Tuesday, August 5, 2008

Allowing Bittorent behind an Isa 2006 server

Let's face it sometimes you just need to use the bittorent protocol to get your latest Linux ISO's images for example. However when you use it in your 'typical corporate world' you just can't as many rules out there in the firewall appliances just disallow this protocol. The reasons are quite simple as some people could be tempted to use it to do 'bad things' (we, just want our latest Debian netinstall).










On the dark side of the internet you need a sail...





The usual proposed setup would tell you "to disable firewalls -oye- and do some port forwarding (NAT). This solution works fine if you are in your home but clearly impractical at work.

This is bad for many reasons, the first one would be that you don't have access to the firewall appliance or just don't want to start doing those nice little holes everywhere, or that you don't have the right to do that.

Doing that the simplest way with ISA 2006 would be

Enable the SOCKS proxy
1. Open the Isa 2006 server mmc
2. Go to "configuration" then "add-ins"
3. Here there is the "SOCKS V4 filter"
socks v4 works without authentification, V5 supports authentification (separate install to do)
4. Activate it & configure the source listenning network

Create a firewall rule to allow SOCKS traffic (duh!)
1. In the Isa 2006 mmc
2. Postion yourself under firewall Strategy
3. Create a new rule (name it like you want)
4. The rule should be something like
  • source : internal network / your computer (if you want to be strict)
  • destination : all
  • protocol : SOCKS (available in the drop down list)
  • and rule...allow
  • The other settings (activation time, users, and so on aren't that important here - considering that SOCKS V4 works without authentification.
Under your Favorite Bittorent application (utorrent for example)
1. Open your settings
2. Go to network settings
3. Set the firewall as "SOCKS V4" then the IP address of your Proxy
4. The typical port is 1080 (you can change it under the Isa 2006 mmc however); Remember you don't have to check the authentifications !
6. Check as well "use proxy server for peer to peer connections"

Now everything should work finely and Bittorent should initialize by himself.

This method doesn't work if you plan to host a BT server however for casual downloads it is the most simple and efficient way to do things. This should work evenly if you don't have access to the ISA firewall/proxy server but the SOCKS protocol has been configured (worth a try...).

The activation of the torrent will take a little bit more.
Posted by at No comments:
Labels: , , , ,

Monday, August 4, 2008

Outlook 2003 not updating their Offline Address Book (OAB)

This annoying thing can happen quite often when you are using Microsoft Outlook 2003 clients in conjunction with Exchange 2007 servers. If you happen to google out there you’ll have a lot of “heavy” manipulations (going up to the reinstallation of Exchange, deleting the OWA part….). The solution to that problem is much simpler !

The behaviors is as following :

- Outlook 2007 adress book is up to date

- Outlook 2003 is out of date with partial/bogus/old entries

What happens here is some kind of ‘magic’ made in Microsoft. Once a day Microsoft Exchange will update the default adress book (or your adress book) now when something goes wrong it tells you doesn’t tells you. So you happen to go on unsuspectful of what happenned until some user calls you with a strange problem of “adress book not showing everything”.

  • If the user or group main email (the reply to) is different from the email adress defined in the Active Directory directory the contact won’t be updated and skipped during the next OAB generation. I’m not entirely sure but this problem seemed to have been fixed with the service pack 1 and the two smallers updates but it seems not.

step1 :

You have to parse the entire directory to check that the user/group main email is the same as the one defined in the Exchange system. (ok there are way to speed up that with a few witty scripts). However you can speed up checking only the differences inbetween the “old list” and the actual list.

step2:

Force the update of the OAB with the following cmdlet; don’t use the Exchange 2007 GUI it is pointless in that case

Update-OfflineAddressBook -Identity offlineAdressbookname

What will happens…is nothing. You have to check in the event log if anything went wrong.

However after having done those steps you’ll see that the lists are up to date so far.

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)