About a week ago, I signed up for iRacing again, after letting my subscription lapse back in, oh, looks like 2008. Time flies!
Since then, I’ve been trying to get updates to install, but I’ve been having no luck with it – the update web page would just vanish when I ticked the updates I wanted and clicked Update.
(Actually, that’s the second symptom - at first I suspected a WPAD problem, as the update window would hang on a blank 127.0.0.1 address, but after disabling proxy settings, that stopped, and I simply didn’t get the updater working.)
One full OS reinstall (well hellooo crazy/hot SSD), UAC, Windows Firewall and AV shenanigans, and a bunch of file- and security-related fiddling later, I was trawling through the IracingService log (Iracingservice.out) and noticed a bunch of network-looking errors, including a 10054 socket error.
TMG logs also noted the 10054 (connection forcibly closed by remote host), so I got to thinking: Could this be another XBL-style HTTP/TCP thing where the Web Proxy filter gets upset?
In short: yes! Cue obligatory “see-it-works-now” screenshot:
I used a variation on the Xbox Live HTTP technique, to disengage the Web Proxy filter from Iracing.com, but constrained it by source IP (just my home gaming machine) and by target IP.
Rules (in this order)
These should be considered inseparable rules – move them as a single unit (shift-selecting allows you to move whole blocks of rules up and down, by the way – to quickly move these to the top, shift –select the other rules above them, and r-click Move Down that group). Put them ahead of any general Allow rules – they will only affect traffic to Iracing’s Member site, only for the HTTP protocol, and should be very, very quick to process.
See the Notes on the Xbox post for the nitty-gritty on why this works. (This’d probably also work for ISA Server 2006 and ISA 2004, if it’s a problem for them, by the way).
Threat Management Gateway probably isn’t called Fluffy Home Network And Gaming Gateway for a reason. It’s designed to mitigate possible security threats for corporate environments, not to get all UPnP-laissez-faire and cosy with strange remote hosts. But it’s kinda fun to force it to.