Webserver Behind Wingate 6 with NAT and Transparant proxy

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
ferri
  • ferri
  • Posts: 3
  • Joined: Oct 19 05 11:53 pm

Webserver Behind Wingate 6 with NAT and Transparant proxy

Oct 20 05 12:43 am

Hi,

we are hosting webserver behind wingate 6. we configure wingate to use NAT with Transparent Proxy.

Port sercurity (connection from internet) is setup to redirect port 80 to our webserver (note that our webserver is acctually located within LAN, not DMZ).

the external client able to access our website (eg. http://abc.com) but internal workstation could not access the same URL (or through public IP).

Error Message
if IE is setup to use proxy server, "Socket Error,Connection refused by Remote Host"
if IE configure to NAT (obtain automaticaly), "the page can not be display"

Temporary work around : I edit host file for internal client, http://abc.com to point to webserver internal ip.
jamesc
  • jamesc
  • Posts: 928
  • Joined: Apr 04 05 2:04 pm
  • Location: Auckland, New Zealand

Oct 20 05 5:32 pm

Have you considered editing the Host file on the WinGate server so you dont have to do it to each client machine? If they are using Transparent Proxy then it willl look up the host file for the request, before checking the DNS.

This could cause problems though if you are serving proxy requests for external clients though...
ferri
  • ferri
  • Posts: 3
  • Joined: Oct 19 05 11:53 pm

Oct 20 05 7:09 pm

Is there any way so I do not need to set Hostfile?

I did try to add redirect port 80 to our webserver for "Lan connection to Wingate PC", and test accessing website from my computer (Internal IP)

The result is:
in the activity Window under my workstation IP, there is message: "NAT- TCP connection to Webserver :80" but my IE browser did not get the page!!

eventhough I have set "do not translate the IP" but it is not working.

HELP
jamesc
  • jamesc
  • Posts: 928
  • Joined: Apr 04 05 2:04 pm
  • Location: Auckland, New Zealand

Oct 20 05 7:27 pm

Yes there are other ways It can be done, but it depends on a few variables, mainly with how your web developer has done the links and also whether you have a configurable DNS server that is private to your LAN i.e does not resolve domain names for external clients.

How come you do not want to use the Host file?
ferri
  • ferri
  • Posts: 3
  • Joined: Oct 19 05 11:53 pm

Oct 25 05 1:16 am

I don't want to use Host file because our URL eg abc.com is used to reference our webserver and mailserver, they are different machine.

From external traffic coming in to different port, I can do port fowarding to different internal machine. But for internal, changing host file wont help
ChrisH
  • ChrisH
  • Posts: 388
  • Joined: Sep 13 03 1:38 am
  • Location: Canada

Oct 25 05 3:52 am

Here's a suggestion - may not be real pretty but should work. If you are redirecting NAT to WWW proxy then add your domain URL in the ban list in WWW proxy service. Next, and all registry precautions apply here - i.e. make backup before proceeding, in the registry go to HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\ErrorStrings\HTTP and edit the AcessDeniedDescription key to this; <META HTTP-EQUIV="Refresh" CONTENT="0; URL=//yourwebserver/mainpage.htm"> where of course you substitute //yourwebserver/mainpage.htm with your parameters. This will now redirect all users to the local webserver when they enter your URL. The catch to this suggestion is that all banned sites will be directed to this same page which may or may not be what you wish.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index