WinGate Forums

[xurshidi]

Hello,

Could someone pls explain me how can i limit users in details?

Unfortunately I coul not find the solution even using "Help" and due to lack of time.

Thx in advance...

[genie]

How do you want to limit them? Bandwith, connectivity, time they can connect to the internet?

[xurshidi]

How do you want to limit them? Bandwith, connectivity, time they can connect to the internet?

Thx 4 quick reply, genie!

I want to limit the volume of traffic, which is probably called bandwidth (not sure, I'm not a professional).

For example, when I add a new user, I open balance for them e.g. 30 Mb.
But when they already used it up, they can still use Internet.

Thats why I want to terminate Internet connection to such client computers as soon as they reached certain balance.

[genie]

If your target is to limit the overall amount of data the users are allowed to pump within, say, a week - then you need to create a policy that works with this criteria. It is quite well covered in the help file but I will try and find a bit more user-friendly information on it and have it forwarded to you.

[xurshidi]

Thx genie!
Yes it is what i need to do, but unfortunately I dont know how to create such policy. Some demo illustrations woul be really helpful.

Tnank u!

[genie]

Ok, try this (WWW proxy example):

1. Open "Properties" dialog for the service you want to configure (WWW service in our case) and switch to page "Policies" and find the particular user or group you want to apply these restrictions on. Double-click on the user item.

2. In the new window find page "Advanced", check radiobutton " Specify which requests this recipient has rights for".

3. Click "Add filter" and click on "Add criterion". In the first combobox select " User: Bytes sent to client", in the second "less then" and in the third one simply type down the desired maximum limit in Mb: for example, 50 Mb=1024*1024*50=52428800 52428800. Click Ok.

4. Keep clicking OK button until all the configuration dialogs are closed.[/img]

[xurshidi]

Hello, genie!

Thank u a lot for your advise. But unfortunately the problem is not soloved yet, and the client computer still can access to Internet and respectively can use it further.

[genie]

What version of Wingate are you using? Also, did you check that the user' accounting shows over 50Mb of traffic?

[xurshidi]

Genie,

I'm using WinGate 5.0 Version.
Concerning "Accounting" it is already more than 50 Mb or such, so that it exceeds the set limit.
Maybe I should put "more than" istead of "less than" where it asks "the criterion is met".
By the way which one would be the right one where it says:
User may be known (assumed/authenticated).
Should I click "assumed" one?

[genie]

Have you tried the latest version of Wingate, v6.0.4? If I remember correct Wingate v5 had numerous problems with accounting - try installing v6.0.4.

[max3do]

Hello xurshidi.
i think i know your probelm.
Make sure ur Default sytem rights is To -->Must also be Granted.
andalso make sure that user everyone is not in the list.
-------------------------------------------------------
weather u are doing in Nat or WWW proxy.
make sure the default system rights is to --> Must also be grated.
still need help..
send me a email
at erfan@digitalage.net.pk
maybe i we can setup a netmeeting and thourgh remote help i able to slove your probelm.

[xurshidi]

Hello xurshidi.
i think i know your probelm.
Make sure ur Default sytem rights is To -->Must also be Granted.
andalso make sure that user everyone is not in the list.
-------------------------------------------------------
weather u are doing in Nat or WWW proxy.
make sure the default system rights is to --> Must also be grated.
still need help..
send me a email
at erfan@digitalage.net.pk
maybe i we can setup a netmeeting and thourgh remote help i able to slove your probelm.

Max3do,
thx for ur tip, it almost worked out.
I say almost because when I choose "must also be granted" it applies for everyone and therefore access is denied for every user.
When I change it, it again gives access to each user. How can I solve this point?

By the way what should I put in "Policies" under "User must be unknown/assumed/authenticated". Which one to choose?

Thx in advance!

[MattP]

Hi,

Try setting the policy in WWW proxy so that default rights are ignored. If you are trying to apply policies to only some users you will need to use authentication or assumptions, otherwise WinGate won't know who the user is.

If you're still having problems then please detail your policy settings here and we'll have a look.

[xurshidi]

Hi,

Try setting the policy in WWW proxy so that default rights are ignored. If you are trying to apply policies to only some users you will need to use authentication or assumptions, otherwise WinGate won't know who the user is.

If you're still having problems then please detail your policy settings here and we'll have a look.

Hello, MattP!

Unfortunately, even if I set in WWW proxy policies Default rights are ignored, and apply "users may be assumed/authenticated", the problem still exists, and Wingate doesnot allow to use Internet for all other users as well.

What should I do?

[ChrisH]

Can you copy the contents of your WinGateConfig.txt file to this thread using the configuration that doesn't work for you? To create the WinGateConfig.txt file open GateKeeper->Options->Advanced then select Save Report save the report then open it in Notepad and copy contents and post them here. This will help us to see what is causing your problem. It's probably just a conflicting policy setting that is causing your grief.

[xurshidi]

This is my Config report. Hope its size wont bother anyone in forum.


1.01 WINGATE CONFIGURATION REPORT
1.02 Sunday, July 17, 2005, 13:23
1.03
1.04 ---------------------------------------------
1.05 WinGate Engine
1.06 ---------------------------------------------
1.07 WinGate 5.0.0 (Build 734)
1.08 Operating System: Windows 2000 (NT 5.1)
1.09 Language: ENU
1.10
3.01 ---------------------------------------------
3.02 License details
3.03 ---------------------------------------------
3.04 Version: WinGate 5 Professional
3.05 Expiry: Does not expire
3.06 Num. users: 10
3.07 Max. users: Unlimited users
3.08 User database: WinGate
3.09
4.01 ---------------------------------------------
4.02 Dialer information
4.03 ---------------------------------------------
4.04 Dialer is disabled
4.05
5.01 ---------------------------------------------
5.02 Network Interfaces
5.03 ---------------------------------------------
5.04 10.133.241.243 (LAN) [Internal] [Secure]
5.05 127.0.0.1 (LOOPBACK) [Internal] [Secure]
5.06 ARS (RAS) [External] [Unsecure]
5.07
6.01 ---------------------------------------------
6.02 Services
6.03 ---------------------------------------------
6.04
6.05 System Policies
6.06 ---------------------------------------------
6.07 Default System Access Rights:
6.08 Everyone - Unrestricted rights
6.09 accounting - Restricted by request
6.10 Default Start/Stop Rights:
6.11 Administrators - Unrestricted rights
6.12 Default Edit Rights:
6.13 Administrators - Unrestricted rights
6.14
6.15 POP3 Proxy server (POP3 Proxy server)
6.16 ---------------------------------------------
6.17 Session Timeout: 120
6.18 Port: 110
6.19 Startup: Automatic start/stop
6.20 Binding 1: 10.133.241.243
6.21 Binding 2: 127.0.0.1
6.22 Access Rights: Defaults: may be used instead
6.23 Start/Stop Rights: Defaults: may be used instead
6.24 Edit Rights: Defaults: may be used instead
6.25
6.26 TCP POP3 (TCP Mapping service POP3)
6.27 ---------------------------------------------
6.28 Session Timeout: 60
6.29 Port: 113
6.30 Startup: Automatic start/stop
6.31 Binding 1: 10.133.241.243
6.32 Binding 2: 127.0.0.1
6.33 Access Rights: Defaults: may be used instead
6.34 Start/Stop Rights: Defaults: may be used instead
6.35 Edit Rights: Defaults: may be used instead
6.36
6.37 Telnet Proxy server (Telnet Proxy server)
6.38 ---------------------------------------------
6.39 Session Timeout: 60
6.40 Port: 23
6.41 Startup: Automatic start/stop
6.42 Binding 1: 10.133.241.243
6.43 Binding 2: 127.0.0.1
6.44 Access Rights: Defaults: may be used instead
6.45 Start/Stop Rights: Defaults: may be used instead
6.46 Edit Rights: Defaults: may be used instead
6.47
6.48 WWW Proxy server (WWW Proxy server)
6.49 ---------------------------------------------
6.50 Session Timeout: 60
6.51 Port: 80
6.52 Startup: Automatic start/stop
6.53 Binding 1: 10.133.241.243
6.54 Binding 2: 127.0.0.1
6.55 Access Rights: Defaults: may be used instead
6.56 Start/Stop Rights: Defaults: may be used instead
6.57 Edit Rights: Defaults: may be used instead
6.58
6.59 DHCP Service (DHCP Service)
6.60 ---------------------------------------------
6.61 Session Timeout: 60
6.62 Port: 67
6.63 Startup: Automatic start/stop
6.64 Binding 1: 10.133.241.243
6.65 Access Rights: Defaults: may be used instead
6.66 Everyone - Unrestricted rights
6.67 Start/Stop Rights: Defaults: may be used instead
6.68 Edit Rights: Defaults: may be used instead
6.69
6.70 Winsock Redirector Service (Winsock Redirector Service)
6.71 ---------------------------------------------
6.72 Session Timeout: 20
6.73 Port: 2080
6.74 Startup: Automatic start/stop
6.75 Binding 1: 10.133.241.243
6.76 Binding 2: 127.0.0.1
6.77 Access Rights: Defaults: may be used instead
6.78 Start/Stop Rights: Defaults: may be used instead
6.79 Edit Rights: Defaults: may be used instead
6.80
6.81 TCP SMTP (TCP SMTP)
6.82 ---------------------------------------------
6.83 Session Timeout: 60
6.84 Port: 27
6.85 Startup: Automatic start/stop
6.86 Binding 1: 10.133.241.243
6.87 Binding 2: 127.0.0.1
6.88 Access Rights: Defaults: may be used instead
6.89 Start/Stop Rights: Defaults: may be used instead
6.90 Edit Rights: Defaults: may be used instead
6.91
6.92 FTP Proxy server (FTP Proxy server)
6.93 ---------------------------------------------
6.94 Session Timeout: 60
6.95 Port: 21
6.96 Startup: Automatic start/stop
6.97 Binding 1: 10.133.241.243
6.98 Binding 2: 127.0.0.1
6.99 Access Rights: Defaults: may be used instead
6.100 Start/Stop Rights: Defaults: may be used instead
6.101 Edit Rights: Defaults: may be used instead
6.102
6.103 RTSP Streaming Media Proxy (RTSP Streaming Media Proxy)
6.104 ---------------------------------------------
6.105 Session Timeout: 60
6.106 Port: 554
6.107 Startup: Automatic start/stop
6.108 Binding 1: 10.133.241.243
6.109 Binding 2: 127.0.0.1
6.110 Access Rights: Defaults: may be used instead
6.111 Start/Stop Rights: Defaults: may be used instead
6.112 Edit Rights: Defaults: may be used instead
6.113
6.114 SOCKS Proxy server (SOCKS Proxy server)
6.115 ---------------------------------------------
6.116 Session Timeout: 60
6.117 Port: 1080
6.118 Startup: Automatic start/stop
6.119 Binding 1: 10.133.241.243
6.120 Binding 2: 127.0.0.1
6.121 Access Rights: Defaults: may be used instead
6.122 Start/Stop Rights: Defaults: may be used instead
6.123 Edit Rights: Defaults: may be used instead
6.124
6.125 VDOLive Proxy server (VDOLive Proxy server)
6.126 ---------------------------------------------
6.127 Session Timeout: 60
6.128 Port: 7000
6.129 Startup: Automatic start/stop
6.130 Binding 1: 10.133.241.243
6.131 Binding 2: 127.0.0.1
6.132 Access Rights: Defaults: may be used instead
6.133 Start/Stop Rights: Defaults: may be used instead
6.134 Edit Rights: Defaults: may be used instead
6.135
6.136 POP3 Server (POP3 Server)
6.137 ---------------------------------------------
6.138 Session Timeout: 120
6.139 Port: 8110
6.140 Startup: Automatic start/stop
6.141 Binding 1: 10.133.241.243
6.142 Binding 2: 127.0.0.1
6.143 Access Rights: Defaults: may be used instead
6.144 Start/Stop Rights: Defaults: may be used instead
6.145 Edit Rights: Defaults: may be used instead
6.146
6.147 SMTP Server (SMTP Server)
6.148 ---------------------------------------------
6.149 Session Timeout: 300
6.150 Port: 25
6.151 Startup: Automatic start/stop
6.152 Bindings: ANY interface
6.153 Access Rights: Defaults: may be used instead
6.154 Start/Stop Rights: Defaults: may be used instead
6.155 Edit Rights: Defaults: may be used instead
6.156
6.157 GDP Service (GDP Service)
6.158 ---------------------------------------------
6.159 Session Timeout: 60
6.160 Port: 368
6.161 Startup: Automatic start/stop
6.162 Binding 1: 10.133.241.243
6.163 Binding 2: 127.0.0.1
6.164 Access Rights: Defaults: may be used instead
6.165 Start/Stop Rights: Defaults: may be used instead
6.166 Edit Rights: Defaults: may be used instead
6.167
6.168 XDMA Proxy service (XDMA Proxy service)
6.169 ---------------------------------------------
6.170 Session Timeout: 20
6.171 Port: 8000
6.172 Startup: Automatic start/stop
6.173 Binding 1: 10.133.241.243
6.174 Binding 2: 127.0.0.1
6.175 Access Rights: Defaults: may be used instead
6.176 Start/Stop Rights: Defaults: may be used instead
6.177 Edit Rights: Defaults: may be used instead
6.178
6.179 SMTP Proxy server (SMTP Proxy server)
6.180 ---------------------------------------------
6.181 Session Timeout: 60
6.182 Port: 25
6.183 Startup: Automatic start/stop
6.184 Binding 1: 10.133.241.243
6.185 Binding 2: 127.0.0.1
6.186 Access Rights: Defaults: may be used instead
6.187 Start/Stop Rights: Defaults: may be used instead
6.188 Edit Rights: Defaults: may be used instead
6.189
6.190 DNS Service (DNS Service)
6.191 ---------------------------------------------
6.192 Session Timeout: 60
6.193 Port: 53
6.194 Startup: Automatic start/stop
6.195 Binding 1: 10.133.241.243
6.196 Access Rights: Defaults: may be used instead
6.197 Start/Stop Rights: Defaults: may be used instead
6.198 Edit Rights: Defaults: may be used instead
6.199
6.200 WWW Server for viewing log files (Logfile Server)
6.201 ---------------------------------------------
6.202 Session Timeout: 60
6.203 Port: 8010
6.204 Startup: Automatic start/stop
6.205 Binding 1: 10.133.241.243
6.206 Binding 2: 127.0.0.1
6.207 Access Rights: Defaults: may be used instead
6.208 Start/Stop Rights: Defaults: may be used instead
6.209 Edit Rights: Defaults: may be used instead
6.210
6.211 Remote Control Service (Remote Control Service)
6.212 ---------------------------------------------
6.213 Session Timeout: 60
6.214 Port: 808
6.215 Startup: Automatic start/stop
6.216 Binding: 127.0.0.1
6.217 Access Rights: Defaults: may be used instead
6.218 Start/Stop Rights: Defaults: may be used instead
6.219 Edit Rights: Defaults: may be used instead
6.220
7.01 ---------------------------------------------
7.02 System Route Table
7.03 ---------------------------------------------
7.04 Current Route Table:
7.05 ---------------------------------------------
7.06 Network Mask Gateway Interface Metric
7.07 0.0.0.0 0.0.0.0 10.133.241.180 10.133.241.243 20
7.08 10.133.241.0 255.255.255.0 10.133.241.243 10.133.241.243 20
7.09 10.133.241.243 255.255.255.255 127.0.0.1 127.0.0.1 20
7.10 10.255.255.255 255.255.255.255 10.133.241.243 10.133.241.243 0
7.11 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
7.12 224.0.0.0 240.0.0.0 10.133.241.243 10.133.241.243 20
7.13 255.255.255.255 255.255.255.255 10.133.241.243 10.133.241.243
7.14
9.01 ---------------------------------------------
9.02 END OF CONFIGURATION REPORT

[ChrisH]

Thanks for the config posting.

Before you do anything else backup your WG registry settings. Do this by opening GateKeeper->Options->Advanced then select Save Registry Settings. In fact it is good procedure to do this before making any configuration changes to WG.

If you want to limit the users in the group accounting to a maximum amount then modify your system policy as follows (not the WWW service mentioned):

1. Open "Properties" dialog for the service you want to configure (WWW service in our case) and switch to page "Policies" and find the particular user or group you want to apply these restrictions on. Double-click on the user item.

2. In the new window find page "Advanced", check radiobutton " Specify which requests this recipient has rights for".

3. Click "Add filter" and click on "Add criterion". In the first combobox select " User: Bytes sent to client", in the second "less then" and in the third one simply type down the desired maximum limit in Mb: for example, 50 Mb=1024*1024*50=52428800 52428800. Click Ok.

4. Keep clicking OK button until all the configuration dialogs are closed.

Also make sure you have at least assumed authentication checked for this group.

This will limit only the users in the group accounting. However, in your case you will also have to adjust the system policy for the default group Everyone. This group is just that -Everyone- including the users in the group accounting. Because the accounting group is a subset of the group Everyone, policies that apply to group Everyone also apply to the group accounting- basically WG looks at both policies. So what you have to do is effectively remove the accounting group from group Everyone or remove group Everyone. In the system policy I would not recommend removing group Everyone (although others may disagree), so adjust the Everyone system policy as follows:

Open System Policies
Double Click group Everyone
Click the Advanced Tab
Select the Specify which requests this recipient has rights for radio button
Click Add Filter
Click Add Criterion
Select the This criterion is NOT met if radio button
On the left scroll box select User is a member of
On the next scroll box select group accounting
Then keep clicking OK button until all the configuration dialogs are closed.

This will then limit only the users in group accounting to the maximum specified in the advanced policy. Note that this is everything that WG does for members of the group e.g. WWW, mail, FTP etc.

There are also other ways in WG to do effectively the same thing. Let us know if this works. Other WG users may have alternatives for you.