Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Which Download Manager to use?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Which Download Manager to use? - 14.Jun.2002 3:27:00 PM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
Hi there
I have recently realised that my current Download Manager (Flashget) will only work if I change the HTTP Redirector to "Send to requested WEB Server" instead of "Redirect to local WEB Proxy Service".
The thing is, I REALLY do not want to do this as it means that all my WEB Filter rules etc are bypassed for any 3rd party applications.
My question is this, Does anyone know of a download manager that is capable of working with the HTTP Redirector forwarding requests to the WEB Proxy Service?
Cheers
William R.
|
|
|
|
RE: Which Download Manager to use? - 17.Jun.2002 2:05:00 PM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
Hi Tom
I have tried about 8 Download Managers and they are all having the same problem. Do you perhaps understand why they only work when the HTTP Redirector has been changed to fetch directly from the WEB?
Is it because all traffic passed from the HTTP Redirector to the WEB Proxy service is passed as UNAUTHENTICATED traffic? Do you perhaps know why the HTTP Redirector passes traffic to the WEB Proxy Service as UNAUTHENTICATED?
Cheers
William R.
|
|
|
|
|
RE: Which Download Manager to use? - 18.Jun.2002 12:05:00 PM
|
|
|
Guest
|
For what it's worth, I managed to get RealDownload (version 4) to work (ISA on a DC due to necessity). Outgoing Custom Packet Filter/TCP/OutBound/Local Port-Dynamic/Remote Port-80. Don't config the Download Manager to go through the Proxy.
Presume you could do the same with a Protocol Rule for a (normal !) ISA setup.
|
|
|
|
|
RE: Which Download Manager to use? - 19.Jun.2002 1:40:00 PM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
Hi there
Firstly, could you please explain why I should be able to get the same solution working with a Protocol Rule instead of a Packet Filter. I cannot see how a Protocol Rule can control traffic on a specific port and destination.
Secondly, could you also please explain what exactly the Custom Packet Filter that you described will do. I.e. Why will it work? What is it actually doing that should allow the Download Manager to work?
Cheers
William R.
|
|
|
|
|
RE: Which Download Manager to use? - 19.Jun.2002 11:21:00 PM
|
|
|
reachnetuk
Posts: 13
Joined: 19.Jun.2002
From: UK
Status: offline
|
Re: The second part of your question:
I can only speak re my experience of RD V4, haven't tried any others.
BTW, the outgoing p/f should apply to all local ports not just dynamic.
Strangely enough though, it seems to work on this DC with dynamic even though the local ports being allocated are > 5000.
Not sure why yet.
On this setup the RealDownload client opens a random port on ISA just prior to the d/l commencing, & uses the default ISA external port.
Do a netstat -na before loading the d/l mgr & after and use Windiff to find diffs.
I'm not bothered about clients using d/l mgrs, HTTP Redir, Web Proxy etc...
Not ideal and not what you're after, but it does me for now.
Re: The first part:
Sorry. Your right. Complete garbage. Think I need a vacation !
|
|
|
|
|
RE: Which Download Manager to use? - 19.Jun.2002 11:52:00 PM
|
|
|
reachnetuk
Posts: 13
Joined: 19.Jun.2002
From: UK
Status: offline
|
Oops. Just had my ISA definition of "dynamic" corrected. Outgoing/Local Port-Dynamic is fine.
|
|
|
|
|
RE: Which Download Manager to use? - 20.Jun.2002 7:24:00 PM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
Hi there ReachNetUK
Thanks for your last post. I'm beginnnig to understand, I think.
Firstly, could you explain what I am looking for when using Windiff to compare the 2 output files? I can see that there are indeed differences.
Secondly, surely my workstation will always use a different port to connect to, and what about on the server, surely that will also be a dynamic port?
Thirdly, what effect does creating a dynamic packet filter have? Does this mean my ISA Server is slightly more vulnerable from the inside?
Cheers
William R.
|
|
|
|
|
RE: Which Download Manager to use? - 21.Jun.2002 5:03:00 AM
|
|
|
reachnetuk
Posts: 13
Joined: 19.Jun.2002
From: UK
Status: offline
|
May I thank you for saying thank you !
Thank you !
1)
OK.
You can also use the following technique for any App you have which is opening ports
you are unsure of, or ISA is blocking, to give you more info about the ports being opened.
1-Do the netstat -na & redirect the output to a file.
2-Run the Download Manager.
3-Do netstat -na again & redirect to another file.
4-Run Windiff (or whatever file comparison app you want) & compare the two files.
What you're looking for are obviously the ports the App is attempting to open.
They'll still show up even if you have packet filtering is enabled on ISA but depending on the port(s) open attempted, ISA may/may not block it/them.
Assuming you can understand what Windiff is telling you, by default differences in red occur in file 1 & not in file 2, differences in yellow occur in file 2 & not in file 1.
Forget the reds, concentrate on the yellows.
From there, it's just a process of elimination really.
Discount the obvious yellows. For instance, in this scenario and on the DC I'm running this on I can obviously discount all references to port 389 for example-AD, port 119-NNTP etc.. etc..
You should just be looking for the attempted port(s) open on the external interface/local qddress.
In the case of RD V4 it's opening a random port, hence the reason for the dynamic packet filter.
2)
That's the problem !
Generally you can't config "non authentication friendly" apps of any form, whether they be d/l managers, snowballs, Christmas trees or chocolate rubbers to go through the Proxy as you've found out.
Therefore you're forced to install the d/l manager on ISA.
The Local Port opened by the d/l mgr on the client will be dynamic.
Typically the remote port will be 8080 via the Proxy.
To be honest, I actually think putting the d/l mgr on ISA is a better idea anyway.
In most commercial environments I can't really see a need for download managers on clients.
I only use them on dialups primarily for scheduling/resuming and even then one is enough for me.
In a typical WAN/LAN scenario there's very little need for them.
I thought at one time it would have been nice if ISA had a way for you to do HTTP Redirects from specific clients only or via an exception list as opposed to all, but I've gone off that idea.
Would you apply that to all applications on a client for example ?
If so how would you do it ?
What about the Web Proxy functionality you would lose ?
The more likely route is that firewall friendly clients will have to be "authentication friendly" to stand any chance of getting anywhere.
i.e. MS seem to have got it right again !
3)
Only very slightly !
In a private scenario, you probably wouldn't care.
In a production\commercial environment you might care, depending on the scenario/network complexity/politics etc.. but I doubt it.
It's only a dynamic port after all that ISA will close after the operation has completed.
The only obvious point is if users were allowed freedom to install "Authentication/WebProxy friendly" software on
clients and that software opened dynamic ports locally for access.
In a real world NT/2K environment that doesn't/shouldn't be allowed to happen too much (the point about users installing software that is).
That's what System/Group Policies are for after all ! ![[Wink]](/image/smiles/wink.gif)
Hope I've not waffled too much !
|
|
|
|
|
RE: Which Download Manager to use? - 25.Jun.2002 3:25:00 PM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
Hello there
I have managed to do as was suggested. I.e. Create a dynamic outbound packet filter on port 80. The problem is that this then only works when I use the Download Manager on the actual ISA Server itself.
When I try to use the Download Manager from my workstation it still does not work.
This then implies that the packet filter that was created only works on the ISA Server but I do not understand why.
Does anyone have some insight into this?
Cheers
William R.
|
|
|
|
|
RE: Which Download Manager to use? - 27.Jun.2002 10:02:00 PM
|
|
|
reachnetuk
Posts: 13
Joined: 19.Jun.2002
From: UK
Status: offline
|
William,
Perhaps I didn't state it clearly enough !
The ONLY way you will get "non friendly authentication" to work is if you install it on ISA and create packet filters for the software in question. Attempting to go through the proxy from clients WILL NOT WORK. This is not the fault of ISA, the client must be authentication friendly.
Your only other possible conceivable option would be to install ISA on another server and config the HTTP redirector not go through the proxy. You could then config these clients to go through the second proxy. You would in effect have two ISA servers.
I'd suggest getting a hold of Tom's book if you're still unsure about it.
|
|
|
|
|
RE: Which Download Manager to use? - 23.Jul.2002 7:50:00 AM
|
|
|
wi11iam
Posts: 173
Joined: 29.May2002
From: Middelburg, South Africa
Status: offline
|
SUCCESS!
I believe I may have an answer to this question.
I have noted that Downlaod Accelerator Plus 5.0 can work with my ISA Server without any special packet filters, protocol rules or any other hacks.
By simply configuring the application to use a WEB Proxy server on port 8080, and then typing in my Windows Username and Password in the fields provided, the application works fine.
I can now successfully download, and monitor, all traffic that is being generated by the download manager. And to top it all, I still have my HTTP Redirector configured to drop all FW & SNat client traffic.
This resolution does not seem to work with any other download manager that I have tried but hey, I'm not complaining, at least one of them works.
Cheers
William R.
|
|
|
|
|
RE: Which Download Manager to use? - 23.Jul.2002 4:49:00 PM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi William,
Sounds like download accelerator plus works with the Web Proxy service authentication scheme.
Thanks!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Big Grin]](/image/smiles/biggrin.gif)
