I have Unix machines on the network also that want to access these resources, and they are SOL. I have tried opening all the ports, but nothing. In fact, my main outbound rule is to allow ANY protocol!

Help me out here!

Mike

Unreal has the same problem. Yet I install the Client (SecureNAT Client) and it works. I should not need the client.

Mike

When you configure machines as SecureNAT clients, *all protocols* means all the protocols that are included in the protocol definitions node. If the protocol does not have a protocol definition, then the SecureNAT client will not be able to use it, even though you have allowed "all protocols".

To get Napster to work, you could install the Firewall Client, and it will work without doing anything else. However, that won't help your *IX boxes. To enable Napster to work for them, you'll need to configure a protocol definition for Napster. Search this site for instructions on how to do it.

I don't know what Unreal is, but I'm sure you'll need to do the same thing for it.

HTH,

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

But I have an IP filter that it set to allow ALL traffic from inside the network on ANY port to get out.

Unreal is a game that uses UDP Ports 7777,7778,7779 for communications.

My ANY IP Filter should allow this but it does not.

Thanks!

Mike

first let me thank whoever is responsible for this forum. i am new to isa & can't find any more material than what's on microsoft's site.

my problem is (among others) with getting through to napster.

i read all these threads & have followed the advice to a tee:
proto defs:
primary port:8875, tcp, out
secondary:6688-6699, tcp, out/in
secondary:7777, tcp, out/in
secondary:8875, tcp, in
secondary:8888, tcp, out/in

proto rules:
enabled, allow, always, any request

stopped & started firewall service, socks4 filter enabled:1080

napster set to socks4, ip, 1080

NO DICE!

here are a few questions that i didn't answers for:
1-in napster do i choose 'download files through proxy' or 'download directly from source'?
2-i have secureNAT on the clients but no other, ie. firewall/web proxy client. don't want it unless i need it. read that i could do everything without it.
3-i have no client sets defined. the setup wizard made it sound like unless i needed to restrict internal clients, that i didn't need client sets?

thanks for your help!

ps - tom, i'm buying your book when it comes out!

John

You are correct. For SecureNAT clients, all protocols means all protocols that have protocol definitions. When you use the Firewall Client, it mean ALL protocols! Even those that are not included in the protocol definitions.

That's why you can use the Firewall Client, and not do anything on the ISA Server nor configure the Napster client to use a proxy, and everything just works. The Firewall Client manages the connections for you.

As for the protocol definition that I used to make Napster work with the SecureNAT client:

Primary Connection:
TCP Outbound 8875

Secondary Connections:
TCP 6688-6699 Inbound
TCP 8888 Outbound

Then configured the Napster client to use SOCKS 4, internal IP address of ISA Server, and port 1080. Also made sure the SOCKS4 Filter was enabled. Restarted the Firewall Service and Napster, and it worked.

HTH,

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

• 1st protocol called Unreal 28900 TCP outbound, no secondaries
  
• 2nd protocol Unreal2 7778 UDP send/receive, 7770-17000 UDP receive/send secondaries.
  
• 3rd protocol Unreal3 7777 UDP send/receive, no secondaries
  

------------------
Charles Ferreira
Systems Engineer, MCSE
Getronics

Thanks for sniffing out the Unreal protocol definitions!

Are you using the Firewall Client? You should not be able to access Napster without it unless you create protocol definitions for it.

Thanks!

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

I have successfully connected / shared files with Napster with the configuration that Roger posted:

primary port:8875, tcp, out
secondary:6688-6699, tcp, out/in
secondary:7777, tcp, out/in
secondary:8875, tcp, in
secondary:8888, tcp, out/in

However, I can only connect from a workstation with the Firewall Client installed. Should not a SecureNAT client be able to work as well - if Napster is configured to use Socks Proxy?

From the previous posts, I think everyone's opinion is yes - but I'm wondering if there are any hidden "gotchas" that I have missed.

In Your Service,

Joseph King, MCSE

Using the configuration I've listed in this thread, I am able to connect and download files from Napster without problems on a Whistler Server running as a SecureNAT client.

I have all protocols open and all site/content open.

No tricks that I can find.

When using the Firewall Client, I don't believe you need to configure Napster to use the SOCKS Proxy, but I haven't tested that for awhile, so I'm not 100% sure on that now.

HTH,

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

I'm still beating it trying to get it to work in on a Secure NAT workstaion.

Perhaps I just need a bigger club...

In Your Service,

Joseph King, MCSE

Tell me how it goes...

------------------
---------------
Ehud Tam
MCSE + Internet

------------------
Charles Ferreira
Systems Engineer, MCSE
Getronics

If you have the right protocol definitions configured, then using the "open all" rule will allow the SNAT client to use them.

HTH,

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/