Re: [squid-users] help please from Amos Jeffries on 2010-02-17 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 18 Feb 2010 10:59:39 +1300

On Wed, 17 Feb 2010 14:14:01 +0100, "David C. Heitmann"
<david_at_lafourmi.de>
wrote:
> Amos Jeffries schrieb:
>> David C. Heitmann wrote:
>>> hello,
>>>
>>> i get no connection to msn throw squid! (client)
>>> my iptables are stopped!
>>> can somebody help me please..
>>>
>>>
>>> windows live messenger 2009
>>> squid 3.1.0.16
>>> iptables 2.1.4 (deactivate for testing)
>>>
>>> squid.conf konfiguration:
>>>
>>>
>>> <http://debianforum.de/forum/viewtopic.php?f=18&t=118306#>
>>> |# ICQ
>>> acl icq dstdomain .icq.com
>>> http_access allow icq
>>>
>>> # MSN Messenger
>>> acl msn urlpath_regex -i gateway.dll
>>> acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
>>> acl msn1 req_mime_type application/x-msn-messenger
>>> http_access allow msnd
>>> http_access allow msn
>>> http_access allow msn1|
>>>
>>>
>>>
>>> iptables config
>>>
>>>
>>> <http://debianforum.de/forum/viewtopic.php?f=18&t=118306#>
>>> |$IPTABLES -A INPUT -i $LAN -p tcp --dport 1863 -j ACCEPT
>>> $IPTABLES -A INPUT -i $LAN -p udp --dport 1863 -j ACCEPT
>>>
>>> $IPTABLES -A OUTPUT -p udp --dport 1863 -j ACCEPT
>>> $IPTABLES -A OUTPUT -p tcp --dport 1863 -j ACCEPT|
>>>
>>>
>>>
>>> der gute access log von squid
>>>
>>>
>>> <http://debianforum.de/forum/viewtopic.php?f=18&t=118306#>
>>> |1266321898.316 417 lafoffice02.speedport.ip TCP_MISS/200 5289
>>> POST http://gateway.messenger.hotmail.com/gateway/gateway.dll?
>>> onkeldave DIRECT/65.54.52.62 application/x-msn-messenger
>>> 1266321898.598 273 lafoffice02.speedport.ip TCP_MISS/200 178 POST
>>> http://gateway.messenger.hotmail.com/gateway/gateway.dll? onkeldave
>>> DIRECT/65.54.52.62 application/x-msn-messenger
>>> 1266321900.583 265 lafoffice02.speedport.ip TCP_MISS/200 178 POST
>>> http://gateway.messenger.hotmail.com/gateway/gateway.dll? onkeldave
>>> DIRECT/65.54.52.62 application/x-msn-messenger
>>> 1266321902.580 265 lafoffice02.speedport.ip TCP_MISS/200 178 POST
>>> http://gateway.messenger.hotmail.com/gateway/gateway.dll? onkeldave
>>> DIRECT/65.54.52.62 application/x-msn-messenger
>>> 1266321904.585 265 lafoffice02.speedport.ip TCP_MISS/200 178 POST
>>> http://gateway.messenger.hotmail.com/gateway/gateway.dll? onkeldave
>>> DIRECT/65.54.52.62 application/x-msn-messenger
>>> 1266321906.582 265 lafoffice02.speedport.ip TCP_MISS/200 178 POST
>>> http://gateway.messenger.hotmail.com/gateway/gateway.dll? onkeldave
>>> DIRECT/65.54.52.62 application/x-msn-messenger
>>> 1266321908.579 264 lafoffice02.speedport.ip TCP_MISS/200 178 POST
>>> http://gateway.messenger.hotmail.com/gateway/gateway.dll? onkeldave
>>> DIRECT/65.54.52.62 application/x-msn-messenger
>>> 1266321910.598 279 lafoffice02.speedport.ip TCP_MISS/200 178 POST
>>> http://gateway.messenger.hotmail.com/gateway/gateway.dll? onkeldave
>>> DIRECT/65.54.52.62 application/x-msn-messenger|
>>>
>>>
>>> thanks dave
>>
>> Your log trace shows that is _is_ working. 100%.
>>
>> Amos
> ok.....
> when i downloading windows live messenger (1.1mb) und want to install
> it.....it doesent go
> when i downloading the full version (165mb) i can install but not
> connect, in which the squid log shows that all connection to msn miss
> (success connection)
>
> i think windows or installer not know to use the proxy!
> i use squid 3.1.0.16 on debian 5
> internet explorer configurations on 192.168.10.10:3128 (squid proxy)
> mozilla configuration on 192.168.10.10:3128 (squid proxy)
> and in cmd .... proxycfg ist 192.168.10.10:3128
> my ipconfig is
> ip 192.168.10.25
> nm 255.255.255.0
> gw 192.168.10.10
> dns 192.168.10.10
>
> (proxy address is 192.168.10.10:3128)
>
> but why i cant install over internet pakets exe files and why i cant
> connect to msn ?
> i cant ping?
>

Aha. I had to help a client with this exact behavior last night.

I know the windows stuff does a background HTTPS call-home shandshake to
microsoft before allowing Internet access anywhere. It's been seen
happening with all the 'Live' software, automatic updates, and WGA tester.

What I found last night was that Windows Live Messenger uses the _manual_
proxy settings from IE configuration, or direct access. It does NOT use
'automatic' settings, or 'configuration file' settings for the HTTPS part.

What I had to do to get it working with an automatically configured proxy
was to...
Enter the manual proxy details (name and port) into the internet options,
press okay.
Start WLM and login through the proxy.
Go back in and simply click the 'automatic' button again.
Note: leaving the proxy manual settings with strings present but
disabled.
Start WLM and login through the proxy.
optionally, go back and remove the manual settings, ensuring it finished
on automatic. press okay.

Windows Live Messenger now works there. The installer/upgrader had the
same issue.

Ironically the error code displayed both when attempting to use WLM
points people at a page saying download and run the newest installer.
Identical error and page explanation appears while, of course, running the
newest installer :)

Amos
Received on Wed Feb 17 2010 - 21:59:44 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 18 2010 - 12:00:06 MST