SYMPTOMS:

When "Enable packet filtering on external interface" is enabled in Microsoft Proxy Server 2.0, connection attempts to Surrogate Socket fail.

MORE INFORMATION:

Microsoft Proxy Server 2.0 includes a packet filtering feature which allows you to configure the proxy server to selectively block or allow connections based on the source and destination IP address, and source and destination port numbers. When this feature is enabled, connection attempts to Surrogate Socket mappings will be blocked when using the default proxy server packet filters.

See Packet Filter Driver Blocks All Non-proxy Requests for more information.

RESOLUTION:

Surrogate Socket does not use the proxy services for its mappings, so the dynamic filtering option will not open the ports. To allow connections to your Surrogate Socket mappings, you must define custom packet filters in the packet filter dialog box of Microsoft Proxy Server 2.0 for each mapping you define in Surrogate Socket which listens on one of the proxy server's external IP addresses. When defining a custom filter for a Surrogate Socket mapping, you only need to define the exception for the Default proxy external IP addresses. For example, to define an exception for a mapping listening on the proxy server's external NIC on port 3389 (Windows Terminal Server) use the following settings:

For a list of commonly used custom packet filters see tech note T0005.