[suthercd]

10.3.2-

I want be able to use iChat, Software Update, Mail and other services from behind a Windows (2000?) Server that has a restrictive firewall. There are many win machines and only a few Macs on the network. The LAN for this Mac is a 10.10.1.x subnet with DHCP support and it appears that the proxy server is set up for port 80, 443, and a couple others to gain access through 10.10.1.15:8080 on the LAN's server. That all seems pretty standard.

Safari does not work at all and I read that is a common problem. The sysop I suspect has the ISP technicians set up the window's server/firewall and set the protocol. He has set Internet Explorer's Proxies to Use Proxy Servers Web Proxy:10.10.1.15 on the Mac. He has set Proxies in the Macs Network Sys Prefs with HTTP and HTTPS active. The only way to send email is via Explorer.

I have tried changing the port in iChat's Server Prefs to 8080 wihtout success. Mail.app can receive mail but not send it. Setting the Mail proxy on in Network Sys Prefs does not work. Changing the POP and/or IMAP ports in Mail does not rememdy the situation. There is a username and pw for this machine but using them and experimenting with different settings that require authetication does not seem to make a difference.

I have found a possible work around using httptunnel an app that can port map through the http port on the firewall. Tunnel the iChat port 5090 through port 8080 in the firewall and set up a connection to a external Mac with a static ip address. I could map an arbitray incoming port on that machine and map to 5090- the iChat port on the "outside" machine, hopefully being able to link out that way.

This all might be a fun exercise (and open I used to do with Timbuktu though a couple of routers) but there has to be a simpler way. Plus it may not work!

Waiting to slap my forehead and muttering d'oh when someone shows how easy it is to do this-

Craig

[ghporter]

Your sysop needs to get a clue. All the services he has enabled for his Windows clients should be enabled for his Mac clients. It's easy to build a configuration file for Win clients and have it sit on the server, but that file doesn't do for a Mac. So he should have a nice little script (for people, not computers) that addresses each protocol and what ports to use, etc. Sysops are CUSTOMER SERVICE, and users ARE THEIR CUSTOMERS. A lot of them don't get that.

[suthercd]

Oh, no question about where the situation should be addressed and it would be easy to implement a strategy that does that. Basic network administration. However, that is not an option. The network is at my son's school and an art teacher has found his niche as the network admin. Sigh. No real training. Fear and self protection.

Looking at authoxy to set up a NTLM proxy as a possible solution- pretty slick. Fingers crossed.

Craig

[ginoledesma]

There is no reason whatsoever for the current services not to be working on the Mac unless there is source-based filtering. That is, if the Windows firewall checks who is making the request and only allows certain computers access to the Internet.

I believe he's (or she's) just making life just harder by using a non-standard setup. Why bother with NTLM proxy and such when simpler things will do?

What services are enabled and allowed? HTTP Proxy? The usual default ports for an HTTP Proxy and Caching server are 80, 8080, and 3128. These should just be specified in the System Preferences and it should be good to go. As for iChat, it has to be explicitly configured to use a SOCKS firewall, and in turn the firewall has to be SOCKS v4/v5 compliant. I don't recall iChat working with an HTTP/HTTPS Proxy, unless that proxy has support for the CONNECT directive (and the rules allow it to do so).

[suthercd]

ginoledesma

Do you have a suggestion for a work around?

The HTTPS port 443 is open as is port 8080, detected with a port scan with netwrk Utility and. There are ports for windows services also open. The info I have is via the phone asking him to perform certain diagnostics to try to figure out what is possible.

I have set up Proxies on 443 and 8080 to try to get out that way. We have tried using the SOCKS proxy with and without passwords via the Network Pref Pane. Also tried changing the port via the iChat Preferences to those we have found open available with Connect using Proxy on and off. I have tried every iteration I can think of, and no go. Hence the request for help.

I am not alone in having problems with this situation of a Mac not getting access through a Windows proxy server for different services. I would appreciate ideas you have to configure that Mac to be able to adapt to the situation.

Craig