Tuesday, August 5, 2008

Allowing Bittorent behind an Isa 2006 server

Let's face it sometimes you just need to use the bittorent protocol to get your latest Linux ISO's images for example. However when you use it in your 'typical corporate world' you just can't as many rules out there in the firewall appliances just disallow this protocol. The reasons are quite simple as some people could be tempted to use it to do 'bad things' (we, just want our latest Debian netinstall).










On the dark side of the internet you need a sail...






The usual proposed setup would tell you "to disable firewalls -oye- and do some port forwarding (NAT). This solution works fine if you are in your home but clearly impractical at work.

This is bad for many reasons, the first one would be that you don't have access to the firewall appliance or just don't want to start doing those nice little holes everywhere, or that you don't have the right to do that.

Doing that the simplest way with ISA 2006 would be

Enable the SOCKS proxy
1. Open the Isa 2006 server mmc
2. Go to "configuration" then "add-ins"
3. Here there is the "SOCKS V4 filter"
socks v4 works without authentification, V5 supports authentification (separate install to do)
4. Activate it & configure the source listenning network

Create a firewall rule to allow SOCKS traffic (duh!)
1. In the Isa 2006 mmc
2. Postion yourself under firewall Strategy
3. Create a new rule (name it like you want)
4. The rule should be something like
  • source : internal network / your computer (if you want to be strict)
  • destination : all
  • protocol : SOCKS (available in the drop down list)
  • and rule...allow
  • The other settings (activation time, users, and so on aren't that important here - considering that SOCKS V4 works without authentification.
Under your Favorite Bittorent application (utorrent for example)
1. Open your settings
2. Go to network settings
3. Set the firewall as "SOCKS V4" then the IP address of your Proxy
4. The typical port is 1080 (you can change it under the Isa 2006 mmc however); Remember you don't have to check the authentifications !
6. Check as well "use proxy server for peer to peer connections"

Now everything should work finely and Bittorent should initialize by himself.

This method doesn't work if you plan to host a BT server however for casual downloads it is the most simple and efficient way to do things. This should work evenly if you don't have access to the ISA firewall/proxy server but the SOCKS protocol has been configured (worth a try...).

The activation of the torrent will take a little bit more.

No comments: