WinGate Forums

[DarthGizka]

Is it possible to have WinGate route traffic coming from a specific external IP and port or destined for it?

We have a Fritzbox hanging on the external interface of the WinGate machine and it would be nice if we could use the fax functionality, which is essentially CAPI over TCP (port 5031). Startup/discovery uses UDP broadcasts with port 5031 as src and dst, but that can probably be worked around, as long as TCP works.

For obvious reasons we cannot allow Windows to route things past WinGate. Hence we need to get WinGate to do the routing, preferrably with a filter that drops all packets where the external IP is the Fritzbox but the Fritz port isn't 5031 (CAPI over TCP) or 80 (web admin interface of the router). I.e. a static route and a filter with two tiny holes. Can it be done?

[adrien]

Hi

sorry for the delayed response. I'm having a bit of trouble visualizing the setup.

So the Fritz box is on a subnet connected to the external interface of WinGate, and you want the LAN users on the internal interface of WinGate to be able to discover and use this, but prevent other access (this is where I'm not clear which other access you're trying to block).

Are you trying to block:

* LAN client access to other ports on the Fritz box
* Fritz box access to the internet

Or something else? You may be able to do several things.

For starters enabling UDP broadcast relay on port 5031 may make discovery start to work. NAT should allow access from the LAN clients to the Fritz box, but do these LAN clients use WinGate for normal web surfing? E.g. do they need NAT access to elsewhere?

Flow-chart policy for NAT allows you to apply more finesse to your access control policy than the more simple port range settings which don't take destination IP or source into account.

Regards

Adrien de Croy