THIS SECTION IS DEDICATED TO OUR "ARCHIVE" OF PAGES, THAT WERE HERE WHEN THE SITE WAS PURCHASED. THEY ARE REMAINING "ONLINE" JUST IN CASE SOMEONE HAD USE OR BOOKMARKED THEM.
proxy server : MS proxy server supports SOCKS. If that it turned on, just set SecureCRTto use SOCKS ("Options->Global Options->Firewall, and "SessionOptions->Use firewall to connect").I'm not sure what you mean by this -- but remember that just because youcan do HTTPS browsing through the proxy does not mean you can get apassthrough TCP connection to the outside world on port 443.I have tried this, and still no luck....secureCRT just keeps trying toconnnect with no message.I realize this. I was just saying that IE and Mozilla are able to getthrough the firewall, so there must be some way :)Is there any chance that the Proxy server is checking the packets? Forexample it is only letting HTTP/HTTPS packets through, and not SSH ones? I don't know enough about MS Proxy Server to know if this is even possible.
proxy server : wlemke> I have tried this, and still no luck....secureCRT just keeps wlemke> trying to connnect with no message.Have you asked the proxy admin if they're turned on SOCKS support? Or ifthey have, are you using the right version (4/5)? wlemke> I realize this. I was just saying that IE and Mozilla are wlemke> able to get through the firewall, so there must be some way :) wlemke> Is there any chance that the Proxy server is checking the wlemke> packets? For example it is only letting HTTP/HTTPS packets wlemke> through, and not SSH ones? I don't know enough about MS Proxy wlemke> Server to know if this is even possible.A proxy and a packet-filtering firewall are very different things. AnHTTP proxy operates at the application level, not the "packet" level.Suppose the proxy is listening on proxy-box:80. This means that when youconnect to that socket, you are talking to an HTTP server. You simplyissue an HTTP command to GET some URL, for example, and the proxy in turnfetches that URL from the Net and returns the content to you (or justreturns it from the proxy's cache if available). But the essential pointis that you're talking HTTP to the proxy server -- you cannot(necessarily) "connect through" to some arbitrary other socket out on theInternet (as you could with an SOCKS proxy).
proxy server : Interestingly, though, the situation is slightly different with SSLproxying. From a security point of view, the proxy's presence qualifiesas a "man in the middle attack" -- and SSL is designed to prevent that.The proxy server cannot sit in the middle of a (properly authenticated)SSL connection and access the HTTP traffic inside it. When proxy serversdo "SSL proxying", what they typically do is to use the CONNECT HTTPmethod to provide a SOCKS-like passthrough connection mechanism. If yourbrowser is configured to use proxy-box:1234 as its "SSL proxy", and yourequest https://foo.bar/baz, the browser connects to proxy-box:1234 andsays something like this: CONNECT foo.bar:443 HTTP/1.1 Host: foo.bar User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; m18) Gecko/20001108 Netscape6/6.0 Accept: */* Accept-Language: enI looked at the help, and tried telneting to the proxy server. This iswhat I saw:
proxy server : shell> telnet proxy 80Trying...Connected to www-proxy.lmig.com.Escape character is '^]'.I'm assuming the last line was from my.machine.com's sshd. Then theconnection will just sit there, I'm assuming sshd is waiting forauthentication stuffs. However, when I put that Connect line into thefirewall settings of CRT, it just sits there also. I'm not sure if sshdis waiting for something to happen, or what. Any more ideas? :)That's right; it's waiting for the client send its own version string andstart the SSH protocol.The help section you were reading talks about this on the same page. So Iwould expect this problem.However, now that I think about it, this should not *be* a problem.Section 3.2 of the SSH transport protocol draft requires a client toignore arbitrary lines of text occurring before the version string (whichit recognizes as beginning with "SSH-"). This strikes me as a bug inF-Secure which should be fixed.
proxy server : On our network we need to intergrate two networks, and make them share1 internet connection. So far we only had one network connecting to arouter via proxy server...Can I add a thirth NIC to add the other local network and make the boxroute not only to the internet but also to eachother... if so, willthe communication between the two local networks go via proxy serveror can it be done a bit more low level?NIC 1: 192.168.1.0 255.255.255.0NIC 2: 172.x.x.x 255.x.x.x (do not yet know details)NIC 3 (external) 192.168.2.0 255.255.255.0 to cisco router (with NAT)We do not need proxy server for NAT as such but we need it for mostfor Logging and cacheing purposses.....In order for the proxy server to act as a router between your twonetworks you will need to enable IP forwarding which will actuallycircumvent the internet security that proxy server provides. Howeverit looks like security (packet filtering) is actually provided by yourfirewall. Another problem with this (depending on your netowrkconfig) is that you would need to set the Default Gateway of yourclients to the proxy servers internal nic. A user could uninstallwinsock proxy client, add a DNS entry for an internet DNS server andbypass the proxy all together (unless you can configure your firewallto prevent this).
