:55:00 PM   
lewishan

 

Posts: 34
Joined: 14.Oct.2002
Status: offline 		The web proxy log shows:

10.6.200.4, anonymous, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705), -, 1/24/2003, 8:52:59, -, XENA, -, -, -, 0, 0, 338, 0, -, -, GET, http://tools.connect.com.au:8080/, -, -, 12209, -, -, -

10.6.200.4, anonymous, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705), -, 1/24/2003, 8:52:59, -, XENA, -, -, -, 0, 0, 430, 0, -, -, GET, http://tools.connect.com.au:8080/, -, -, 0, -, -, -

10.6.200.4, QANTM\dlewis, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705), -, 1/24/2003, 8:53:20, -, XENA, -, tools.connect.com.au, 192.189.54.22, 8080, 20971, 574, 0, http, -, GET, http://tools.connect.com.au:8080/, -, Inet, 10060, -, -, -

(in reply to lewishan)
Post #: 6
RE: Outbound Web Requests on port 8080 - 25.Jan.2003 12:24:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Daniel,

to get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.

To understand what is logged, check out the ISA helpfile. There is a section called Firewall and Web Proxy log fields, a must read. Additional information can be found in the article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q284818 .

So, in the posted excerpt from the web proxy log, I'm missing the most important fields Rule#1 (protocol rule) and Rule#2 (site&content rule). They will tell you which rule allowed or denied a request.

HTH,
Stefaan

(in reply to lewishan)
Post #: 7
RE: Outbound Web Requests on port 8080 - 27.Jan.2003 11:29:00 PM   
lewishan

 

Posts: 34
Joined: 14.Oct.2002
Status: offline 		Sorry Stefaan,

Here's the log file again with all the information:

10.6.200.4, anonymous, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705), N, 1/28/2003, 8:23:56, w3proxy, XENA, -, -, -, 0, 0, 338, 0, -, TCP, GET, http://tools.connect.com.au:8080/, -, -, 12209, 0x4, -, -

10.6.200.4, anonymous, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705), N, 1/28/2003, 8:23:56, w3proxy, XENA, -, -, -, 0, 0, 430, 0, -, TCP, GET, http://tools.connect.com.au:8080/, -, -, 0, 0x4, -, -

10.6.200.4, QANTM\dlewis, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705), Y, 1/28/2003, 8:24:18, w3proxy, XENA, -, tools.connect.com.au, 192.189.54.22, 8080, 20960, 574, 0, http, TCP, GET, http://tools.connect.com.au:8080/, -, Inet, 10060, 0x5, Web Access, Allow rule

The Web Access rule is a protocol rule configured to allow Domain Users access for http & https.

The Allow rule is a site and content rule allowing access to all destinations and applies to a destination set configured to all internal IP addresses on our network.

I'm not quite sure what to look for in the logs, hope you can assist.

Greatly appreciated.
Dan.

(in reply to lewishan)
Post #: 8
RE: Outbound Web Requests on port 8080 - 28.Jan.2003 4:10:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Configure the client as a Web Proxy client now! [Smile]

HTH,
Tom

(in reply to lewishan)
Post #: 9
RE: Outbound Web Requests on port 8080 - 28.Jan.2003 4:14:00 AM   
lewishan

 

Posts: 34
Joined: 14.Oct.2002
Status: offline 		Hi Tom,
The client already has the firewall client installed, and also has the proxy in the browser configured to the ISA server, thus making it a web proxy client.
So this is already configured?

Dan.

(in reply to lewishan)
Post #: 10
RE: Outbound Web Requests on port 8080 - 28.Jan.2003 4:26:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Dan,

If the clients are Web Proxy clients, then why are the requests anonymous? It appears that the Web Proxy service wants credentials, but the Web Proxy clients are not providing them because they are accessing the service via the HTTP Redirector. That's what it looks like from here.

HTH,
Tom

(in reply to lewishan)
Post #: 11
RE: Outbound Web Requests on port 8080 - 28.Jan.2003 4:40:00 AM   
lewishan

 

Posts: 34
Joined: 14.Oct.2002
Status: offline 		Not sure why the requests are anonymous?
Why are there 3 log entries for the one request?

The 3rd log entry shows the user QANTM\dlewis.
This is me as I'm trying to get this configuration setup and working before going live.

Therefore I can be sure that the client is configured as I've described and the log files are only filled with my requests.

I disabled the firewall client but it made no difference and the weblog files were the same as above.

Dan

(in reply to lewishan)
Post #: 12
RE: Outbound Web Requests on port 8080 - 28.Jan.2003 1:27:00 PM   
jmjarvis

 

Posts: 136
Joined: 17.Jun.2002
From: UK
Status: offline 		Dan,

What is the outgoing web listener port set to ?

Just to clarify your clients are now only configured as SecureNAT clients ?

Jas

[ January 28, 2003, 01:28 PM: Message edited by: Jason Jarvis ]

(in reply to lewishan)
Post #: 13
RE: Outbound Web Requests on port 8080 - 28.Jan.2003 5:22:00 PM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Dan,

I messed up on that one, going too fast. That is normal logging for a authenticated connection. The Web Proxy service first denies, and then asks for credentials. Then you send your credentials. So that's cool and your client is configured correctly.

It looks like a problem with the Web site, not your ISA Server.

HTH,
Tom

(in reply to lewishan)
Post #: 14
RE: Outbound Web Requests on port 8080 - 28.Jan.2003 11:06:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Dan,

the Result Code (sc-status) returns '10060' and that means 'Connection timed out'. So, as Tom said, it seems to be a problem with the web site. I've tried to access that URL and it doesn't work either.

HTH,
Stefaan

(in reply to lewishan)
Post #: 15
RE: Outbound Web Requests on port 8080 - 28.Jan.2003 11:44:00 PM   
lewishan

 

Posts: 34
Joined: 14.Oct.2002
Status: offline 		Hi guys,
I had already contacted the ISP to see if there was a problem with their site but they indicated that there wasn't. I then decided to setup a client outside the firewall with a direct connection to the internet. This worked fine and I was able to access the site.

This is why I thought I must have someting configured incorrectly.

[Confused] [Mad]

Jas to answer your question, the outgoing listner port is configured to 8080. This is the default setting, I assumed it was right?

Dan.

(in reply to lewishan)
Post #: 16
RE: Outbound Web Requests on port 8080 - 29.Jan.2003 12:17:00 AM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Dan,

in one of your previous posts you said "I'm running a B2B DMZ and the internal clients are both web proxy and firewall clients. The HTTP Redirector is configured to Redirect to local Web Proxy Service. I have not configured any web proxy chaining.". It may be a stupid question, but are you sure the traffic is allowed through the outer firewall?

HTH,
Stefaan

(in reply to lewishan)
Post #: 17
RE: Outbound Web Requests on port 8080 - 29.Jan.2003 1:40:00 AM   
lewishan

 

Posts: 34
Joined: 14.Oct.2002
Status: offline 		Hi Stefaan,
Yes both http and https traffic can get out fine.

On the External ISA I've configured a Site & Content Rule and a Protocol rule allowing all traffic out for the internal ISA server only.

I followed the setup in Tom's book very closely. [Razz]

Dan.

(in reply to lewishan)
Post #: 18
RE: Outbound Web Requests on port 8080 - 29.Jan.2003 4:34:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Dan,

I don't think its related to your back to back config, since neither Stefaan nor I can reach the site.

HTH,
Tom

(in reply to lewishan)
Post #: 19
RE: Outbound Web Requests on port 8080 - 29.Jan.2003 10:15:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Dan,

nevertheless I would check out the logs on the outer ISA server to check out if nothing is denied. Because you have not configured any web proxy chaining, the inner ISA server is probably a SecureNAT client to the outer ISA server and TCP port 8080 is not a predefined protocol.

HTH,
Stefaan

(in reply to lewishan)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> General >> Outbound Web Requests on port 8080 Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts