| |
|
This page contains answers to common
questions that you'll come accross while using Microsoft
Proxy Server 2.0 along with some tips and tricks that are
useful and presented here as questions. All material found here has been
culled from the following newsgroups:
news://msnews.microsoft.com/microsoft.public.proxy and
news://msnews.microsoft.com/microsoft.public.proxybeta
- Why do IE
clients display the following error - "Due
to errors, Internet
Explorer could not execute your Auto-Proxy
Script." - after I removed
Proxy 2.0 ?
- Why do 16
bit applications fail to connect using Winsock
proxy ?
- Why does
my RAS connection have problems with auto-redial
and auto-disconnect ?
- Can I
install Microsoft Proxy Server 2.0 Beta over IIS
4.0 Beta ?
- What are
the requirements for running Microsoft Proxy
Server 2.0 ?
- What are
the client platforms supported by Microsoft Proxy
Server 2.0 ?
- What are
the Protocols supported by Microsoft Proxy Server
2.0 ?
- What is
the difference between Socks proxy and Winsock
proxy ?
- What are
the major differences between Proxy 1.0 and Proxy
2.0 ?
- How do I
log to a database using Microsoft Proxy Server
2.0 ?
- How do I
configure Microsoft Proxy Server 2.0 to allow
netmeeting and IPhone clients ?
- How do I
install my SMTP server to work with Proxy 2.0 ?
- What is
Server Proxy ?
When you installed
Proxy server 2 beta, you chose to autoconfigure the
clients. IE version 3.02 and later allow you to use a
javascript to automatically configure your clients.
You will need to disable this setting if you are no
longer using the proxy server:
To do this in IE, go to: View, Options - Advanced
tab. Click on Automatic Configuration and clear the
setting for the array.dll.
The 16 bit version of
Internet Explorer installs an older version of
security.dll. To fix the problem remove security.dll
from %windir%\system\ The WSP version of the DLL (the
correct version) is located in %windir%\.
1. Set the timeout in
the RAS phonebook Start > Programs >
Accessories > Dial-Up Networking > More >
Logon preferences. Enter the desired timeout in
"Idle Seconds before hanging up"
2. In the services icon within the Control Panel,
make sure that you have DISABLED the Remote Access
AutoDial Manager and changed the Remote Access
Connection Manager to AUTOMATIC
3. If dynamic packet filtering is enabled, Step 4 can
be ignored. Packet filtering disables all extraneous
traffic on the Internet NIC.
4. Make sure the WINS client is not bound to the RAS
interface.
To unbind the adapter from these services go to the
Control Panel and select the Network Icon. Select the
Bindings Tab. Select Show bindings for "all
protocols". Expand each protocol branch (except
for the Remote Access WAN Wrapper branch). Disable
any instance of a Remote Access WAN Wrapper under all
branches EXCEPT for Remote Access WAN Wrapper.
The following registry entries for autodial can also
be modified to fine tune the server. Please see the
proxy documentation on registry entries for
descriptions:
BusyRetryInSeconds
NoAnswerRetryInSeconds
SelectiveDialOnDemand
From the Proxy Beta 1
README.TXT --- Note: Do not install Proxy Server 2.0
Beta on a computer running a beta or other
preliminary release of Internet Information Server
(IIS) version 4.0.
For the proxy
server, base NT 4 Server requirements are enough. For
capacity planning information, See Article Q164195 -
Proxy V1.0 Capacity Recommendations in the Microsoft
Knowledge Base.
For web proxy clients, any CERN HTTP Proxy protocol
compliant browsers such as Microsoft Internet
Explorer 3.02.
For winsock proxy clients, any 16/32-bit windows
platform client (Windows For Workgroups, Win 95, Win
NT)
For SOCKS proxy clients, any socksified application
which supports SOCKS v4.3a or below.
Web Proxy -- Anything that
supports HTTP (windows, mac, unix)
Winsock Proxy -- Anything that supports Winsock 1.1.
or above (wfw, win95, win NT)
SOCKS Proxy -- Any application on any platform that
has been "socksified" to support SOCKS
v4.3a or below. (windows, mac, unix)
Via the Web Proxy:
HTTP, FTP, Gopher, & SSL
Via the WinSock Proxy: HTTP, FTP, Telnet, RealAudio,
VDOLive, etc. (any winsock 1.1+ application)
Via the SOCKS Proxy: HTTP, FTP, telnet (any
client-side TCP-only, socksified application)
WinSock Proxy provides
a transparent circuit level gateway to windows
platform clients and takes advantage of the full
richness and popularity of WinSock applications. It
supports many protocols that are based on both TCP
and UDP, like VdoLive, AOL, IRC, NetShow, and
RealAudio. It also supports IPX clients.
The SOCKS protocol provides a non-transparent
(applications must be built with SOCKS support in
mind) circuit level gateway optimized around
lowest-common-denominator UNIX sockets. The SOCKS
circuit level gateway does not support UDP based
applications and therefore can not support VDOLive,
NetShow, etc.
DISTRIBUTED CACHING ---
allows construction of massively scaleable cache
networks.
FIREWALL SECURITY -- packet filtering & alerting.
ADMINISTRATION -- HTML, command line, GUI,
configuration backup & restore, and more!
There is a missing
field in the table format documention. Follow the
documentation to create your table normally and add
the following missing Field:
FIELD: CacheInfo TYPE: Integer
To log packet filter information to a database,
create a separate database and DSN using the
following table information:
CREATE TABLE PF_LOG_TABLE (
PFlogTime datetime,
SourceAddress varchar(25),
DestinationAddress varchar(25),
SourcePort varchar(8),
DestinationPort varchar(8),
Protocol varchar(8),
TcpFlags varchar(255),
FilterRule varchar(10),
Interface varchar(25),
IPHeader varchar(255),
Payload varchar(255)
)
Settings for IPHONE
4.0.
Only one client can work behind the one proxy server,
because the application binds the static ports (UDP
22555 and TCP 1490).
WSPCFG.INI configuration file (must be placed in the
directory with IPhone)
[iphone4]
RemoteBindUdpPorts=22555
KillOldSession=1
[insconf]
ServerBindTcpPorts=1490
KillOldSession=1
On the server 2 protocols should be defined:
Iphone:
UDP 22555 IN (primary)
UDP 22555 OUT, TCP 6670 OUT (secondary)
Iphone Conference:
TCP 1490 IN (primary) TCP 1490 OUT (secondary)
You can configure NetMeeting to work via WinSock
proxy in 2 ways.
1. Only one instance of NetMeeting can be behind the
proxy. It will be full featured.
2. Many clients can run behind the proxy, but they
will not be able to receive the incoming calls. These
clients will be able only to dial to others. Video
and audio will work.
You can combine both configurations, by giving the
majority of users only limited support, and reserve
the unlimited support to a small number of users that
need the ability to accept the calls.
1. Limited configuration. Only dialing out. No need
for configuration settings on client. Define the
following protocol definition ("NetMeeting
limited") on the proxy server:
Primary connection: TCP 1503 OUT
Secondary connections: TCP 0 IN, TCP 1025-5000 OUT,
TCP 1720 OUT, TCP 1731 OUT, UDP 48610-49609 IN OUT.
Define the LDAP protocol:
TCP 389 OUT Give the users permission to use these
protocols.
2. Unlimited configuration. Can accept dials. Only
one can run instantly behind the proxy.
Define the following protocol definition
("NetMeeting unlimited") on the proxy
server:
Primary connection: TCP 1503 IN
Secondary connections: TCP 1503 OUT, TCP 1720 IN OUT,
TCP 1731 IN OUT, TCP 0 IN, TCP 1025-5000 OUT, UDP
48610-49609 IN OUT.
Define LDAP protocol as above. Give the users
permission to use this protocol. On the client
machines you should specify the following
configuration in WSPCFG.INI (create in NetMeeting
directory):
[conf]
ServerBindTcpPorts=1503,1720,1731
UseProxyIpForGetHostByName=2
KillOldSession=1
Notes:
1. The unlimited configuration will listen on the
ports 1503, 1720 and 1731 on the proxy server. That
is why only one client can run instantly behind one
proxy.
2. If you have several proxies, you can (and probably
should) add the following configuration parameter to
the configuration file:
ForceProxy=n:proxy_name.
Example:
2 proxies: PROXY1 and PROXY2 in a array. I've created
protocol descriptions for the both configurations for
NetMeeting. Only 2 users have access to
"NetMeeting unlimited". One of them has
ForceProxy=n:PROXY1 in the configuration file and
another one ForceProxy=n:PROXY2. All other users have
access to
the protocol "NetMeeting limited".
Exchange or SMTP mail
can be "cohosted" on the proxy server box.
Install the SMTP server product on the proxy server
(refer to the product documentation for this). then,
if you have packet filtering enabled, open up a port
for SMTP mail to the outside world -- this is a
predefined packet filter.
2) SMTP mail behind the proxy server box via Server
Proxying.
What is server proxy?
Server proxy allows you to place a server (such as
FTP, SMTP, POP or Telnet etc.) on the private network
behind the proxy server. With this configuration, a
mail server can be protected by the packet filtering
features of the proxy. The application will NOT
require additional valid Internet IP addresses. NOTE:
For web servers behind the proxy, use reverse proxy
or reverse hosting instead of the method mentioned
here.
How does it work?
The Winsock proxy client allows you to bind services
or applications to the external card on the proxy
server making them available to the Internet. Once
the service or application is bound, the proxy server
will "listen" for connections on it's
behalf.
For example, if you have bound an internal SMTP/POP
server to the proxy, mail clients or SMTP servers on
the Internet can contact this server by connecting to
the proxy server's internet address. To the outside
world, these services will appear to be running on
the proxy server itself.
|
