WinGate Forums

[jbauman]

I host my own website and email on my Wingate (2000) server. If I bind my external IP address in the WWW Proxy, I get hit hard by a bunch of crap websites. I since had to remove the binding to stop it and stop my IP being banned from sending email for having an open proxy and using up all of my user licenses. How do I fix this?

Here is a log of the crap:
Start time Computer User IP Application Action Duration Bytes in Bytes out
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
06-Oct 12:08:53 210.83.18.98 210.83.18.98 N/A http://jump.sex.com:80/qr13.cgi 0 660 1236
06-Oct 12:08:53 rdu74-130-250.nc.rr. 24.74.130.250 N/A http://asspalace.com/members/index.html 1 314 498
06-Oct 12:08:52 210.83.18.98 210.83.18.98 N/A http://searchfront.net:80/redirect.php 20 489 485
06-Oct 12:08:50 JOEL joel 192.168.0.5 iexplore.exe http://searchfront.net:80/search_results.php 0 525 4940
06-Oct 12:08:30 210.83.18.98 210.83.18.98 N/A http://searchfront.net:80/search.php 26 504 321

[labull]

Set up a second WWW Proxy for your web site.

On Interfaces make sure it is ONLY bound to the Internal adapter.

In Policies - Advanced - add a Filter that says

Is non-proxy request is TRUE

This should prevent the badies from bouncing off your server.

Let us know if this works for you.

Larry

[jbauman]

I'm not really sure what port to put the new one on, the origional WWW proxy is set to 80. Do I only bind 192.168.0.1 or both that one and 127.0.0.1?

[labull]

Port 80 will work OK.

You may get a warning about that but ignore it.

I believe 192.168.0.1 should be all you need.

I have several sites working successfully like this.

Larry

[jbauman]

I added the WWW Proxy 2 to Wingate, bound ONLY 192.168.0.1 and added the policy. If I browse to my webpage, either by the URL or external IP, I get 'The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings'

I will say I am experiencing technical difficulties

[adrien]

Lost me with that one...

If you are hosting a web server on the WinGate machine, you probably don't want a WWW Proxy at all, since that will be only for your users to connect through outbound... unless you specifically want proxy controlled access for your LAN users.

In that case Larry's advice is good, but you will need to do one more thing

In the ENS, you will need to open up a hole in the firewall (on the port security tab) on port 80 for TCP connections coming in from the Internet. Set the action to "allow". This will allow the Internet to connect to your web server.

You should then only need one WWW Proxy, bound only to the IP address of your internal adapter.

You may find if you also bind your web server to the same IP, there will be problems, in which case about your only remedies would be

a) disable the WWW Proxy completely, and use ENS/NAT for your LAN users to browse the internet
b) set up a proxy on the internal interface of your LAN on a different port number, i.e 8080, then configure the WWW browsers on your LAN to use a proxy server on that port number.

Adrien

[labull]

I completely missed the fact that the web site was being hosted on the WinGate server.

That does change things.

[DBeard]

Sounds to me like you have SMTP passthrough enabled on your email server software.

This will get your IP blacklisted.

[jbauman]

They seem to be web pages, not mail. What the heck is going on?

[labull]

If you are hosting the web site on the WinGate server, Adrien's reply indicates that you don't need a proxy at all.

This is normal behavior for a mis-configured Proxy server.


Larry

[jbauman]

will the clients still be able to access the internet?

[labull]

Sure should.