Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » MSN over Kerio WinRoute
  •  
dsuarez

Messages: 2
Karma: 0
Send a private message to this user
I'm trying to get MSN Messenger to work on my LAN
The LAN is distributed the following way: 1 Windows 2003 Server and 10 Win98 clients. 2003 Server has WinRoute WinRoute 6.0.1 installed, and *ALL* internet applications are working properly in every host...except MSN Crying or Very Sad.
I don't have any outgoing restricitve policy, and I want the hosts to be able to use any Internet application. Of course all I do is to block all other packets to protect the network.
There's no Primary Domain controller, then, there's no neither Active Directory nor DHCP server

Here's all the things I've tried to make it work:
1) I enabled UPnP (watch UPnP.jpg in the attached ZIP)
2) I created a new Service called "MSN" with a TCP/UDP ports list (1863,5060,1503,3389,6891,6892,6893,6894,6895,6896,6897,6898 , 6899,6900) (watch Services.jpg in the attached ZIP)
3) I created the appropiate rules (please, watch TrafficPolicy.jpg in the attached ZIP) to allow these Services and to block the unwanted ones.
4) I've also tried enabling the proxy server, but I disabled it because I'd prefer not to keep it enabled (although It also didn't work)
5) Client machines have been formatted and fresh installed
6) We've tried with MSN 6.0, 6.1, 6.2 (Older versions don't work anymore)
7) User password are OK since they can check their respectives mail boxes
Cool I've also tried with Trillian to avoid possible MSN problems...but It had the same problem
9) My very first step is to be able to chat (only text), later I'd enable audio/video...but users can't even chat
10) I've just tried ALL MS solutions (cleaning the cache, enabling SSL, etcetera, etcetera, but after fresh install I dismissed this coud be the problem)

Hosts are using IE 6.0 SP1

Windowsupdate DOESN'T work because of the error (0x800C0008)...but that's another problem.

All client hosts have a static IP address, and its default gateway points to winroute server. Also, they're automatically logged on Winroute based on the IP they come from. They can use Kazaa with no problems. Kerio VPN is enabled (although I've never tried it).
Every time I make a change, y press "Apply" button on Traffic Policiy page, without restarting neither WinRoute nor the server. Is it required to reboot or restart the firewall?

Well, I hope someone could help me.
Thanks in advance

  •  
cheming1

Messages: 30
Karma: 0
Send a private message to this user
There is a service named Windows Messenger by default, why not use it ?
  •  
dsuarez

Messages: 2
Karma: 0
Send a private message to this user
If you watch the picture I attached you'll realise Windows Messenger Service is enabled since it's considered in the main incoming traffic rule. I created a new service called "MSN" because I've read in many links another requisites to get MSN to work, esencially a list of opened ports.
  •  
smoke

Messages: 4
Karma: 0
Send a private message to this user
I have exact the same problem, i have also added a rule to allow all the traffic, from any to any, i disabled all content filters and everything i tough can be blocking msn, and it still not working on the machines on my lan, only in the firewall host

anyone has a solution?

BTW, i use a transparent proxy, just nat.
  •  
sidbarker

Messages: 63
Karma: 0
Send a private message to this user
There seem to be some errors in your Traffic Policy rules:

1. Your NAT rule includes ther Firewall in the Destination - this would mean that if your client PCs tried to connect to the firewall for any reason, they would appear to be coming from outside the network. Should work, but seems odd to me

2. Your "permitted services" also NAT, but they are incoming services (ADSL = Source, Firewall=Dest)! You need to map each incoming service to the destination PC it needs to go to (will show as MAP in translation column, not NAT).

NAT is for outgoing connections (90% of the time), and MAP is for incoming connections (90% of the time).

I think your Permitted Services should be broken down, and each service given it's own rule, so you can MAP that service to the relevant IP address. I do not understand why MSN needs any ports mapping, as all ports it uses should be initiated FROM your PCs, not from the outside world. We use it fine behind Kerio and have no port mappings for it at all.

Hope this helps.
  •  
smoke

Messages: 4
Karma: 0
Send a private message to this user
It didnt help that much to me, i still cant make it work
does anyone has make this work? can i take a look at a screenshot or config info on how to make msn work for other machines in the lan?

Thanks.
  •  
scadet7

Messages: 16
Karma: 0
Send a private message to this user
Did you get the msn IM to work?
  •  
smoke

Messages: 4
Karma: 0
Send a private message to this user
No, i still with the problem, i tryied almost everything and it still not working.
The odd part is that i where able to use no standard msn clients, like centericq (msn protocol) or miranda.
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
MSN Messenger works ok for me (including webcam since KWF version 6.0.6).

I have UPnP enabled (for webcam)
I have an outgoing rule:
source: LAN
dest: internet
services: SIP, UDP 7001, Windows Messenger
nat: default outgoing interface
  •  
smoke

Messages: 4
Karma: 0
Send a private message to this user
I have tryied adding the rule you mentioned but it still not working, also, i have a rule that allow ANY service from Lan to Internet and with the default NAT, i just dont want to block anything from my clients to outside.
Everything works fine just except this damned MSN...

Any other ideas?
  •  
Syafril Hermansyah

Messages: 45
Karma: 0
Send a private message to this user
On Tue, 26 Oct 2004 03:15:46 +0200
smoke wrote:

> I have tryied adding the rule you mentioned but it still not working, also, i
> have a rule that allow ANY service from Lan to Internet and with the default
> NAT, i just dont want to block anything from my clients to outside. Everything
> works fine just except this damned MSN...

Have you enable UPnP yet ?


--
syafril
-------
Syafril Hermansyah




  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
I've just checked your attachment:

NAT... remove firewall host in destination column.
Servicios Permitidos... don't use NAT.

If still not workable, try to revamp your traffic policy. Use KWF
wizard and don't add any customize services you created. Try using
"ANY" service for NAT traffic then check if MSN will work, if it does...
Add your own rule one by one to see what policy creates a conflict.

You don't need to restart KWF but to make sure, stop and start it.
And... Check your MSN connection settings (Tools>Option>Connection).
Sometimes you need to quit (exit) MSN and opening it again to make it work.

Regards,
Anthony

>
>

  •  
anoclon

Messages: 34

Karma: 0
Send a private message to this user
I hope You have solved your problem with msn messenger. Let me tell you that I'm having problems with kazaa and all p2p programs because I can't make them work on any client computer. Could you please tell me step by step how to set up Kazaa on clients computers using kerio winroute on a server?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
In the first message yoy say that you are using 6.0.1. Try upgrading to 6.0.9.
Previous Topic: Use OUTLOOK question of EXCHANGE
Next Topic: What is this error ?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 03:11:54 CET 2017

Total time taken to generate the page: 0.00482 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.