• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Understanding the Firewall Client Control Channel article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Understanding the Firewall Client Control Channel article Page: [1]
Login
Message << Older Topic   Newer Topic >>
Understanding the Firewall Client Control Channel article - 11.Nov.2002 10:40:00 AM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
This thread is for the Understanding the Firewall Client Control Channel article.

Thanks,
Stefaan
Post #: 1
RE: Understanding the Firewall Client Control Channel a... - 15.Apr.2003 10:43:00 PM   
BWJohns

 

Posts: 1
Joined: 15.Apr.2003
From: Nashville
Status: offline
Great post. Your analysis sheds some light on a problem I've been having. The problem is I can't pass port 389 traffic through ISA using a particular application.

If I use telnet I can connect to port 389 just fine. Also if I use IE to perform an LDAP lookup all goes well.

The problem starts at packet 12 where I expect the connection to be accepted. Packet 12 looks as follows:

MS Proxy Protocol
Client id: 0x9e291dd
Version: 0x20100
Server id: 0xcbe0a00
Server ack: 1
Sequence Number: 2
RWSP signature: RWSP
Command: 0x400 (User Info Acknowledge)
Unhandled request command (report this, please)

I then receive packet 13 and 14 before the connection ends.

Packet 14
MS Proxy Protocol
Client id: 0x9e291dd
Version: 0x20100
Server id: 0xcbe0a00
Server ack: 4
Sequence Number: 2
RWSP signature: RWSP
Command: 0x2500 (Unknown)
Unhandled request command (report this, please)

Packet 15
MS Proxy Protocol
Client id: 0x9e25f15
Version: 0x20100
Server id: 0xcbc1300
Server ack: 4
Sequence Number: 2
RWSP signature: RWSP
Command: 0x2500 (Unknown)
Unhandled request command (report this, please)

I've searched all over for an explanation of the RWS protocol and have found none.

Thanks in advance for any help.
-BWJohns

(in reply to spouseele)
Post #: 2
RE: Understanding the Firewall Client Control Channel a... - 16.Apr.2003 9:33:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi BWJohns,

Tom and myself have neither more information! [Frown]

We depend completely on the Ethereal decoding to understanding a bit the Remote Winsock Protocol. In any case, it's better than nothing. [Big Grin]

HTH,
Stefaan

(in reply to spouseele)
Post #: 3
RE: Understanding the Firewall Client Control Channel a... - 3.Feb.2004 3:37:00 PM   
ddiall

 

Posts: 8
Joined: 28.Jan.2004
Status: offline
Hi Stefaan:

Just to leave my note of appretiation about your work in that article. Great stuff for understanding better the inner-workings of this 'damned' Winsock Firewall Client...

/dima

(in reply to spouseele)
Post #: 4
RE: Understanding the Firewall Client Control Channel a... - 3.Feb.2004 8:56:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Dima,

thanks! [Smile]

Stefaan

(in reply to spouseele)
Post #: 5
RE: Understanding the Firewall Client Control Channel a... - 13.Apr.2008 10:17:36 AM   
pearma

 

Posts: 1
Joined: 13.Apr.2008
Status: offline
Hi Stefaan:
thank you for the article.
very useful and interesting.

i have a client app which cannot connect to its server on the internet through fwc,while i can telnet and ftp to ftp.microsoft.com

since my client app use different ports ,is it posssilbe those ports are disabled at the isa side?


thanks

(in reply to ddiall)
Post #: 6
RE: Understanding the Firewall Client Control Channel a... - 14.May2008 11:25:24 PM   
AHIT

 

Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
pearma,

Very possible that ISA is blocking those ports requested by the client app - rememmber ISA will block EVERYTHING by default unless a a rule is created to allow it.
try running     netstat -b    on the client attempting access and it'll tell you the port attempting to be used and can match it to the application usage by its PID (Process ID, which can be obtained through task manager to see the actual executable)
Additionally, check out the firewall logs on ISA to see what is being recorded for the attempted access.

HTH

_____________________________

http://www.ahit.com.au/isa
(Previous nick: Tolk)

(in reply to pearma)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Understanding the Firewall Client Control Channel article Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts