Request Proxy Support

Problems? Issues? Ask your questions here.
Post Reply
Saarbruecken
Posts: 5
Joined: Thu Jan 22, 2009 11:41 pm

Request Proxy Support

Post by Saarbruecken »

I am protecting my network with a port-restricted NAT (up to 18 users / computers) with VPN-passthrough, required for teleworking / external work. The issue is, that all users have to use a proxy server to access the internet, which requires login and password. After installing and starting the reverbgaming application, I am getting the following error message:

---------------------------
This Program Will Now Close
---------------------------
The CDROM Games List is not available.
---------------------------
OK
---------------------------

This is what I have found in my proxy logs:
1233001634.140 43 192.168.99.121 TCP_DENIED/407 1924 GET http://www.reverbgaming.com/cdromlobby/CDLobby.txt - NONE/- text/html (Error 407 - Proxy Authentication Required)

My second idea was adding a firewall rule to bypass the proxy server, but the client keeps ignoring the allowed traffic between the internal network and the reverbgaming web server and tries using the proxy server instead. The client seems to use the configured settings in Internet Explorer (which I can't drop, because my employer's web application requires IE).

A feature to manually configure a proxy server would therefore be very appreciated. Thank you.
CanEh
Site Admin
Posts: 285
Joined: Fri Jan 09, 2009 3:51 am

Re: Request Proxy Support

Post by CanEh »

To be honest, I've never dealt with proxy stuff... and I wouldn't have a clue where to begin to look, especially with Vista since I have never ran it... You and I spent some good time in MSN going over things, and that link is the first thing that the client does in order to get a list of the lobbies.

I understand your need for the security side but I just can't offer any solutuions since I've never used proxies... I sure hope you can get it figured out though!!
Saarbruecken
Posts: 5
Joined: Thu Jan 22, 2009 11:41 pm

Re: Request Proxy Support

Post by Saarbruecken »

Hi Gary,

let me explain to clarify this; it's not really a vista issue. The normal / default behavior of an application is to directly connecting to the internet, regardless of any configured proxy settings whatever. In that case my solution would work, by setting up a firewall rule to allow the traffic between the web server and the internal network. But the reverbgaming client is using the settings of Microsoft Internet Explorer and therefore doing something it better shouldn't. Wouldn't it make more sense to let the client behave like any other default application and giving the user the ability, to configure a proxy server if necessary? With the current configuration everything is depending on the settings of MS IE.

Default behavior (as recommend by Microsoft):
1.) Application -> Direct Connection
2.) Application -> Looks up Proxy Server if configured -> Direct Connection if Proxy Server fails
3.) Application -> Asks for connection method

Currently the following connection method is being used:
Application -> Using configured settings from Internet Explorer (does not support authentication) -> Gives error message when connection fails

while I expect the following:
Application -> Using configured settings from MS IE (results in Errror 407) -> connects directly (firewall rule allows connection) -> Connection established (Error 200 OK)

There are two ways fixing that behavior:
1.) Supporting authentication and letting the client ask for login and password
2.) Letting it connect directly and ignoring any configuration in MS IE
CanEh
Site Admin
Posts: 285
Joined: Fri Jan 09, 2009 3:51 am

Re: Request Proxy Support

Post by CanEh »

Actually, I don't believe that it has anything in particular to do specifically with Internet Explorer at all... the exact code is directly from the client as follows:
Private client As System.Net.WebClient = New System.Net.WebClient()
Dim dldata As String = Nothing
Try
data = client.DownloadData("http://www.reverbgaming.com/cdromlobby/CDLobby.txt")
client.Dispose()
dldata = System.Text.Encoding.ASCII.GetString(data)
PopulateList(dldata)
Catch ex As Exception
MsgBox("The CDROM Games List is not available.", _
MsgBoxStyle.Critical, "This Program Will Now Close")
End
End Try
This is a function of the dot Net assortment of libraries, which may very well have a form of association with how IE works, but it doesn't call anything from an "IE" library/DLL. With that said, if we look up the parms that are involved with the System.Net namespace, we are given the following information:

==================
The WebClient class provides common methods for sending data to or receiving data from any local, intranet, or Internet resource identified by a URI.

The WebClient class uses the WebRequest class to provide access to resources. WebClient instances can access data with any WebRequest descendant registered with the WebRequest.RegisterPrefix method.

NET Framework Security
WebPermission to access the requested URI or any URI that the request is redirected to. Associated enumeration: Connect.
===================

More complete information can be found at http://msdn.microsoft.com/en-us/library ... S.80).aspx. As we had discussed, if you can't paste that reverbgaming link into IE and have it load up the list on the page, then there is certainly a problem of some kind. I know originally even THAT did not work for you, and you did some form of changes on your end and you did get the page to load up. So in *theory*... if the IE link worked, then the program running that link internally (in this case the client program) should also be able to access that same data.

I know that you had said that you granted permissions (read/write I think) to the "reverb" folder and contents. I'm wondering if you went directly to that folder, and right clicked on the slidegamers.exe file (yes.. its in a reverb folder with a reverb icon shortcut and stuff but the exe is still the same name) and granted permissions... ran as administrator... and did whatever the Vista thing is for the... whats it called... UCL??? the spot where individual programs are given rights on things... Does that change anything at all, does that work?

The client makes a simple http request on the standard port 80 to get the games list file. From there, the client then talks to a lobby server (once you select a game room to join) that is typically using the 29000 to 29100 port range to communicate with the lobby server.

Please let me know how you make out with this because I know you really want to play a game or two with your friends, and I would love to see that happen as well. :geek:

By the way, if any of the readers of this topic have and suggestions to help out, by all means please chip in!

(Just as a side note.. I dunno if this is anywhere near the same thing but I went into IE on my machine and changed the IE lan connection settings to "auto detect", which seems to put me through the Shaw cable proxy server. I know it does something different cause my ip logs in the router file change from my 68. addy to a 24. addy... anyway, after doing this I used the RG client to login to a lobby... and that part worked for me fine. Again, I could be talking out of the top of my head because I just have no knowledge on proxy servers at all...)
Saarbruecken
Posts: 5
Joined: Thu Jan 22, 2009 11:41 pm

Re: Request Proxy Support

Post by Saarbruecken »

My point was, that the application is using the defined connection settings from IE instead of directly connecting to the internet. It would work without any problems, if the application wouldn't persist using the proxy server - because without the proxy authentication it works like a charm, but everyone in the network would be unable to use VPN, which is very important to us. *sigh*
That other client you showed me before also allowed me to define proxy settings, including login and password.

There also exist a Web Proxy Class
http://msdn.microsoft.com/en-us/library ... S.80).aspx

Default:

Code: Select all

WebProxy^ proxyObject = gcnew WebProxy( "http://proxyserver:80/",true );
WebRequest^ req = WebRequest::Create( "http://www.contoso.com" );
req->Proxy = proxyObject
with Proxy Authentication it would look like this:

Code: Select all

WebProxy^ proxyObject = gcnew WebProxy( "http://login:password@proxyserver:port/",true );
WebRequest^ req = WebRequest::Create( "http://www.contoso.com" );
req->Proxy = proxyObject
in my case something like: http://longusername:evenlongerpassword@ ... 22.1:8080/

I also found this:
WebProxy.BypassProxyOnLocal Property
http://msdn.microsoft.com/en-us/library ... S.80).aspx
CanEh
Site Admin
Posts: 285
Joined: Fri Jan 09, 2009 3:51 am

Re: Request Proxy Support

Post by CanEh »

Saarbruecken wrote:That other client you showed me before also allowed me to define proxy settings, including login and password.
I also found this:
WebProxy.BypassProxyOnLocal Property
http://msdn.microsoft.com/en-us/library ... S.80).aspx
Hmm.. other client... We have never done a client wth anything that had proxy stuff in it so I am a little lost with that statement. And the bypassonlocal stuff seems to be strictly for making local connections within your LAN side. But, with that said, I'm willing to look into adding that for the current interim release since it is something that should probably make it into the new client as well. In all the years, you are the first one to bring this up... Yer *such* a brat! LOL...

Ok, so.. I need more information then, since I am totally proxy un-savy. I suspect that you would need a selection box of some form on the main login screen, and if that was checked you would then need a spot to place the address of the proxy server and a place to put your login name and login password FOR the proxy. Do all proxy servers need a user name and password, just the proxy IP or...

And the next question would be... once you get a list of the games and values loaded in... will you then need yet another proxy connection to connect to the game lobby itself. THAT is another completely different "ball of wax" because the communications are done in a C++ dll that has nothing to do with the dot net framework. The DLL does a direct connect to an IP address on a specific port and makes no associations at all with anything IE related. Perhaps the best approach to test this would be for me to make a custom client for you with a game lobby pre-defined so you dont have to get the list of games, and see if you can get into the lobby... If that doesn't work then I will have to turn that portion of the problem over to Pyro, since he wrote all of that C++ code... You have my msn, perhaps thats the best place to reach me for this...
Saarbruecken
Posts: 5
Joined: Thu Jan 22, 2009 11:41 pm

Re: Request Proxy Support

Post by Saarbruecken »

How to fix the problem described above:

-> Open Microsoft Internet Explorer
-> Navigate to menu Tools > Internet Options > Tab Connections > LAN Settings > Advanced > Exceptions
-> Add: *.reverbgaming.com;65.18.172.94
-> Confirm with Apply & OK

-> Edit /etc/firewall/rules
-> Create the following firewall rules:
ACCEPT loc:192.168.101.2 net:65.18.172.94 TCP 80 // required to get the list of available game lobbies
ACCEPT loc:192.168.101.2 net:65.18.172.94 TCP 29000:29050 // required to enter the game lobbies
-> Assuming that the following policy in /etc/shorewall/policy is being enforced:
LOC NET REJECT INFO // No outgoing traffic allowed
NET LOC DROP INFO // No incoming traffic allowed
-> Restart the firewall
Post Reply