Need help with NAT setup in my current LAN

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
fdt4y
  • fdt4y
  • Posts: 2
  • Joined: Apr 07 05 1:21 am
  • Location: South Africa

Need help with NAT setup in my current LAN

Apr 07 05 1:49 am

I'm evaluating WinGate 6.0.4 and need some advice as to what method of connection sharing would suit me best. I think our current setup might be somewhat unique.

"Our" LAN consists of 10+ PCs with:
IP : 192.168.3.x (Staticly assigned, not using DHCP)
SN : 255.255.255.0
GW: 192.168.3.1

The GW points to a router connected directly into our main switch and connects via Leased-Line to one of our client's companies. Each client PC in my network needs access to two static IPs on the client's LAN. One of them being a mail server @ 192.168.1.1.

We have since then acquired our own broadband connection and received an IP from the ISP (eg. 192.168.12.80). I've setup a PC (XP Pro) with two NICs running WinGate 6.0.4.
Internal IP : 192.168.3 .63 SN: 255.255.255.0 GW:[blank]
External IP: 192.168.12.80 SN: 255.255.255.255 GW:[ISP Gateway]

My requirement is that the client PCs should have strict internet access control and must be able to access both 192.168.1.1 (client's email server) as well as external internet. Using a proxy only solution would work to my understanding and would mean that I would not have to change the gateway on my client PCs but will have to setup proxy settings though. I would prefer to use NAT due to the fact that I would not need to change client settings, but is worried about restrictions and monitoring.

If I'm using NAT I would have to change my client PCs GW to 192.168.3.63, but how would WinGate then access 192.168.1.1 via the 192.168.3.1 router? Does WinGate support this type of setup?

I've thought about changing the 192.168.3.1 router to another NIC in the WinGate PC, but can't do that until I know it will work.

Any help, comments, ideas, clarifications or corrections would be appreciated.
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

Re: Need help with NAT setup in my current LAN

Apr 07 05 8:21 am

fdt4y wrote:My requirement is that the client PCs should have strict internet access control and must be able to access both 192.168.1.1 (client's email server) as well as external internet. Using a proxy only solution would work to my understanding and would mean that I would not have to change the gateway on my client PCs but will have to setup proxy settings though. I would prefer to use NAT due to the fact that I would not need to change client settings, but is worried about restrictions and monitoring.


That is the beauty of WinGate's Intercepts. You can configure your clients to use NAT (DHCP might be the easiest option as well) and, using the Intercepts option of the Application Level proxy (Such as HTTP, POP3, SMTP, etc.) you can intercept the NAT connection and pump it through the proxy for control, monitoring and data scanning (Plugins).

Feature Description wrote:Transparent proxying is where connections made through WinGate, using WinGate as a NAT/router, are redirected to the proxy server running on WinGate transparently.

This provides several benefits:

* The client applications (e.g. web browsers, or email clients), do not need to know about the existence of the proxy server, so there are no per-application setup requirements on your client machines. Clients are simply configured to use WinGate as their default gateway (standard NAT configuration).
* The benefits of the proxy server in terms of access control, policy enforcement, logging and auditing, and performance benefits (e.g. HTTP caching) come into play.
* Users cannot circumvent policy by not going through the proxy, since the proxy intercepts the traffic, which is outside of the users control.

Several of WinGate's proxy services support transparent proxying: The WWW Proxy, SMTP, POP3, and FTP proxies all support interception of connections in this way. Multiple ports may be intercepted by any of these proxies.

Furthermore connections made through the SOCKS service, and also the WRP service are also intercepted. This means all traffic of a type may be forced through the application proxy, where the administrator then has the maximum control.


As to the routing, apart from general network setup, etc. all that is necessary from the WinGate side is to have "Support for multiple subnetworks (router)" checked in Extended Networking and you should be good to go.
fdt4y
  • fdt4y
  • Posts: 2
  • Joined: Apr 07 05 1:21 am
  • Location: South Africa

Apr 07 05 5:35 pm

Thankx for the reply, will try it on a test PC today at the office.

Just one question more - On the machine running Wingate, will it still be possible to access the the PCs/IPs on the "leased lined routed" network as well, meaning IP 192.168.1.1 (via switch/router 192.168.3.1). For this I need to setup the WinGate PC's Internal NIC's Gateway to 192.168.3.1 (router). If I do this I do not have internet access on that PC anymore?

Will get back to you - thankx again for the reply
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Apr 07 05 6:28 pm

It all depends on your routing - if there is a route to any particular IP address, then there should be no problems getting to this new IP.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index