kerio 2.1.5 & opera

Discussion in 'other firewalls' started by sff9, May 31, 2007.

Thread Status:
Not open for further replies.
  1. sff9

    sff9 Registered Member

    Joined:
    May 31, 2007
    Posts:
    4
    i'm running kerio 2.1.5 (with bz rules modified by me) and opera 9.21 on xp pro sp2

    the problem is, kerio doesn't ask for permission for opera to connect to http-port 80. it just connects, no questions asked. there are no existing rules for opera, the firewall just lets it connect. then again, when i'm trying to connect to https-port 443 it does ask for permission

    why is this happening?
     
  2. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    You propably have some local proxy software, something like Avast's webshield or Proxomitron running on your system.
    What needs to be done in Avast's case is to exclude the port 12080 from BZ's standard loopback.
    Then you need to make a separate rule for Opera on connecting out to 127.0.0.1, port 12080 tcp. I run only firefox, not opera, but should be the same.

    Cannot give you more concrete details since running Comodo current, but the are few threads in here and also in kerio dslreports forum to be found with a search.
    http://www.dslreports.com/forum/kerio
     
  3. sff9

    sff9 Registered Member

    Joined:
    May 31, 2007
    Posts:
    4
    i get my connection from a zyxel box (which is in bridge-mode), that is connected to a buffalo wlan-router. i have set the router and dns rules from kerio to match the router, as they should be

    the connection and every other application works just fine. i can connect to the router via ethernet cable or wirelessly without a problem, and i'm not running proxomitron or anything similar

    i'm just puzzled why opera doesn't need a permission to use http-port 80 when it does need one to use https or ftp. nod32 and ad muncher asked for a permission to connect to port 80
     
  4. sff9

    sff9 Registered Member

    Joined:
    May 31, 2007
    Posts:
    4
    hey hey hey, might ad muncher cause this? from the faq

    This is just how Ad Muncher filters your browser's transfers; when your browser tries to connect to a web server, it is instead connected to the local Ad Muncher program (hence why it is creating a listening ("server") connection). Ad Muncher then connects out to the original target of the browser, which accounts for the outbound connections. These connections are perfectly normal and no cause for concern; the listening sockets are of no use to anyone except the programs on your computer trying to connect out.
     
  5. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    Sure, I think is is a local proxy too.
    One other way I did not mention was disable that standard loopback rule and then when apps want localhost address access, allow it by making separate rules for them.
     
  6. sff9

    sff9 Registered Member

    Joined:
    May 31, 2007
    Posts:
    4
    it indeed was ad muncher. i disabled it and kerio asked permission for opera like it should

    in ad muncher forums it's mentioned that it should be enough to allow ad muncher to connect to port 80. so basicly i can have ad muncher to use port 80 so that opera gets it's connection via it, and then make a separate rule for opera to use https and ftp?
     
  7. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    Well, if you have BlitzenZeus's "standard loopback" rule. It needs to be excluded a port Ad-Muncher uses to redirect or something that kind of term, it is not 80 TCP, that port to be excluded. Look at the software proxy loopback rule in BZ template. It could be also just that port 8080 that is excluded in there, but since I have never used AD-Muncher, no more knowledge on that.
    And then make a rule for Opera to access that localhost address port.

    You could just find out the right port by temporary disabling standard loopback rule and then let kerio 2.1.5 make very specific rules for Opera from the asking prompts.

    What all this is about is that the local proxy software is not letting other applications too out through from standard loopback rule.
    Your browser for sure is not going to port 80 out while admuncher is running, but at least you will have then specified the needed rule without which the browser would not connect to internet with http traffic, propably. So either disable the global loopback address rule or exclude that port from that 'standard loopback' rule.
    To not have admuncher being a program that allows apps out to internet without asking you.
     
    Last edited: May 31, 2007
Thread Status:
Not open for further replies.