Allow MSN / Windows Live Messenger with pfSense v2 ?
-
Hi !
I'm installing pfSense 2 at work, on a spare Internet connection.
I use a PC for testing, with pfSense for gateway (without firewall on the machine).Before to add somes rules (SMTP, POP, WEB, etc.), I want to find how to allow MSN, because in the future, I will probably install a transparent proxy. This proxy will block MSN. So, I want to add a rule before the "web rule", for MSN, before pfSense is in production.
(Yes, regrettably, we using MSN at work, and it's impossible to change this).I find topics on Internet, many informations, examples, etc. some are old.
I can't use MSN with pfSense at this time.
I created a rule that allow all address (except address with "*." because pfSense don't accept *) : http://support.microsoft.com/kb/927847
I allow all port in first time.webmessenger.msn.com
messenger.hotmail.com
gateway.messenger.hotmail.com
login.live.com
2.20.211.235
contacts.msn.com
storage.msn.com
c.msn.com
messenger.msn.com
g.msn.com
crl.microsoft.com
config.messenger.msn.com
ows.messenger.msn.com
rsi.hotmail.com
sqm.microsoft.com
edge.messenger.live.com
relay.data.edge.messenger.live.com
rad.msn.com
appdirectory.messenger.msn.com
images.messenger.msn.com
spaces.live.com
relay.voice.messenger.msn.comIf anyone have an idea…
thanks !
-
out of the box with no special rules needed pfsense would not block anything outbound.
I can assure you my kids use all the major chat things, msn, yahoo, etc. and have never had any issues with access behind pfsense.
Is normal internet working? There must be something else blocking it, because out of the box there is nothing you should have to special in pfsense to allow for msn, yahoo, googlechat, etc. etc.
-
Try to change your msn rule so that destination is any and protocol is msn. and like johnpoz said there should be no blocks from pfsense side by default
-
In pro environment, we "must" block all by default, and allow only that we need.
The "allow all" rule must be disbaled. It's made in my company.So, I need to find how to allow MSN before enabled other rules (SMTP/POP, WEB, SSH/FTP to our servers, etc.) and use pfSence in production.
"Try to change your msn rule so that destination is any and protocol is msn"
It's not a good rule : MSN use 80, 443 and 1863 ports, + "any directions" = it's the ~same rule for allow WEB connections.Thanks for you help.
-
Ok you want to block all others and allow only the one you want. I can understand that for sure!!
Question for you – I would put back the default rule. Does it work then?
If so then you just have something wrong in your rules.. But you really need to verify it works with the default allow any rule in place before you go tinkering with it.
I would think it simple enough to do some sniffs of the application while its working, to know what rules you need to allow for. Then you can remove the default allow any rule and put into place the rules you want to allow.
-
Question for you – I would put back the default rule. Does it work then?
Yes, with default rule (allow any), MSN work and connect to internet.I used a proxy DNS server to saw domains called when MSN client try to connect.
I found many news domains and added in my MSN rule on pfSense. But it's doesn't work.I don't find the good rule.
Anyone have already successfully allow MSN via pfSense ?
I can't use pfSense in prod as long as I did not find for MSN.
-
Why don't you just do a simple capture on pfsense to see what is used?
When I get a chance I will give it a go, but did you take a look here?
http://support.microsoft.com/kb/927847
Network ports and URLs that are used by Windows Live MessengerIts a bit dated, but I would have to assume still applies?
-
Why don't you just do a simple capture on pfsense to see what is used?
When I get a chance I will give it a go, but did you take a look here?
Not yet. I will for the next test.
(you think Status > System Logs > Firewall ?)
http://support.microsoft.com/kb/927847
Network ports and URLs that are used by Windows Live MessengerIts a bit dated, but I would have to assume still applies?
I already use this informations (see my first post).
Thank a lot for your help !