WinGate Forums

[Hannes14]

Hello,

I use Wingate 5 and I am very satisfied. My network in general works,
but sometimes there are things, I don't understand but I am sure, that
the configuration and my understanding could be better ... ;-)) So
perhaps you have some hints for developing both.

1.)
Can anybody tell me what is responsible whether an client-application
connects to the Internet per my installed "user service" called "WWW
Proxy" or connect per NAT.
When I watch the Activity Monitor when Clients are active, sometimes I
see a line called "NAT ... TCP ... 192.168. ..." and sometimes I see
lines with URLs.
Is it correct, that every line called "NAT" ist "routed" by the ENS and
every of the "http"-lines is using my created user-service? Both is
active on the Wingate-Server. Should I use both oder just one of them?

2.)
I have an "application" running in browser that connects to an webserver
and gets data for a local database. I know, that Port 443 is necessary
(trial and error ... ;-)).
In the WWW-Proxy service in the section "HTTPS" I allowed the Port 443.
Result --> application doesn't work.
When I make an additional user service "TCP-Mapping", enter the Port 443
and do NOT enter some mappings (no default mapping and no other
mappings), the application works.
Has anybody some hints for this behavior? I thought, TCP-mappings only
work, when mappings are entered. What happens, if I do not enter
mapping-adresses and -ports? And why does the application not work
without the TPC-mapping-service?

Thank you for your help.

Greetings
Hannes

[Nev]

Hello,

I use Wingate 5 and I am very satisfied. My network in general works,
but sometimes there are things, I don't understand but I am sure, that
the configuration and my understanding could be better ... ;-)) So
perhaps you have some hints for developing both.

1.)
Can anybody tell me what is responsible whether an client-application
connects to the Internet per my installed "user service" called "WWW
Proxy" or connect per NAT.
When I watch the Activity Monitor when Clients are active, sometimes I
see a line called "NAT ... TCP ... 192.168. ..." and sometimes I see
lines with URLs.
Is it correct, that every line called "NAT" ist "routed" by the ENS and
every of the "http"-lines is using my created user-service? Both is
active on the Wingate-Server. Should I use both oder just one of them?

Hi Hannes,

What you are seeing is how clients make requests, if for example a browser is set to 'Connect Directly' then most likely it will use the NAT engine, or, if the browser is changed to use proxies then the traffic in Gatekeeper will look different being Proxy access.

In the WWW proxy you can make all use only Proxy by enabling Intercepts if required.

2.)
I have an "application" running in browser that connects to an webserver
and gets data for a local database. I know, that Port 443 is necessary
(trial and error ... ;-)).
In the WWW-Proxy service in the section "HTTPS" I allowed the Port 443.
Result --> application doesn't work.
When I make an additional user service "TCP-Mapping", enter the Port 443
and do NOT enter some mappings (no default mapping and no other
mappings), the application works.
Has anybody some hints for this behavior? I thought, TCP-mappings only
work, when mappings are entered. What happens, if I do not enter
mapping-adresses and -ports? And why does the application not work
without the TPC-mapping-service?

What happens here if you configure the application to use a direct connection? It should use NAT and access the database ok.

Thank you for your help.

Greetings
Hannes

You can also upgrade to the latest version with the same features in your current licence for free, well worth the effort!

[Hannes14]

Hi Nev,

what do you mean with "enabling intercepts"? I cannot find anything like that in the Gatekeeper ...

My "special application" does not work with NAT alone. It tries to open a "TCP Connection to an IP-Adress: 443" and this doesn't work. Same settings but an additional "TCP-Mapping Service" as I described and it works ...
FYI: The application is an browser-thing.

Any idea? Thanks!
Hannes

[Nev]

Hi Nev,

what do you mean with "enabling intercepts"? I cannot find anything like that in the Gatekeeper ...

My "special application" does not work with NAT alone. It tries to open a "TCP Connection to an IP-Adress: 443" and this doesn't work. Same settings but an additional "TCP-Mapping Service" as I described and it works ...
FYI: The application is an browser-thing.

Any idea? Thanks!
Hannes

Intercepts is modified in the WWW proxy, look for Sessions --> Enable Intercepts in the 'Transparent Proxy' if V5.x supports it, or better still upgrade to V6.x!

[Hannes14]

Hi!

I found the "Transpartent Redirection"-option, but it has no effect.

What I'm interested: is there an answer for this effect, or could it be a bug in Wingate 5?
And I would like to learn more about Proxy, NAT, Winsock Recirector Service, mappings and so on. Because my settings are based on trial an error and some problems could not be solved this way. Does anybody know an good lecture for this topic (links preferred)?

Thank you!
Hannes

[adrien]

Hi

It's a bad idea to intercept port 443 into the WWW proxy.

We did add a feature for TCP mapping proxies to allow them to intercept connections and connect to the original destination if no mappings were specified, however, I thought this was only added in WinGate 6.1

If this application is running in a browser (is it a java based app?) then normally it should use the browser's connectivity, which for anything except HTTP etc would use the "secure proxy" setting (which results in a CONNECT command).

Otherwise NAT is the normally the easiest way to get it working, which requires no configuration in Wingate, and the client has its default gateway set to the IP of the WinGate machine.

Regards

Adrien