powered by Jive Software

Running IM Gateway behind hideous enterprise firewalls and proxies

Hi Wildfire folks,

We, the corporate faceless ones, do not allow our users to roam the internet visiting whatever ports they wish. Oh no, instead we shore them up behind an NTLM (M$) squid web proxy, so that the only way out is via port 80 (we have a SOCKS5 proxy too but lets ignore that for now).

Apache commons HttpClient supports NTLM auth but some of the apps that employ it dont expose the NTLM aspects in their configuration, Wildfire’'s plugin manager for instance. To work around this we employ the rather lovely open source NTLMAPS proxy (see sourceforge) which happily tunnels all HTTP requests handling any authn/authz exchange with our NTLM proxy. All fine and dandy for us.

Here in corporate land, we also allow MSN Messenger Live to be used but it only works through the specification of an HTTP proxy (see Options->Connections->Advanced). So my question is:

Can the gateway plugin (and in fact all of Wildfire in general) support comms via proxies, and ideally NTLM based proxies?

Thanks for listening!

Howdy! As it turns out I do have proxy support on the list. GATE-130. However it’‘s not slated for version 1.0. I do try to pay attention to the popularity (voting) ranking of the issues though so voting for it would help. That said, I am not really a “wildfire person” so to speak. =) I am a separate developer. Reason I bring this up is, you may want to talk to the Jive peeps themselves and if you feel strongly about this try to work out some sort of sponsorship deal with them. Now, granted, I prefer sponsorship in the form of “someone to help me do it”. But they often work out… “something”. I don’'t know the logistics of all of that. Just generally, you might want to have a chat with the Jive people. They may even ask me to adjust my priorities. ;D

Unless something magical occurs, I can almost guarantee that proxy support won’‘t make it into 1.0, but that doesn’‘t mean it wouldn’'t make it into 1.1 or something like that.

The MSN library I’'m using (and as it turns out, am the lead maintainer of it nowadays), does support proxy connections so it should be hard to do once I have some time to sit down with it.

Of course this is nothing that you, the corporate faceless ones, want to hear, but I"m happily using Wildfire/IM Gateway here without any clearance…

Most firewalls (like this one here) completely ignore DNS requests. Or any traffic on Port 53 (UDP and TCP, since DNS uses/needs both).

My corporate laptop <> my server, port 53 <> iptables redirect/mapping to 5222 <–> Profit - erm - ICQ contacts.

Btw: I love the IM Gateway plugin. Since this release (Beta 8) it’'s a complete replacement for every other IM application for me (since it can read/retrieve ICQ offline messages now). Great job!

Oh wow, at first I thought you were saying I was a corporate faceless type. ;D I’'m an open source “not even working for jive” type. hehehehe Anyway, thanks much for the cheerful feedback on the plugin! =D Interesting solution as well!