We currently have wingate installed as default Proxy server. It has 2 NICs with IP:202.171.11.206 (global IP) and the other IP: 192.168.0.1 (static IP). We usually access the internet from Client PC with simple TCP/IP & IExplorer proxy configuration on Client PC.
But, Now we're gonna change the existing cofiguration to NAT mode. I really do not have any experience to config the NAT.
Would anybody share and tell us how to configure Wingate (v5.23) in NAT mode? Where the proxy server shall be connected on? whether both of UTP cable goes to switching or something else?
I would really appreciate anybody's input on this and I would very much appreciate it if you could mail me your configuration, if possible. My e-mail: yadi21nv@yahoo.com
Configuring NAT
Moderator: Qbik Staff
11 posts
• Page 1 of 1
Configuring NAT
by Yadi » Jun 30 05 8:41 pm
- Yadi
- Posts: 5
- Joined: Jun 30 05 8:06 pm
- Location: Jakarta, Indonesia
by genie » Jun 30 05 10:39 pm
All you have to do is to allow NAT in Wingate settings (Extended Networking/Properties/Genral), setup network interfaces correctly (as in trusted/internal vs untrusted/public) and have all client machines set their default gateways through your wingate machine.
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
by jamesc » Jul 01 05 3:58 pm
Just adding to Genies comments, This is an example of how NAT would be set up.
WinGate computer with internet connection:
IP Address 192.168.0.1
Subnet Mask 255.255.255.0
Client computer 1 requiring to share internet connection network card
IP Address 192.168.0.2
Subnet Mask 255.255.255.0
DNS Address 192.168.0.1
Gateway 192.168.0.1
Client computer 2 requiring to share internet connection network card
IP Address 192.168.0.3
Subnet Mask 255.255.255.0
DNS Address 192.168.0.1
Gateway 192.168.0.1
In WinGate, NAT is part of the "Extended Networking"
WinGate computer with internet connection:
IP Address 192.168.0.1
Subnet Mask 255.255.255.0
Client computer 1 requiring to share internet connection network card
IP Address 192.168.0.2
Subnet Mask 255.255.255.0
DNS Address 192.168.0.1
Gateway 192.168.0.1
Client computer 2 requiring to share internet connection network card
IP Address 192.168.0.3
Subnet Mask 255.255.255.0
DNS Address 192.168.0.1
Gateway 192.168.0.1
In WinGate, NAT is part of the "Extended Networking"
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by Yadi » Jul 01 05 4:53 pm
Hello Genie, Hello James,
Many thanks for your guidance.
I see. Is it the only configuration we needed to activate the NAT? How about other tab-sheet, such as firewall, port security, routing, etc? Do we have to leave them unchanged as default? How many NIC we need for Proxy Server?
Best regards,
Yadi
Many thanks for your guidance.
I see. Is it the only configuration we needed to activate the NAT? How about other tab-sheet, such as firewall, port security, routing, etc? Do we have to leave them unchanged as default? How many NIC we need for Proxy Server?
Best regards,
Yadi
- Yadi
- Posts: 5
- Joined: Jun 30 05 8:06 pm
- Location: Jakarta, Indonesia
by jamesc » Jul 01 05 5:10 pm
Is it the only configuration we needed to activate the NAT?
Yes, that is the only client side configuration you require. On the WinGate server you need to have the extended networking installed, which is done at the time of installation; sounds like you have it so you are ready to go.
How about other tab-sheet, such as firewall, port security, routing, etc?
Firewall, defaults shoud be fine.
Port Securtiy, used for port connections in or out of your network. Generally you do not require any thing for traffic leaving your LAN at a simple level. If you were running a web server on the WinGate computer, you would probably want to open up port 80 to allow connections to your own web server.
Routing, you should not need to worry about that in a simple network as well.
How many NIC we need for Proxy Server
1... Please note, you can still use the proxies while having NAT, even if you do not have the settings set in Internet Explorer. We have a feature called "Transparent Proxies", it will catch any web traffic on specified ports passing through NAT ... and hence allow you to... for example ...
1. Scan web traffic with the Kapersky Antivirus Plugin for WinGate
2. Scan web traffic for objectionalbe material, with the PureSight plugin for WinGate.
3. Allow you to benefit from using the cache.
* Transparent proxies are enabled via the WWW Proxy Service --> Sessions
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by Yadi » Jul 01 05 7:20 pm
Hi James/Genie,
You're my angel.
I'll try to setup the NAT as yours. :-)
You told me that we can run Web server on Wingate Proxy, but I have different cases. I have apache Web server running on Novell File Server which is running on port 80. My question, How's client PC can access both of internal and external website. Can we utilize "configuration script" of IExplorer that mapped to a PAC file, other than "proxy setting" of IExplorer?
It's a simple question, but it might be the last.
Anyway, thanks for your precious explanations.
Regards,
:-)
You're my angel.
I'll try to setup the NAT as yours. :-)
You told me that we can run Web server on Wingate Proxy, but I have different cases. I have apache Web server running on Novell File Server which is running on port 80. My question, How's client PC can access both of internal and external website. Can we utilize "configuration script" of IExplorer that mapped to a PAC file, other than "proxy setting" of IExplorer?
It's a simple question, but it might be the last.
Anyway, thanks for your precious explanations.
Regards,
:-)
- Yadi
- Posts: 5
- Joined: Jun 30 05 8:06 pm
- Location: Jakarta, Indonesia
by jamesc » Jul 01 05 9:04 pm
Hi Yadi,
I do not think I quite understand your desired result; but here is a guess
GateKeeper --> Extended Networking --> Port Security .. as shown in image below.
So you want internal clients or external clients to access the webserver via the same domain name: www.mywebserver.com
This is one way to do this... I aint quite got time to test this on a DNS server, you could prolly do it like that too.. so if there are any confident DNSers out there; enlighten us.
On all the internal client machines, navigate to C:\WINDOWS\system32\drivers\etc and open up the "hosts" file with notepad ... below this line already in there
127.0.0.1 localhost
place:
192.168.0.2 www.mywebserver.com
when you save it, DO NOT PUT AN EXTENSION ON THE HOSTS FILE .. to test it, (windows) Start Menu --> run --> cmd --> ping www.mywebserver.com .. it should reply with the appropriate IP Address .... (you may be able to do some kind of login script to pass out the hosts file in a large network environment)
What that will do on the client machine is as follows... An internal client types www.mywebserver.com into internet explorer ... Windows first checks the host file to see if it can find the domain name, if it cant it sends the request off to the DNS server... so thats the trick .. catch the request before it asks a DNS server
Hopefully I have guessed your desired result correctly, and hopefully my instructions are correct; sorry if not. :S
I do not think I quite understand your desired result; but here is a guess
GateKeeper --> Extended Networking --> Port Security .. as shown in image below.
So you want internal clients or external clients to access the webserver via the same domain name: www.mywebserver.com
This is one way to do this... I aint quite got time to test this on a DNS server, you could prolly do it like that too.. so if there are any confident DNSers out there; enlighten us.
On all the internal client machines, navigate to C:\WINDOWS\system32\drivers\etc and open up the "hosts" file with notepad ... below this line already in there
127.0.0.1 localhost
place:
192.168.0.2 www.mywebserver.com
when you save it, DO NOT PUT AN EXTENSION ON THE HOSTS FILE .. to test it, (windows) Start Menu --> run --> cmd --> ping www.mywebserver.com .. it should reply with the appropriate IP Address .... (you may be able to do some kind of login script to pass out the hosts file in a large network environment)
What that will do on the client machine is as follows... An internal client types www.mywebserver.com into internet explorer ... Windows first checks the host file to see if it can find the domain name, if it cant it sends the request off to the DNS server... so thats the trick .. catch the request before it asks a DNS server
Hopefully I have guessed your desired result correctly, and hopefully my instructions are correct; sorry if not. :S
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by Yadi » Jul 01 05 10:35 pm
Wow... it's great...!! it's beyond my expectation. Now I have additional knowledge for the WinGate. I thought, the WinGate only a simple Sharing Connection Server like others proxy application, but now I found some more advantages/features from your explanations. I'm so exited to this information.
Btw, I'm sorry for my above lack of descriptions. It actually was about simple matter for client computer. Pls open Internet Explorer, then click Tools/Internet Options/Connection/LAN Settings. We will find 3 options where the the second is "use auto config script" and the third is "use proxy server...". Currently, i use the third option; by IP addr 192.168.0.xxx, port 80.
What i want to know is, when we choose the second option (use auto config script), does the NAT mode has ability to catch PAC file?
For example: we create proxy.pac and put&share it on Novell File Server, on SYS folder as follows;
--------------------------------------------------
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
dnsDomainIs(host, ".abcd.com"))
return "PROXY 10.30.60.6:80";
else
return "DIRECT";
}
--------------------------------------------------
On the Iexplorer's "use auto config script" box, we type by => file://\\server1\sys\proxy.pac
Thus, when we open Iexplorer, it will automatically read the above config sript, in order to go to related web page.
Hence, is it possible for the NAT mode? :-)
Regards,
Btw, I'm sorry for my above lack of descriptions. It actually was about simple matter for client computer. Pls open Internet Explorer, then click Tools/Internet Options/Connection/LAN Settings. We will find 3 options where the the second is "use auto config script" and the third is "use proxy server...". Currently, i use the third option; by IP addr 192.168.0.xxx, port 80.
What i want to know is, when we choose the second option (use auto config script), does the NAT mode has ability to catch PAC file?
For example: we create proxy.pac and put&share it on Novell File Server, on SYS folder as follows;
--------------------------------------------------
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
dnsDomainIs(host, ".abcd.com"))
return "PROXY 10.30.60.6:80";
else
return "DIRECT";
}
--------------------------------------------------
On the Iexplorer's "use auto config script" box, we type by => file://\\server1\sys\proxy.pac
Thus, when we open Iexplorer, it will automatically read the above config sript, in order to go to related web page.
Hence, is it possible for the NAT mode? :-)
Regards,
- Yadi
- Posts: 5
- Joined: Jun 30 05 8:06 pm
- Location: Jakarta, Indonesia
11 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 2 guests