NAT & Guess User

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

NAT & Guess User

Postby Andy Ng » Sep 16 03 2:33 pm

Hi,

I have 2 installation now upgraded to 5.07 both of them with broadband connection. I do have a problem with NAT and System User Guess account settings.

As the wingate purchase is only limited to 12 and 25 users not everyone is authorize to access the internet. Both the location I have enable "Java Authentation Required" and a few Assume users. In the Firewall port settings I have Port redirection for Port 110 and 3000 redirected to another Mail Server. With the Authentation Required users from the net is unable to get to my mail server and this i have trace to Authentation failure. I find that if I disable Authentation then I can get it but this would enable uses going to the Net with Guess Account. Please advised.

Andy Ng
Andy Ng
 
Posts: 3
Joined: Sep 16 03 2:24 pm

Postby adrien » Sep 16 03 4:39 pm

you can specify policies separately on all services, depending on how you also use the default policies.

So you can specify that users of the WWW Proxy must be authenticated, but that NAT users are able to use the connection. If you use Transparent Redirection in the WWW Proxy, then the NAT users will also have to authenticate for WWW

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby Andy Ng » Sep 16 03 11:09 pm

adrien wrote:you can specify policies separately on all services, depending on how you also use the default policies.

So you can specify that users of the WWW Proxy must be authenticated, but that NAT users are able to use the connection. If you use Transparent Redirection in the WWW Proxy, then the NAT users will also have to authenticate for WWW

Adrien


Hi Adrien,
I understand policies, I cannot set NAT to refuse Guest unless authenticated because if I do that users outside that is trying to get into my mail server via port 3000 would not be able to. I have check it and it seems the system uses the Guest account for redirection. So if I enforce authenticated users only it won't work and I find the system error message would indicated Authenticated failure xxx.xxx.xxx.xxx which is the internet ip that is trying to get in via port 3000 or 110

I hope I am making sense to all these.

Andy Ng.
Andy Ng
 
Posts: 3
Joined: Sep 16 03 2:24 pm

Postby adrien » Sep 17 03 8:19 pm

I'm just suggesting you require authentication on the policies for the WWW Proxy only, not global overall policies.

Then when your users try and use NAT for WWW, they will be redirected to the WWW Proxy and forced to authenticate. Other NAT users will not be affected.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby Andy Ng » Sep 17 03 10:35 pm

adrien wrote:I'm just suggesting you require authentication on the policies for the WWW Proxy only, not global overall policies.

Then when your users try and use NAT for WWW, they will be redirected to the WWW Proxy and forced to authenticate. Other NAT users will not be affected.

Adrien


Understand however my mail server supports Web Config and also Webmail which by are WWW base. So does it pose a problem.

Andy Ng.
Andy Ng
 
Posts: 3
Joined: Sep 16 03 2:24 pm

Postby adrien » Sep 18 03 9:42 am

if your mail server config is on port 3000, and it is inbound from the internet that people access this, then it won't be transparently redirected to the WWW Proxy.

So requiring authentication on the WWW proxy should not pose a problem for these users.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: No registered users and 29 guests