#1: Remember, SOCKS support in
SpoonProxy expires after 30 days and ICQ relies on SOCKS.
So first make sure you are using either a non-expired demo, or that
you have registered SpoonProxy or ICQ will not work.
#2: 9 times out of 10, problems
with ICQ are due to an invalid DNS configuration. Verify that
DNS is mapped properly by attempting to ping something like www.microsoft.com
from one of your client machines. It will time out, but it
should resolve to an IP address. If it does not resolve
an IP, then DNS is not working (and consequently neither will ICQ.)
Complete
instructions on mapping DNS.
#3: Make sure you have no references to mirabilis.com in your
hosts file on the client machine. If there is one there, delete
it.
Back to Top
AFAIR, PPTP uses TCP port 1723. However,
PPTP cannot be proxied since proxies act on the layers higher than
network by definition. Packet filtering and stateful inpection firewalls
are "PPTP-able". Can be done with Microsoft Proxy Server
2.0 using DMZ.
Back to Top
I
am getting a WSAENOBUFS error when I try to make a connection.
What do I do?
To get rid of
the WSAENOBUFS error, try to reduce the number of mapped ports (especially
TCP). If that doesn't help, add the following value using RegEdit:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\MaxConnections
For
Win95 with Winsock 1.1, add it as a DWORD. Change the value to something
larger than 100 decimal (64 hexadecimal).
For
Win98 or Win95 with Winsock 2, add it as a string. Change the value
to something larger than 100.
I found that
256 isn't a bad value, but your needs may be different.
Please note:
Our advice on MaxConnections only applies to the MS TCP/IP stack.
For WinNT, it
depends on the amount of non-paged memory you have available. According
to people inside Microsoft, the WinNT/Win2K kernel allocates sockets
out of the non-paged memory pool. The size of this pool is fixed,
and is dependent on the amount of physical memory in the system.
For NT4 on Intel
x86 machines, the non-paged memory pool stops growing at 1/8 the
size of physical RAM, with a maximum of 128 megabytes. The maximum
is 256 MB on Windows 2000. Thus for NT4, the size of the non-paged
pool stops increasing when you hit 1 GB of RAM. On Win2K, you hit
the wall at 2 GB.
The data associated
with each socket adds up to just under 2 KB. Assuming regular reading
and writing on each conneciton, you have to add to that a 4 KB read
buffer and a 4K write buffer, at least. (4 KB is due to the x86's
memory management unit's page size.) Assuming the simple case of
10 KB of data per connection and 128 MB of non-paged memory, the
theoretical maximum on NT4 is about 12,800 connections, and on Win2K
25,600 connections.
One of the most common reasons for
that error is a lack of resources on your server system, so it's
possible that increasing the memory from 40Mb could help. You could
also go to WinNT 4.0, which has a more dynamic scheme for managing
connections. If your server is running Win95 or Win98 and the MS
TCP/IP stack, you can increase the maximum number of connections
by adding a registry entry. Using RegEdit, add a value called MaxConnections
to the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP
For Win95, the value should be added
as a DWORD. For Win98, the value should be added as a string.
100 decimal is the system default when
the value is not present, so you want something larger than that,
such as 256. After you add the value, restart Windows and you will
be running with a higher maximum number of connections.
In addition to running Hummingbird
SOCKS on the client machine, you must also do a UDP mapping in SpoonProxy
of port 6112 IN and OUT to the INTERNAL IP address of the machine
the Starcraft/Battlenet software is running on, i.e in my setup
the IP is 192.168.0.2, and voila! I can join and create games now
as well as chatting!
If you still have trouble after doing
the above, try creating a file in your starcraft directory called
wspcfg.ini and adding the lines:
[starcraft]
RemoteBindUDPPorts=6112
ServerBindUDPPorts=6112
SpoonProxy does not bind to a specific
interface for sending or receiving. It lets Winsock take care of
what will be routed through which interface. However, if there are
two or more IP addresses, the configured routing will determine
which interface will carry the connection. But SpoonProxy
will only attempt to control one dial-up networking interface at
the most. If there are multiple dial-up networking interfaces,
you will have to use some other utility to keep them all connected.
Multiple modems does not necessarily mean multiple IP addresses.
If you have an ISP that allows you to use multiple modems for increased
bandwidth, you may have configured a dial-up networking entry to
use Multilink. In that case, SpoonProxy would still be in
control of only one dial-up networking entry, even though the dial-up
networking entry might be configured with multiple modems.
If your ISP uses its own proxy server,
you can still use SpoonProxy. What you need to do is map
your ISP's proxy port (usually port 8080) IN and OUT to the IP address
of your ISP's proxy and then use port 8080 as you normally would
as the port for your HTTP connections in your browser. Be aware
that you can't run both the HTTP proxy and a port mapping on port
8080. If you wish to run the HTTP Proxy in addition to having a
port mapping you'll need to use a different incoming port for one
or the other or both.
For more detailed instructions on this
issue see Configuring SpoonProxy to work
other proxy servers or content-filtering services.
My
ISP says I've got an Open Relay on my SMTP port 25. What does this
mean and how do I fix it?
An "open relay,"
is a mail server that allows third-parties to send mail to other
third-parties. For security reasons and to thwart spammers, almost
all ISP's limit use of their SMTP servers to their customers only.
(For detailed information on Open Relays see http://mail-abuse.org.)
To make sure you have not un-intentionally
created aOpen Relay, first, make sure you are using the latest version
of SpoonProxy. Then in SpoonProxy
under Properties, make sure that the Incoming Restrictions tab has
the "Include Local Addresses" box checked. This checkbox enables
only local only IP's on your private subnet to use your proxy server,
but disallows any other IP's. Additionally, on the SpoonProxy TCP
Map tab, click Edit for your port 25 entry (SMTP) and make sure
the "Incoming Restrictions" box is checked there. That checkbox
applies your incoming restrictions to that protocol and port.
It's not really a bug in IE5, it's
a "feature" that Microsoft added in that version. And
yes you can turn it off.
To do so in IE5, go to Tools >>
Internet Options and select the "Advanced" Tab. Under
"Browsing" you'll see a checkbox for "Show Friendly
HTTP Error Messages." Uncheck that box.
Your client machines will not be able
to ping the outside world and receive a reply unless you're running
a gateway on your internal network. You will, however, notice
that if you map DNS in
SpoonProxy and set your SpoonProxy machine's IP as your client's
DNS server that a ping to an external server name from a client
machine will resolve an IP address, but it will still receive no
ping reply. (The same will hold true for tracert.)
Back to Top
Create a file
called "connect.html" in the SpoonProxy directory. To do so, copy
the current page by using View Source from your browser when the
page comes up (or copy the following code and modify it), changing
the refresh setting from 10 seconds to 4 seconds (for example.)
The new page would look something like this:
<HTML><HEAD><META HTTP-EQUIV=REFRESH
CONTENT=4>
<TITLE>SpoonProxy Connecting</TITLE></HEAD>
<BODY><H2>SpoonProxy Connecting...</H2>
The dial-up networking connection is not yet active.
<P>This page should reload every 4 seconds until the
connection is established. If the page fails to reload,
use your browser's Reload or Refresh button.
</BODY></HTML>
Back to Top
For incoming
restrictions, the "from" is the first IP address in the range; the
"to" is the last IP address in the range. Instead of "from" and
"to," think of it as "first" and "last." Note that if you're allowing
a single address or a single network IP, the "from" and "to" values
will be identical.
The mask is
for both "from" and "to." As an example, let's say I want to allow
access from just one machine, 192.168.0.2, on my internal network.
I would use a "from" of 192.168.0.2, a "to" of 192.168.0.2, and
a mask of 255.255.255.255. A logical AND is performed using the
mask when comparing an incoming address to your restricted address
list. Since ANDing anything with 255.255.255.255 leaves the original
value, it's useful for comparing a single IP.
As another example,
let's say I want to allow access from my entire internal network.
I'm using 192.168.0.0 with a netmask of 255.255.255.0. There are
two ways you can specify this in the incoming restrictions. One
way is to use the mask of 255.255.255.255 and specify a "from" of
192.168.0.0 and a "to" of 192.168.0.255. The other way is to use
a mask equal to the netmask, of 255.255.255.0. Then use a "from"
of 192.168.0.0 and a "to" of 192.168.0.0. To see how this works
with a single address in the range, when you AND 192.168.0.2 with
255.255.255.0, you get 192.168.0.0, which is equal to both the "from"
and the "two" values in this last example, and is thus allowed.
Back to Top
Does
Dialpad work with SpoonProxy? What do I need to do?
1. SpoonProxy 2.3 / DialPad Configuration (8/1/00)
2. Open SpoonProxy
3. Click Properties
4. Select the UDP Map Tab
5. Click Add, and map Port 51200 IN and OUT to the INTERNAL IP address
of the client machine you run DialPad on. Click Okay.
6. Do the same thing for port 51201, and apply changes.
7. Select the TCP Map Tab.
8. Click Add, and map port 51210 IN and OUT to the INTERNAL IP address
of the client machine you run DialPad on. Apply changes.
9. Client machine browser must be running "socksified" with Hummingbird
SOCKS or SOCKScap, but no other changes are necessary. For links
and instructions on configuring SOCKS to work with SpoonProxy please
visit http://www.pi-soft.com/spoonproxy/
Back to Top
How
do I upgrade to the latest version of SpoonProxy?
You can simply
upgrade from prior versions of SpoonProxy since version 2.0. Your
settings and registration should stay intact. There is no charge
to registered users to perform this upgrade.
If for some
reason you needed to revert to a version earlier than 2.5, however,
you would need to completely uninstall and re-install from scratch
due to major changes since that version.
You may note
the new default ports for HTTP, and HTTPS, and browser FTP have
changed in the current version. You can leave your SpoonProxy ports
for those at 2222, 2525 and 2323 respectively even when running
version 2.5 even though the new defaults are 8080, 8081 and 8021
respectively.
Back to Top
Can
you provide an overview of features and parameters that can be set
in SpoonProxy?
General:
1) Hide initially
(hides the SpoonProxy window when running on Win95/98/Me platforms,
leaving a tray icon). This has no effect when SpoonProxy is running
as a service (WinNT/2k/XP).
2) HTTP connect
page. When using Dialup, SpoonProxy can present a "connecting" page
for when the connection is being established. The contents of the
page are configurable.
3) Privacy:
Block e-mail addresses in HTTP proxy requests. This causes removal
of e-mail addresses from browser requests.
4) Privacy:
Block referring page in HTTP proxy requests. This causes removal
of the referring page from browser requests.
5) Privacy:
Block browser type in HTTP proxy requests. This causes removal of
the browser type from browser requests.
Incoming:
1) From-address,
to-address, and netmask. Each entry provides access to a single
IP or group of IPs.
2) Include
local addresses. This will automatically allow local addresses if
they are assigned to network interfaces on the machine. Local addresses
are defined per RFC 1918.
Outgoing:
1) From-address,
to-address, and netmask. Each entry provides or denies access to
a single IP or group of IPs.
2) Allow access
to only these sites. Allows access to all defined entries.
3) Deny access
to only these sites. Denies access to all defined entries.
TCP Map:
1) Port, service,
destination. Each entry defines the port number, service type, and
destination IP/port (if applicable). There are a number of different
types of services, including pass-through (simple TCP mapping),
HTTP, Secure HTTP, FTP, SOCKS, Admin (for web administration of
SpoonProxy), Status (for connection status), etc.
UDP Map:
1) Port, service,
destination. Each entry defines the port number, service type, and
destination IP/port. The only service available to UDP is pass-through.
Logging:
1) Enable/disable
logging. Note that SpoonProxy logs are mainly used for debugging
purposes. Pi-Soft has a status service to provide information to
logging applications, but has not published the specification or
created a logging application yet.
2) Log file
path.
3) Maximum
log file size. If the size is zero, dated log filenames are used,
and a maximum of eight log files are kept.
4) Trace levels.
These are all used for debugging purposes.
Registration:
1) Registered-to
entry. Provided by the customer.
2) Organization
name entry. Provided by the customer.
3) Registration
key entry. Provided by Pi-Soft.
Dialup:
1) Dial-up
entry. You may select from existing Dial-up Networking entries.
2) Idle timeout.
Specify the amount of idle time before the dial-up connection is
closed. If no time is specified, the dial-up connection is opened
when SpoonProxy starts and re-opened if the connection is lost.
3) Redial on
disconnect. Mainly for WinNT/2k, since by default WinNT/2k will
redial a lost connection.
4) Login information.
User name and password. These entries are required for when SpoonProxy
runs as a service.
Back to Top
Do
we have to maintain an internal userdatabase for your proxy or is
it possible to use NT-security information instead?
We have a new,
unreleased feature which implements a user database for SOCKS and
web authentication. We have not yet released this feature because
we're working on adding the NT security option as an additional
feature.
Back to Top
I
have over 100 users per location. How many users can connect to
one specific proxy?
For 100 users
per location, we recommend getting a fast server with a lot of memory.
However, we do not have specific benchmarks. We do have a number
of customers who handle 40-50 users without a problem, but we have
not solicited data on the number of users handled by SpoonProxy
in specific locations.
But from my
experience in running a high-volume TCP/IP server, I would recommend
the following: Minimum 400 MHz processor. 512 MB of memory. Windows
2000.
Back to Top
Does
SpoonProxy cache web pages? If so, how?
SpoonProxy does
not cache web pages, although it does cache DNS lookups since they
typically take the most time out of any interchange. Instead, SpoonProxy
relies on caching by the browser. We've considered adding caching,
but since a good number of our customers use SOCKS which has no
provision for server caching of web pages, we decided against it.
Back to Top
I'm
running Windows XP on my client machine and having trouble with
Java aplets
Microsofts VM
is not shipped with the WIN XP CD. And there is no option to update
the addon from the install routine of XP. You will need to download
the VM from Microsoft to solve the problem (about 5MB). See http://www.microsoft.com/java/
for more information.
Back to Top
I've
recently upgraded to version 2.6.0.21 and can no longer get SpoonProxy
to establish a dialup connection on my NT/Windows 2000/Xp machine.
What's wrong?
As of version
2.6.0.21 a change was made to the install program so that it stops
and starts the SpoonProxy service during install/uninstall. Starting
with this version you can only get SpoonProxy to work as a non-configurator
on NT/2k/XP by running it as a service. In other words, the application
mode has been removed.
The three modes
of SpoonProxy were:
1) Service
2) Application (no longer available on NT/Win2K/2000)
3) Configurator
Because application
mode has been removed as of version 2.6.0.21 you must run SpoonProxy
as a service under NT/Win2K/2000 in order for it to function as
a proxy server. Running the program from the start menu in this
case will run it in "configurator mode" only.
When SpoonProxy
runs as a service, dial-up networking info must be entered correctly
on the SpoonProxy dialup tab since the service doesn't have access
to the password info associated with the dialup account which is
associated with a user account. People running NT/2k/XP and using
dial-up networking may have gotten around their invalid info entries
by running SP as an application instead of as a service. That would
have worked fine with every version released except for 2.6.0.21.
Back to Top
My
firewall tells me I am being pinged by www.pi-soft.com. Why is that?
Basically,
any TCP or UDP conversation with a machine can cause the start of
PMTU discovery, which attempts (through the use of PING) to determine
the best MTU size for the return path to the source of the conversation.
In other words,
you browse http://www.pi-soft.com (or some other web site), or telnet
to it or whatever, and that machine will ping your machine (or firewall/proxy
server) every 15 minutes or so for a while to determine the most
efficient method to talk back to you. It eventually stops on its
own.
Back to Top
|