WinGate Forums

[digaumsmile]

Hi everyone...

I have installed wingate at my office... to block internet to employes.

My modem is set as "router"... I made the ping test and it worked fine.

I've got 10 pcs here, but my boss wants to block internet only in 5 pcs. I have two ethernet adapters installed (I'm the server) , both plugged in a HUB. The first adapter, has the ip number 10.0.0.1, mask 255.255.255.0, gateway 10.0.0.138 and DNS 200.204.0.10/200.204.0.138. The second has ip 192.168.0.1, mask 255.255.0.0 and gateway 10.0.0.1. Is that right???

Thanks so far.

Rodrigo

[Nev]

The second has ip 192.168.0.1, mask 255.255.0.0 and gateway 10.0.0.1. Is that right??? Thanks so far.

Rodrigo

Hi Rodrigo,

In Gatekeeper check in the Network tab that the Class C NIC is marked as Internal and the other to the router is external.

This internal NIC 192.168.0.1 should only have a mask and NO gateway at all.

What you could do to allow only 5 clients access is easy if they have a static IP.

If they are to have full access you can ban the others.

What I do is to create a System Policy and add the IP addresses of the clients who are NOT to have any access.

It looks like this example for one client address:



Next in any service you want to block open the Policies and set them to 'System Policies Must Also Be Granted' for this to work, for example the WWW proxy and ENS then web browsing will cease for every client in the list.

Or, you can create a policy like this for each service to ban a user IP too, I just happen to like System policies.

[digaumsmile]

okay... i undestood..

Both are set as "Internal"...

I don't want to receive all internet at all. My bosses pcs will not be proxy clients... they will receive it freely.

When I meant "I'm the server" I was wrong...lol... I'll be the server only to block the employees pcs...

is that possible to do something like this behind:

------------------------------------------------------------------
internet --> router --> HUB |--> boss #1
----------------------------------|--> boss #2
----------------------------------|--> my pc --> employee #1
--------------------------------------------|--> employee #2
--------------------------------------------|--> employee #3
--------------------------------------------|--> employee #4
--------------------------------------------|--> employee #5
------------------------------------------------------------------

'Cause my bosses arrive here first than the employees, they turn on the modem, hub and pc and surf freely in the internet, got it?

Thanks so far

Rodrigo

[Nev]

Both are set as "Internal"...

Ok, you should set the NIC on the Class A // 10.0.0.1 as 'External' and if you want to use the proxy for your services, just set your Internet Options to the localhost // 127.0.0.1:80 for example.

Next you could stop the client pc's with a Filter // Criterion where rights are not met if their IP contains part of their IP address should work.

[digaumsmile]

I had set both of adapters, as you said, but i still couldn't connect the client to the server.

Client is set this way:

IP: 192.168.0.2
subnet mask: 255.255.0.0
gateway: 192.168.0.1
DNS: blank

Is this right??

Thanks

Rodrigo

[Nev]

I had set both of adapters, as you said, but i still couldn't connect the client to the server.

Client is set this way:

IP: 192.168.0.2
subnet mask: 255.255.0.0
gateway: 192.168.0.1
DNS: blank

Is this right??

Thanks

Rodrigo

Hi Rodrigo,

What you need there is to have the DNS requests forwarded to Wingate so the Client configuration would be:

IP: 192.168.0.2
Mask: 255.255.255.0
Gateway: 192.168.0.1
DNS: 192.168.0.1

That way name resolution will go from the client via Wingate.

Lastly, ping the Server from a client // CMD // ping 192.168.0.1 for four replies must be ok.

Also, you can ping an Internet host to verify that the client has DNS access // CMD // ping ato.gov.au for four replies.