Old 3rd February 2004, 11:10   #1
Nick555
Member
 
Join Date: Feb 2004
Posts: 83
MS ISA Firewall

Hi

I'm connected to a LAN & access the Internet via MS ISA Firewall.

I've been using Musicmatch (paid version) for many years & just switched to Winamp due to Terratec sound card issues. Musicmatch had no problem with my firewall.

I'm having trouble getting Winamp to register as the registration program cannot get through the firewall, other parts of Winamp seem to have problems, like "now playing".

In the proxy setting, I've tried [blank], servername:8080, serveripaddress:8080, http://serveripaddress:8080 but nothing works. I get an authentication error message. There's no option in prefs to enter the proxy + login & password.

I'd appreciate some help as I really like the new version of Winamp.

System: P4 3.2ghz HT, 1gb RAM, not overclocked, Terratec DMX 6Fire 24/96 sound card, WinXP Pro SP1, all patches.

Running software: Winamp 5.01, MS ISA Firewall, Network Assocs Virusscan Enterprise 7.0, Setihide, Palm hotsync.
Nick555 is offline   Reply With Quote
Old 3rd February 2004, 12:30   #2
Rocker
Hiding in plain sight (mod)
 
Join Date: Jun 2000
Location: Melbourne, Australia
Posts: 9,907
http://username:password@serveripaddress:port

use that as a base to enter your username and password to a proxy if you have one.

make sure the ports are unblocked on the firewall or it won't get through. (i've never used ms isa firewall so i can't tell you how to unblock needed ports)
Rocker is offline   Reply With Quote
Old 3rd February 2004, 13:52   #3
Nick555
Member
 
Join Date: Feb 2004
Posts: 83
Thanks, but it didn't work. I also tried:
username:password@servername:8080
localdomain/username:password@servername:8080

I also tried the server admin username & pw.

Nothing works.

Is there a way to get it to use Internet Explorer settings?
Nick555 is offline   Reply With Quote
Old 3rd February 2004, 17:14   #4
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
Well, if you enter user:pass@server:port then that is usually all that is required, assuming you enter the exact same proxy authentication as used by IE.

However, more than likely, it is the configuration of the firewall to blame, not Winamp config.
Make sure the firewall itself is configured to allow internet access to winamp.exe

Apart from this, is it a corporate firewall? Or do you have full administrator access?
DJ Egg is offline   Reply With Quote
Old 3rd February 2004, 17:30   #5
Nick555
Member
 
Join Date: Feb 2004
Posts: 83
Hi, thanks for your reply.

It's my own server. Which ports does Winamp use please? I of course already have port 80 & 8080 open.
Nick555 is offline   Reply With Quote
Old 3rd February 2004, 17:56   #6
Nick555
Member
 
Join Date: Feb 2004
Posts: 83
I think that the problem is that Winamp doesn't use the logged-in user's security settings in WinXP. If this is the case, it's not going to work whatever I do.
Nick555 is offline   Reply With Quote
Old 4th February 2004, 12:38   #7
Nick555
Member
 
Join Date: Feb 2004
Posts: 83
Hi again

I could really use a note of which ports Winamp is using so I can check that they are open on my Firewall. Does anyone have an email address for a suitable Winamp techie please?
Nick555 is offline   Reply With Quote
Old 4th February 2004, 16:52   #8
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
I'm not familiar with MS ISA Firewall, but with most other firewall software I've used, it's not a matter of making sure ports are open, it's a matter of configuring the firewall to allow Winamp full access to the internet.

Winamp mainly uses http port 80 for registration & Now Playing file lookups.
CDDB uses port 8880
Shoutcast TV/Radio uses whatever port is specified in the stream url. The most common is 8000, but could literally be anything.

To me it just sounds like Winamp in general is blocked, or hasn't been granted access.
DJ Egg is offline   Reply With Quote
Old 4th February 2004, 17:16   #9
Nick555
Member
 
Join Date: Feb 2004
Posts: 83
Hi, thanks for your reply.

The ISA Firewall blocks all ports. I then open specific ports for specific traffic as required. It's not like a client Firewall like Zonealarm, where you would allow access to specific processes.

I've tried opening 8000 & 8880 for outgoing TCP, I'll feedback if I get any luck.

FWIW, checking out the MS support newsgroups & also http://www.isaserver.org/ forum, there's a big problem between Shoutcast (which I don't intend to use) & ISA Server. It seems that Shoutcast basically eats up ISA memory & crashes it after a few hours.
Nick555 is offline   Reply With Quote
Old 4th February 2004, 17:36   #10
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
Oh, I see . . .

Well, here's a few other tips...

You can circumvent the need to register by editing winamp.ini in the Windows dir accordingly:

NeedReg=0

I also just noticed your other post...

"I think that the problem is that Winamp doesn't use the logged-in user's security settings in WinXP..."

See if these threads help in any way:
http://forums.winamp.com/showthread.php?threadid=163094
http://forums.winamp.com/showthread.php?threadid=161845
DJ Egg is offline   Reply With Quote
Old 4th February 2004, 17:58   #11
Nick555
Member
 
Join Date: Feb 2004
Posts: 83
Thanks Mr Egg

Strangly, Winamp is no longer asking me to register. I've also bought the pro upgrade & the code has been accepted.

Allowing access to the 2 ports I mentioned did not help.

I did not explain correctly about the security user rights. The threads you pointed me to were about users not having local admin rights.

To access server resources (including ISA server) the software needs to be using the full server logon security from the currently logged-on user. I don't think that Winamp is doing this.

Infact many people have this same problem with Lavasoft Adaware when using WinXP or Win2k. I hope that either I can fix it, or Winamp can add this to the software. It's a shame as Musicmatch can do it ok, despite being a rubbish piece of software!
Nick555 is offline   Reply With Quote
Old 27th February 2004, 16:32   #12
k1DBLITZ
Junior Member
 
Join Date: Feb 2004
Posts: 5
We just switched to ISA server from Proxy 2.0 and I've run into the same problem. I believe the problem lies in the fact that Proxy 2.0 would allow you to accept anonymous connections, basic authentication (clear text), or NT Challenge/Response. ISA server seems to only allow anonymous or nt challenge/response. We have to use challenge/response to log and restrict web access based on domain groups. This leaves winamp out in the cold as it does not use the users current credentials.
k1DBLITZ is offline   Reply With Quote
Old 27th February 2004, 18:28   #13
Nick555
Member
 
Join Date: Feb 2004
Posts: 83
I have a fix for this, it makes both Winamp & Adaware work. In ISA 2000, set a protocol rule to Allow all/all/all. I can give you step by step if you need it.
Nick555 is offline   Reply With Quote
Old 27th February 2004, 19:22   #14
wdekler
Member
 
Join Date: Jul 2001
Posts: 50
Have you tried installing the firewall client yet? It's included with ISA server and it should allow for transparent access (do not specify a proxy in winamp!).

Then make a protocol rule for outgoing port 80 and 8080 traffic.

And if it still doesn't work try disabling the http redirector.

At www.isaserver.org you can find a lot of helpfull articles if you need more info.
wdekler is offline   Reply With Quote
Old 27th February 2004, 19:33   #15
k1DBLITZ
Junior Member
 
Join Date: Feb 2004
Posts: 5
The firewall service is stopped on the ISA server. It is being used strictly as a proxy. Will the firewall client still help? Is it basically the same thing that the winsock proxy client was in MSproxy 2.0?
k1DBLITZ is offline   Reply With Quote
Old 27th February 2004, 19:39   #16
wdekler
Member
 
Join Date: Jul 2001
Posts: 50
Disabling the firewall service will make this a lot harder.

The firewall client is indeed only usefull is you're running the FW service and is an evolution of the MS proxy server 2.

Is enabling the firewall service an option?

You can also try using secureNAT. That works by using the ISAserver as your TCP/IP gateway. The HTTP directory should be used than. But I'm not sure if this would work if the ISA server is not directly connected to the Internet.
wdekler is offline   Reply With Quote
Old 27th February 2004, 21:18   #17
k1DBLITZ
Junior Member
 
Join Date: Feb 2004
Posts: 5
Quote:
Originally posted by wdekler
Disabling the firewall service will make this a lot harder.
Yeah, I just found that out. After installing the FC I could not get my profile to load till I pulled the lan cable. Probably because the FW service was off and it was trying to autheticate my domain id through the FC. Argh, this is frustrating. I can point to the old 2.0 Proxy and everything works like it should. I would rather not mess with any Firewall configs on ISA if possible as this is only being used as a proxy, we have a 'real' firewall. We went to ISA server for increased performance over proxy 2.0
k1DBLITZ is offline   Reply With Quote
Old 27th February 2004, 22:15   #18
wdekler
Member
 
Join Date: Jul 2001
Posts: 50
If you use the ISA server as a SecureNAT client (gateway to ISA) you should be able to get winamp working. I think that the problem is authentication:

Internet Explorer uses integrated authentication which most apps. (including Winamp) don't support. If you make a rule without authentication it should work. You'll have to make a rule to allow any request access.

The ISA logs should give some interesting information what is happening. If I'm not mistaken, the HTTP redirector should redirect http traffic to the web-proxy service. But I'm not sure if it works without the firewall client.

The www.isaserver.org site has 20 postings about Winamp usage, one of them suggest using the domain\username format.

I can really recommend posting your question at this messageboard. And letting the other Winamp users know the solution

At my office everything is running fine using the firewall client, however, a LOT of shoutcast stations use non standard ports...
wdekler is offline   Reply With Quote
Old 3rd March 2004, 16:58   #19
k1DBLITZ
Junior Member
 
Join Date: Feb 2004
Posts: 5
ISA SERVER FIX!!

I got it working!

Solution:

Enable basic authentication within ISA server. This can be done by right clicking your ISA server in the MMC and accessing properties. From there go to 'outgoing webrequests'. Select your listener and click edit, then enable basic authentication and you're good to go. From here on the format of:

user: password@server:80

(no space in between)


will work.

:
k1DBLITZ is offline   Reply With Quote
Old 3rd March 2004, 18:05   #20
wdekler
Member
 
Join Date: Jul 2001
Posts: 50
Good job!
wdekler is offline   Reply With Quote
Old 9th March 2004, 11:47   #21
Robjbrad
Junior Member
 
Join Date: Mar 2004
Posts: 1
Are you using version 5? When I enter username: password@server: port, winamp 5 changes it to username: password....

Rob
Robjbrad is offline   Reply With Quote
Old 9th March 2004, 14:07   #22
k1DBLITZ
Junior Member
 
Join Date: Feb 2004
Posts: 5
Quote:
Originally posted by Robjbrad
Are you using version 5? When I enter username: password@server: port, winamp 5 changes it to username: password....

Rob
Quote:
Originally posted by Robjbrad
Are you using version 5? When I enter username: password@server: port, winamp 5 changes it to username: password....

Rob
Yes, I am running version 5.

The format should be username:password@server:port

There should be no space in between username:password. I put the space in there before because it kept turning :P into a smiley face. I checked the box to disable smileys in this post so you could see the correct format. If you're part of a domain, make sure and specify that also:

domain\username:password@server:port

as an example:

decpticons\megatron:irule@cybertron:8080
k1DBLITZ is offline   Reply With Quote
Old 26th March 2004, 17:57   #23
cbodnar
Junior Member
 
Join Date: Mar 2004
Posts: 1
I have the exact same problem, but none of the solutions has solved the problem. In my case the problem has been sporadic. It will work one day and then not the next. The problem in my case seems to be as mentioned, that the server:port is being stripped away. I have tried the following formats for the credentials:

username:password@servername:port
domain\ username:password@servername:port
http://username:password@servername:port

but none has worked. Anyone have another suggestion?

Thanks.

Chris
cbodnar is offline   Reply With Quote
Old 27th April 2004, 12:40   #24
shlinho
Junior Member
 
Join Date: Apr 2004
Posts: 2
For anyone sitting behind the ISA firewall:

If ISA requires you to connect with NTLM auth, and you're not an admin to change it to BASIC auth, then install a NTLM proxy server in the PC.

Goto ntlmaps.sourceforge.net to download NTLM Authorization Proxy Server, and download Python from www.python.org.

Edit server.cfg and runserver.bat, change the proxy setting of winamp, then off you go!

NOTE: Most shoutcast streams are using ports that are blocked by firewall.
shlinho is offline   Reply With Quote
Old 17th March 2005, 20:17   #25
hogfan
Junior Member
 
Join Date: Mar 2005
Posts: 4
Can you explain in more detail?

What exactly do I edit in server.cfg? And what exactly do you mean by "Change the proxy setting in winamp"? What goes in Winamp's proxy address box now? I've got python installed and ntlmaps.

Any clarification is appreciated.
hogfan is offline   Reply With Quote
Old 20th March 2005, 01:23   #26
shlinho
Junior Member
 
Join Date: Apr 2004
Posts: 2
I thought server.cfg is self-explanatory...

Anyhow, edit following fields normally will do:

ISAPARENT_PROXY: ISA server's IP address
PARENT_PROXY_PORT: ISA server's listening port
NT_DOMAIN: your domain to logon ISA server
USER: your username to logon ISA server
PASSWORD: your password to logon ISA server

Edit LISTEN_PORT only when default (5865) is already taken.
If the script is installed at other computers, edit ALLOW_EXTERNAL_CLIENTS to 1, and put your own IP in FRIENDLY_IPS.

Besure to read Install.txt to install the script. Run the server by runserver.bat.

In WINAMP, point the proxy to the newly installed APS server (e.g. 127.0.0.1:5865).

Note that shoutcast might still be blocked by ISA firewall.
shlinho is offline   Reply With Quote
Old 10th July 2005, 09:33   #27
Slimsl
Junior Member
 
Join Date: Jul 2005
Posts: 5
Quote:
Originally posted by k1DBLITZ
We just switched to ISA server from Proxy 2.0 and I've run into the same problem. I believe the problem lies in the fact that Proxy 2.0 would allow you to accept anonymous connections, basic authentication (clear text), or NT Challenge/Response. ISA server seems to only allow anonymous or nt challenge/response. We have to use challenge/response to log and restrict web access based on domain groups. This leaves winamp out in the cold as it does not use the users current credentials.
if you want to allow all posrt what 's use of firewall
Slimsl is offline   Reply With Quote
Old 1st March 2006, 07:27   #28
Yoghurt
Junior Member
 
Join Date: Feb 2006
Location: Sneek
Posts: 7
Shilino's ntlmaps solution worked for me, however not for all DI.fm channels. The Drum and Bass & the Breaks channel don't work. And neither do any of the Shoutcast channels I tried. On all of those I get the error message: [error syncing to mpeg]
And I don't have a clue why?!

edit: Damn, I post the problem and 10 seconds later I see whats causing it. The channels that work, have there url's like this: Ip:port/stream/randomnumber (http://64.236.34.4:5190/stream/1003). The channels that don't work, have'm like this: Ip:port (http://207.200.96.229:8030)
I still don't know the solution though.
Yoghurt is offline   Reply With Quote
Old 13th June 2006, 18:25   #29
SimpleFix
Junior Member
 
Join Date: Jun 2006
Location: The Motor City
Posts: 1
shlinho you are the bomb. ntlmaps works, although I am seeing the same problems as Yoghurt on the DI.fm channels. The AAC channels won't work. Oh well, better than nothing. The SomaFM Groove Salad MP3 channel works too, so I'm happy. Why the hell did my company's IT department have to use that crappy-ass Microsoft proprietary NTLM proxy!
SimpleFix is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump