WinGate Forums

[script]

Hi.

I'm running an internal web server.

I've redirected all the trafic from de port 80 to my internal web server.

Now I have a user limitation!

My license is for 5 users but when the outside users go to my page my internal users can't access web.

Is there any change to redirect all the web trafic and not interfere with my license?


Rui Leite

[jamesc]

http://support.qbik.com/index.php?_a=kn ... ils&_i=158

Go to the section:
Example when a concurrent connection is used or not used.

[script]

But there isn't a leak of security if I put my WEB server at the same machine on wingate?

[jamesc]

But there isn't a leak of security if I put my WEB server at the same machine on wingate?

I think you will find it is a "leak of security" if you put it anywhere on your private network - but sometimes we must make tradeoffs based on budget constraints - and this question was about licensing :)

How about the following as a solution?

<IP provided by ISP>
Hardware router
<192.168.0.1>
|
|
|--------------------- <192.168.0.2> Web Server
|
|
<192.168.0.3>
WinGate Server
<10.0.0.1>
|
|
<Private LAN>

[script]

I've already this configuration of the wingate machine only missing the web server!

I've already an internal server in the network and if had another server they start to be lots of computers!

And I have some databases that i need to share!

[jamesc]

1. Can you add routes for the internal side of your hardware router?
i.e. based off the diagram I want to know if your router can be set up to send anything destined for the 10.0.0.0 network via the 192.168.0.3 interface?

2. And I presume the external side of the hardware router has a firewall?

3. In WinGate what are the marking of these addresses? i.e. Internal or External? Gatekeeper --> View menu --> Network
192.168.0.3
10.0.0.1

* Routing through WinGate will not consume a license count.

[script]

My network is:

ISP
|
10.0.0.1 - internal router - machine 1
|
|
10.0.0.10 - nic1
192.168.0.254 nic2 - wingate machine - machine 2
|
|
switch
| |
| 192.168.0.xxx - machine x - internal clients
|
192.168.0.1 - internal W2003 server - macine 3

Can I route all the trafic?

[jamesc]

*I would expect so* but cannot say I have done this scenario with a webserver. Before I advise further I want to know:

a) Do you have a firewall on your interent connection.
b) Can you add routes to your router.
c) What are your adapters marked as in WinGate.

[script]

Ten wingate machine was two nics

nic1 - 10.0.0.10 - external
nic2 - 192.168.0.254 internal

my external router is SMC7904BRA and it has firewall and suports routing.

[jamesc]

Good man.

Just did this scenario with remote desktop (TCP Port 3389) and it routed fine – it should be the same for your web server (TCP Port 80). This is what you need to do.

1. Set both network cards as INTERNAL in WinGate.
2. Add the route to the router.
3. Confirm "Support for multiple sub networks" is checked i ENS --> General.
3. Complete.

Extra details.

a) Masks.

- To make a route on the router only for the 192.168.0.1 box
Destination: 192.168.0.1
Net Mask: 255.255.255.255
Gateway: 10.0.0.10

- To make a route on the router to allow it to know where the whole subnet is - presuming that the network id / subnet mask is 192.168.0.0 / 255.255.255.0
Destination: 192.168.0.0
Net Mask: 255.255.255.0
Gateway: 10.0.0.10
*You probably don't want to do that for the sake of security.

You should not need to anything on the web server.


b) For the routing to work we need both adapters set to INTERNAL.
If you have existing ENS port redirection setup for "Internet Computers to WinGate PC" - then you will need to open them and change to "Local computers to WinGate PC" and possibly turn off the "Don't translate source ip" if you are redirecting to a different ip address.

*Internet computer to WinGate PC" could be interpreted as:
Connections to an External adapter.

**LAN Connections to WinGate PC could be interpreted as:
Connections to an Internal adapter.



***If any other forum users can critique this if they have a better solution then that would be appreciated.

[script]

When I set the two nic's of wingate server to internal, I'm going to loose some security?

Because i've lot's of hits im my firewall tab from the router.

I have some banned sites do I lose this control?

Thanks

Rui

[jamesc]

Yes, but I am trying to help you so to not consume license counts and my advice is based off you confirming that there is a firewall upstream on the router. I don't have a crystal ball to know that your firewall does not work even though you have a firewall :) i.e. how to configure a SMC7904BRA is out my scope for support.

[jamesc]

p.s. I kind of know what you mean ( I just re-read the last forum posts and thought I was a bit harsh) - I will try to get more details on this tomorrow - and if your research finds any reasons for this then I would be keen to hear about it with some context i.e. what ports are open on hardware router and what ports are getting hit in WinGate.

[jamesc]

The person that I asked for a second opinion wants to know the ports you have open on the hardware router - the ports that are getting hit in WinGate - And the source ip addresses.

So if you want to continue with this post then we will need those details.

[script]

The ports open in my router are:

Port 80 redirected to external wingate nic: 10.0.0.10
Port for vpn access
port for pcanywhere

Nothing else

When I try to put the web server in the wingate machine using apache I receive an error saying that the port is in use!

Regards

Rui Leite

[jamesc]

The person that I asked for a second opinion wants to know the ports you have open on the hardware router - the ports that are getting hit in WinGate - And the source ip addresses.

So if you want to continue with this post then we will need those details.

[jamesc]

And with this:

When I try to put the web server in the wingate machine using apache I receive an error saying that the port is in use!

It is probably caused by the WWW Proxy listening on port 80. You could change it to 8080 to stop the conflict.