WinGate Forums

[kiav]

I use WWW and FTP transparent proxy. They accordingly intercept connections on 80 and 21 ports. All is right but not for it.utkonos.ru, it2.utkonos.ru, it3.utkonos.ru, it4.utkonos.ru, it5.utkonos.ru, it6.utkonos.ru, it7.utkonos.ru and it8.utkonos.ru. My internet soft does not support connection to these sites through transparent proxy.

Which setting in WinGate do I need to bypass transparent proxy for these sites and ports?

PS: Client PCs use NAT when connecting to WinGate.

[ChrisH]

AFAIK, currently with Transparent proxy it is all or nothing. So you can't just selectively choose what sites not to go through the transparent proxy.

[jamesc]

My internet soft does not support connection to these sites through transparent proxy.

To troubleshoot why your software cannot connect through the intercept:

1. If it*.utkonos.ru are hosted internally on your network, then you may need to change the HOSTS file on the WinGate server to be able to find it.

2. Confirm it is not a caching problem.

3. Confirm it is not a plugin problem.

4. Confirm it is not an authentication issue.


If you are still having problems, you may be able to resolve this issue as follows:

5. If you can change what port your software wants to connect to, you could do a redirection for that port, back to 80. For example, if you changed your software to connect to port 81, then the setting in ENS to redirect back to 80 is shown below:



*The 0.0.0.0 address shown in the image in this case means it will redirect to the ip address that was in the original request to that port.
** Edit: Port 81 is probably not a good example; maybe 8111 instead.
***Edit: Do not have "Don't translate source ip" checked; I made a mistake in image.

[kiav]

To troubleshoot why your software cannot connect through the intercept:

1. If it*.utkonos.ru are hosted internally on your network, then you may need to change the HOSTS file on the WinGate server to be able to find it.

They are hosted externally.

2. Confirm it is not a caching problem.
3. Confirm it is not a plugin problem.

I tried to turn off caching, KAV, and both - caching and KAV (I have no other plugins). It di not help.

4. Confirm it is not an authentication issue.

My WinGate PC (and WWW Proxy service) is opened for any user in LAN. it*.utkonos.ru do not require user authorization.

If you are still having problems, you may be able to resolve this issue as follows:

5. If you can change what port your software wants to connect to, you could do a redirection for that port, back to 80. For example, if you changed your software to connect to port 81, then the setting in ENS to redirect back to 80 is shown below:



*The 0.0.0.0 address shown in the image in this case means it will redirect to the ip address that was in the original request to that port.
** Edit: Port 81 is probably not a good example; maybe 8111 instead.
***Edit: Do not have "Don't translate source ip" checked; I made a mistake in image.

Unfortunatly, my soft do not allow to change it to connect to other ports.

[ChrisH]

If the only way to connect to these sites is through NAT then I think you will have to turn off Transparent Proxy and have your client machines connect directly to WWW proxy except for those sites. Then in ENS policy allow only those it.utkonos.ru sites to go through. But are you sure there isn't some other issue with these site names? I can't ping any of them - they don't seem to exist. Some DNS issue maybe?

[kiav]

If the only way to connect to these sites is through NAT then I think you will have to turn off Transparent Proxy and have your client machines connect directly to WWW proxy except for those sites. Then in ENS policy allow only those it.utkonos.ru sites to go through. But are you sure there isn't some other issue with these site names? I can't ping any of them - they don't seem to exist. Some DNS issue maybe?

Thank you. I've made these settings on client PC (browser uses proxy, except these 8 domain names). I turned off transparent proxy on WWW and FTP proxies. And have made necessary setting in ENS policies. I did it (ENS polisy) for the first time. It's rather Spartan tool. I had to use IP addresses instead of theire domain names because clients makes it's requests using IPs. Then I had to make 8 (!!!) different filters with very simple conditions (one condition 'server IP address equals' for each filter). Why not to make available lists for string variables? Or regular expressions.

But are you sure there isn't some other issue with these site names? I can't ping any of them - they don't seem to exist. Some DNS issue maybe?

Sure. It (soft) works. I don't know why these hosts do not respond to ping.

[ChrisH]

Then I had to make 8 (!!!) different filters with very simple conditions (one condition 'server IP address equals' for each filter).

If those server IP addresses are on the same network segment (and it looks like they are - I can ping them today!) you could use server IP contains 80.249.153. that would cover all 256 addresses of the network segment. That may end up allowing other sites you don't want, but it is only one entry rather than eight if it is acceptable to you.

Why not to make available lists for string variables? Or regular expressions.

I know this type of request has come in before to Qbik and I understand they are making changes to filtering processes for the next major release of WG.