Hi all.
I want to deny some port for some people, but other can use som this port.
I use 5.2.3 vesion, windows client use Wingate Internet client to login wingate service.
Please help me. Thanks!
Deny some port??
Moderator: Qbik Staff
6 posts
• Page 1 of 1
by jamesc » Sep 23 05 7:13 pm
Well, to start with, a good description of what you want to do = better advice... And secondly, this was created with our latest version 6.0.4. You should still be able to do this with your version, but if you want to upgrade, I have added some advice.
Upgrade Advice
A version 5 license will still work with 6.0.4, but only features that were available in version 5 will be enabled; we do this so our clients can get the benefits of bug fixes for the features they have bought. If you do decide to install version 6.0.4, then after it is installed, you need to make sure that the network adapter were detected correctly. The network card / modem pointing towards the internet needs to be marked as "External" and the network card that is pointing towards the LAN needs to marked as "Internal", as shown in the image below (GateKeeper --> View menu --> Network)
Answer to your question
So two scenarios.
Scenario 1. Allow one remote user to access TCP Port 5900, that is running on the WinGate server.
Scenario 2. Allow one remote user to access TCP Port 5900 on a machine that is behind WinGate
Scenario 1:
*Please note, VNC Server that runs on the WinGate Server is bound to port 5901, So in our TCP Mapping, WinGate server will listen for connections on 5900, and map it to 5901 on local machine. Also, please have a good look at the second image.
1. Create a new TCP Mapping service.
2. Fill in the required details
3. Make sure the TCP Mapping we created is listening on an external interface
4. Create a policy for the TCP Mapping service to allow a connection from only one location.
Scenario 2:
1. Create the Port Mapping to redirect port to local computer on the network.
2. Create a policy for ENS (Extended Networking Service) so everyone is not allowed acess to Port 5900
3. Create another policy in ENS for the Everyone group, and put in the location that is allowed to connect to that port.
4. On the Advanced tab of the policy created in step 3. Make a policy to allow a connection to that port.
Please let us know how you get on.
Upgrade Advice
A version 5 license will still work with 6.0.4, but only features that were available in version 5 will be enabled; we do this so our clients can get the benefits of bug fixes for the features they have bought. If you do decide to install version 6.0.4, then after it is installed, you need to make sure that the network adapter were detected correctly. The network card / modem pointing towards the internet needs to be marked as "External" and the network card that is pointing towards the LAN needs to marked as "Internal", as shown in the image below (GateKeeper --> View menu --> Network)
Answer to your question
So two scenarios.
Scenario 1. Allow one remote user to access TCP Port 5900, that is running on the WinGate server.
Scenario 2. Allow one remote user to access TCP Port 5900 on a machine that is behind WinGate
Scenario 1:
*Please note, VNC Server that runs on the WinGate Server is bound to port 5901, So in our TCP Mapping, WinGate server will listen for connections on 5900, and map it to 5901 on local machine. Also, please have a good look at the second image.
1. Create a new TCP Mapping service.
2. Fill in the required details
3. Make sure the TCP Mapping we created is listening on an external interface
4. Create a policy for the TCP Mapping service to allow a connection from only one location.
Scenario 2:
1. Create the Port Mapping to redirect port to local computer on the network.
2. Create a policy for ENS (Extended Networking Service) so everyone is not allowed acess to Port 5900
3. Create another policy in ENS for the Everyone group, and put in the location that is allowed to connect to that port.
4. On the Advanced tab of the policy created in step 3. Make a policy to allow a connection to that port.
Please let us know how you get on.
Last edited by jamesc on Sep 27 05 11:33 pm, edited 1 time in total.
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
burring in
by ngrayson » Sep 27 05 10:13 pm
Guys,
Oddly I had the same requirement. I run Vpop3 mail server colocated on the wingate machine and wanted to grant access to myself from a remote offnet location. Its run for year no problems.
I set up scenario 1 following the instructions but dont yet know if it works remotely. This is because it killed my local access to the application on the wingate machine so I had to rollback the changes I made.
I made it map the incoming TCP mapping to 127.0.0.1 on the local port used by vpop3.
In this respect is a connection to a local resource still routed through wiingate, it appears to be. If so what do I have to do to make it workable from 1) a remote location, 2) the wingate machine & 3) a machine on the internal LAN.
Cheers,
Neil
Oddly I had the same requirement. I run Vpop3 mail server colocated on the wingate machine and wanted to grant access to myself from a remote offnet location. Its run for year no problems.
I set up scenario 1 following the instructions but dont yet know if it works remotely. This is because it killed my local access to the application on the wingate machine so I had to rollback the changes I made.
I made it map the incoming TCP mapping to 127.0.0.1 on the local port used by vpop3.
In this respect is a connection to a local resource still routed through wiingate, it appears to be. If so what do I have to do to make it workable from 1) a remote location, 2) the wingate machine & 3) a machine on the internal LAN.
Cheers,
Neil
- ngrayson
- Senior Member
- Posts: 178
- Joined: Sep 28 03 12:13 am
- Location: UK
by jamesc » Sep 29 05 3:12 pm
Hi there,
Yeah, the example I gave was for VNC, and you don’t connect to the same machine with the client side app.
Your Questions:
1. Done in example
2. On the localhost, just connect to the port the app is on, not the port that the mapping is listening on. In my example the VNC app is listening on TCP 5901, when people connect externally, they would specify port 5900 and hence the policy will be enforced
3. LAN connections should be able to connect directly to the port that VPOP is listening on. So in my example, the VNC app is listening on 5901, since there is no policy set to restrict access to 5901, then LAN machine should be able to connect straight to it.
My Questions if you are still having problems
1. How did you use to have it set up? "Its run for years no problem"
2. What version of WinGate?
3. What port is the VPOP listening on?
4. What port is the TCP Mapping listening on?
Yeah, the example I gave was for VNC, and you don’t connect to the same machine with the client side app.
Your Questions:
1. Done in example
2. On the localhost, just connect to the port the app is on, not the port that the mapping is listening on. In my example the VNC app is listening on TCP 5901, when people connect externally, they would specify port 5900 and hence the policy will be enforced
3. LAN connections should be able to connect directly to the port that VPOP is listening on. So in my example, the VNC app is listening on 5901, since there is no policy set to restrict access to 5901, then LAN machine should be able to connect straight to it.
My Questions if you are still having problems
1. How did you use to have it set up? "Its run for years no problem"
2. What version of WinGate?
3. What port is the VPOP listening on?
4. What port is the TCP Mapping listening on?
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by jamesc » Nov 26 05 12:38 pm
Just did an image to help someone via support desk use this example for RDP / Remote Desktop; here are the steps to allow one External IP address to access the Remote Desktop on the WinGate computer. If you need it to access a computer behind the WinGate server, then see the VNC scenario 2 above.
If you have a firewall on your router, you will need to map port e.g. 4000 to the WinGate computer. You could use 3389, but you would have to change the port that the windows remote desktop is listening on, to e.g. 4000, and swap the values in the first image.
*You can’t have two ports bound to different services; it conflicts. i.e. TCP Mapping / RDP
If you have a firewall on your router, you will need to map port e.g. 4000 to the WinGate computer. You could use 3389, but you would have to change the port that the windows remote desktop is listening on, to e.g. 4000, and swap the values in the first image.
*You can’t have two ports bound to different services; it conflicts. i.e. TCP Mapping / RDP
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: xibolag and 20 guests