WinGate Forums

[wheels3572]

Hello All,

I am new to this and I am having a hard time finding 2 options here. I am installing the Java Authentication side for users to go through Wingate.

I the only thing I dont see is the following

4). Place both the 127.0.0.1 and Internal IP (interface) into the Bound window. (Double clicking on the desired interface will move it.)

I dont see the Internal IP I can add? Where do I do that and how.

14). Open the Socks Proxy Server (under the Services tab in GateKeeper).

I did that

15). Click on the Socks Advanced tab.

I did that

16). In the HTTP protocol section click the Use following Policy radio button.

This is what I dont see is # 16. I dont see no HTTP. All I see is
Socks Requests:

Perform reverse name lookup for IP requests.
Use RFC 1929 (Clear text) Authentication for SOCKS5

If anyone can help me with Section 4 and 16 it would be GREATLY appreciated. Thanks. Is there something I missed?

[adrien]

Hello All,

I am new to this and I am having a hard time finding 2 options here. I am installing the Java Authentication side for users to go through Wingate.

I the only thing I dont see is the following

4). Place both the 127.0.0.1 and Internal IP (interface) into the Bound window. (Double clicking on the desired interface will move it.)

I dont see the Internal IP I can add? Where do I do that and how.

You need to edit the Remote Control Service, go to the bindings tab. Add a binding policy, select your internal adapter.

14). Open the Socks Proxy Server (under the Services tab in GateKeeper).

I did that

15). Click on the Socks Advanced tab.

I did that

16). In the HTTP protocol section click the Use following Policy radio button.

This is what I dont see is # 16. I dont see no HTTP. All I see is
Socks Requests:

Perform reverse name lookup for IP requests.
Use RFC 1929 (Clear text) Authentication for SOCKS5

If anyone can help me with Section 4 and 16 it would be GREATLY appreciated. Thanks. Is there something I missed?

Those instructions for SOCKS are out of date. We removed that when we allowed the WWW proxy to intercept SOCKS sessions when we release WinGate 6.0.

If you have transparent proxy enabled in the WWW Proxy (on the sessions tab), then you shouldn't need to worry about configuring the SOCKS server.

Adrien

[wheels3572]

Hello All,

I am new to this and I am having a hard time finding 2 options here. I am installing the Java Authentication side for users to go through Wingate.

I the only thing I dont see is the following

4). Place both the 127.0.0.1 and Internal IP (interface) into the Bound window. (Double clicking on the desired interface will move it.)

I dont see the Internal IP I can add? Where do I do that and how.

You need to edit the Remote Control Service, go to the bindings tab. Add a binding policy, select your internal adapter.

Ok so does this look right to you then under Adapter I highlighted ANY Internal Adapter (which I had previously done anyway). What would I add for a binding Policy? Sorry very new to this myself.

14). Open the Socks Proxy Server (under the Services tab in GateKeeper).



I did that



15). Click on the Socks Advanced tab.

I did that

16). In the HTTP protocol section click the Use following Policy radio button.

This is what I dont see is # 16. I dont see no HTTP. All I see is
Socks Requests:

Perform reverse name lookup for IP requests.
Use RFC 1929 (Clear text) Authentication for SOCKS5

If anyone can help me with Section 4 and 16 it would be GREATLY appreciated. Thanks. Is there something I missed?

Those instructions for SOCKS are out of date. We removed that when we allowed the WWW proxy to intercept SOCKS sessions when we release WinGate 6.0.

If you have transparent proxy enabled in the WWW Proxy (on the sessions tab), then you shouldn't need to worry about configuring the SOCKS server.



I dont have transparent proxy enabled cuz I am NOT using ENS. I am using Zone Alarm. So what do I do now? Do I still need to configure the socks server? Also one other question. I have someone form outside my network that wants to use my proxy. What do I do then. Still use Any INTERNAL adapter or external? and where is the logging so I can see if htey connect or not? Sorry I been fighting with this thing for about 4hrs lol.

If your wondering where I got those steps from that I pasted it was from this site URL http://support.qbik.com/index.php?_a=kn ... ails&_i=81

Thanks agian.

Adrien

[adrien]

Thanks for that - I edited the knowledgebase article.

For the binding policy it sounds like you got it right - if the binding policy says "any internal adapter", then you will be able to access the Remote Control Service from any machine connected to an internal adapter.

There is one other gotcha here - you need to be using the WinGate user database for Java authentication to be available.

Adrien

[wheels3572]

Thanks for that - I edited the knowledgebase article.

For the binding policy it sounds like you got it right - if the binding policy says "any internal adapter", then you will be able to access the Remote Control Service from any machine connected to an internal adapter.

Ok 1 other then. My boss wants to connect to me an OUTSIDE ISP (which I have) I dont use his ISP as it's only 56k. I am running DSL and am outside of the internal Network my boss'. Is there ANY way he can connect to me since he is outside of me which in turn if I my logic is correct would make the Internal Adapters the reason he cant connect to me because it's saying use INTERNAL adapters?

There is one other gotcha here - you need to be using the WinGate user database for Java authentication to be available.

I am using Wingate User database. What I have is as follows:

WHEELS [Willie] - ( Administrator - Authenticated [WinGate])

Would that be what your talking about?

Adrien

[adrien]

hi

It's not clear from your post whether your boss would connect to you from the internet, or from some other interface on your system. Could you clarify please?

Thanks

Adrien

[wheels3572]

hi

It's not clear from your post whether your boss would connect to you from the internet, or from some other interface on your system. Could you clarify please?

Thanks

Adrien

Sorry bout that Adrien.

My boss is on 216.220.225.96 (dlois.com) block up to 127
Me I am on Pivot.net

So he is connecting to me from another ISP.

[adrien]

Ok, so if you want him to also use the Java login, you would need to alter the binding policy on the Remote Control Service to also be bound to external adapters.

probably just easier to set it to "any adapter".

Same with the WWW proxy as well, since he would need to connect to that through the external interface also.

You would then want to make sure that only authenticated users use the WWW proxy, since otherwise you will find all sorts of people using it.

Regards

Adrien

[wheels3572]

Ok, so if you want him to also use the Java login, you would need to alter the binding policy on the Remote Control Service to also be bound to external adapters.

probably just easier to set it to "any adapter".

Same with the WWW proxy as well, since he would need to connect to that through the external interface also.

You would then want to make sure that only authenticated users use the WWW proxy, since otherwise you will find all sorts of people using it.

Regards

Adrien

Well what does this mean?

1). My boss doesn't even get the logon screen on the browser and 2 he gets this msg:

Transfer interrupted!
Server Error: 503 Service Unavailable


--------------------------------------------------------------------------------

SSI error, some SSI statements are not replaced!

Also is there a place I can email you screen shots? Might make it easier and more helpful?

[adrien]

It's possible his connection to you is being intercepted by his ISP.

We don't send such errors back.

Do you see any evidence of him having connected in your logs, or history?

Adrien

[wheels3572]

It's possible his connection to you is being intercepted by his ISP.

We don't send such errors back.

Do you see any evidence of him having connected in your logs, or history?

Adrien

Well thing is he is the Owner of the ISP lol.

I see no evidence. But that is another thing that's been confusing me. WHere do I look for connections? Under what

a). Activity
b). History

Also not sure if this helps or not but I am on a DSL Modem I think it's Nat capable. Could I be having an issue wtih him hitting me? I have to type www.whatismyip.com to get my outside IP otherwise its 10.0.0.7. or my ZoneAlarm firewall I use?

My DSL Modem manufacture is http://www.dqusa.com DSL Modem 201ER

I was just wondering if there was a place Ic ould show you my screen shots to make sure everything is ok with them or is there no way to get them to you?

[adrien]

Aha

OK, since you are behind a DSL/NAT, then his incoming connection attempts would be blocked by that. You would need to configure a pinhole in it to forward connections on port 80 (and 809 for Remote Control Service) through to your WinGate IP.

Adrien

[wheels3572]

Aha

OK, since you are behind a DSL/NAT, then his incoming connection attempts would be blocked by that. You would need to configure a pinhole in it to forward connections on port 80 (and 809 for Remote Control Service) through to your WinGate IP.

Adrien

Ok I am in my DSL Modem config. I was told to goto Virtual Server and in there I have:

- Use the following form to add special port that you want to be opened for your special application.
For starters does that sound right?

Here is what follows that:

User DEFINED:

ID Public Port Private Port Port Type Host IP Address
1

My wingate IP is 127.0.0.1

1). What would be the public Port
2). What would be the private port
3). Would the port type be TCP?
4). What would be the Host IP Address?

Thanks again.

[adrien]

Hi

OK, you would need to do this twice, once for port 80, and again for port 808.

Public port 80
Private port 80 (i.e. you aren't changing it)
Protocol is TCP
Host IP is your WinGate IP.

however, your WinGate IP isn't 127.0.0.1 - this is a special address which is known as localhost, which is used by any machine to connect to itself - it isn't available to any other machine. Whenever you see 127.0.0.1, think "myself". For any machine it is private, and not accessible from any other machine.

To get your IP address(es), go to the command prompt, and type

ipconfig /all

This will list your IP settings, including IP addresses for your adapter.

Adrien

[wheels3572]

Hi

OK, you would need to do this twice, once for port 80, and again for port 808.

Public port 80
Private port 80 (i.e. you aren't changing it)
Protocol is TCP
Host IP is your WinGate IP.

however, your WinGate IP isn't 127.0.0.1 - this is a special address which is known as localhost, which is used by any machine to connect to itself - it isn't available to any other machine. Whenever you see 127.0.0.1, think "myself". For any machine it is private, and not accessible from any other machine.

To get your IP address(es), go to the command prompt, and type

ipconfig /all

This will list your IP settings, including IP addresses for your adapter.

Adrien

Ok so it should be:

Public IP: Port 808
Private IP: Port 808 for the second time around?

Lastly what would be the IP Address for the Wingate Client. My IP address shows as 10.0.0.7

To give you an update I disconnected my DSL Modem and hooked up to my boss ISP with dialup and used Wingate and it worked fine with a normal IP Address. He was able to hit me everytime. So it IS my DSL modem blocking him from comming into me. My next question is would he put 10.0.0.7 into the proxy settings or would I have to get my actual IP Address from www.whatismyip.com?

[wheels3572]

Hi

OK, you would need to do this twice, once for port 80, and again for port 808.

Public port 80
Private port 80 (i.e. you aren't changing it)
Protocol is TCP
Host IP is your WinGate IP.

however, your WinGate IP isn't 127.0.0.1 - this is a special address which is known as localhost, which is used by any machine to connect to itself - it isn't available to any other machine. Whenever you see 127.0.0.1, think "myself". For any machine it is private, and not accessible from any other machine.

To get your IP address(es), go to the command prompt, and type

ipconfig /all

This will list your IP settings, including IP addresses for your adapter.

Adrien

Ok update:

I have been able to get it working to a point. They can now see the logon screen through the browser thansk to the port forwarding :). TY Adrien. HOWEVER as follows:

1). They put in there username and password
2). It says it's trying to connect
3). I see on the history screen them connecting BUT ONLY as guest. Not there usrname and password that they signed in with.
4). It hangs on their end and doesn't open.

Any clue why it's doing step 4?

[adrien]

Ah.

I know why. In the client file that is sent back from WinGate when it serves the java login applet, contains data about the IP to connect to for authentication.

I think the file is client.htm.

In there, you will see a URL, with ##WINGATE## in it, This refers to wingate. WinGate will be sending this back as it's internal IP, which isn't available from the Internet.

Hmm Do you have a constant host-name? There's a service like DNS2Go that can give you a constant name no matter what your IP is, then you could edit the client.htm file, and your boss could find your machine.

Adrien

[wheels3572]

Ah.

I know why. In the client file that is sent back from WinGate when it serves the java login applet, contains data about the IP to connect to for authentication.

I think the file is client.htm.

In there, you will see a URL, with ##WINGATE## in it, This refers to wingate. WinGate will be sending this back as it's internal IP, which isn't available from the Internet.

Hmm Do you have a constant host-name? There's a service like DNS2Go that can give you a constant name no matter what your IP is, then you could edit the client.htm file, and your boss could find your machine.

Adrien

I do if I keep my computer on but I dont keep my computer on at night so it keeps changing. Thing is this I give my new my IP address and he hangs even on the new ip. But yes I can get my hands on a copy of that and see if that does the trick. Thanks again.

Update:
This is what I have setup in my modem settings:
ID Public Port Private Port Port Type Host IP Address
1 80 80 TCP 10.0.0.7
2 808 808 TCP 10.0.0.7

Is that right?

Also I was checking on the DNS2Go website and this is an excerpt from there FAQ's as follows:

Q. My ISP runs a proxy server (or NAT router) and I am only assigned a private IP such as 10.0.0.x or 192.168.0.x. Can I use DNS2Go?

A.
Your ISP might be able to set up mappings to route traffic through their Internet connection-sharing device through to your computer. For example, to run a Web server, any incoming traffic on port 80 gets forwarded through to your computer. However, it is not common for ISP''s to do this so DNS2Go might not work for you.

Does this mean I cant use DNS2Go?

[adrien]

That case they are talking about is if you rely on your ISP to set up port mappings, but you aren't relying on that in this case, you can set up your own port mappings in your DSL modem (as you did to get your boss to connect).

So it should work fine for you.

Adrien

[wheels3572]

That case they are talking about is if you rely on your ISP to set up port mappings, but you aren't relying on that in this case, you can set up your own port mappings in your DSL modem (as you did to get your boss to connect).

So it should work fine for you.

Adrien

So I give him my DNS2Go address and port 80 and he should be all set then?

[adrien]

Should be.

If you aren't on line, when he does a lookup for your address, it will return(I think) 0.0.0.0 so his connection will fail (because you aren't there). Otherwise it will return your current IP.

So you then don't need to worry about what your IP might be any time you connect. then you need to edit client.htm in the WinGate\java directory, and replace ##WINGATE## with your new DNS2Go name (remove the #s as well).

then you should be all set - the web server will serve Client.htm to your boss's browser, that should tell your boss to connect to your new IP on the port number of the remote control service. This is normally 808, which you also have mapped through to WinGate. Then you should be all set.

Adrien

[wheels3572]

Should be.

If you aren't on line, when he does a lookup for your address, it will return(I think) 0.0.0.0 so his connection will fail (because you aren't there). Otherwise it will return your current IP.

So you then don't need to worry about what your IP might be any time you connect. then you need to edit client.htm in the WinGate\java directory, and replace ##WINGATE## with your new DNS2Go name (remove the #s as well).

then you should be all set - the web server will serve Client.htm to your boss's browser, that should tell your boss to connect to your new IP on the port number of the remote control service. This is normally 808, which you also have mapped through to WinGate. Then you should be all set.

Adrien

Ok so my question is in the client.htm file do I have to specify the port also myself or just the name which I have done so already. Also what port do I tell my boss. 808 or 80?

Update:

My friend who is a programmer said this to me:

xknight29: well the java auth window is failing yes ... looks like null pointer when JVM is being called

xknight29: might be a socks problem

I changed the client.htm file like you said
to "http://johndoe.d2gwebsite.com/java\ and he is logging into the system with his username and password taht I have given him and it's STILL showing up guest in the history. If you wanna take this off forum you can reach me on Yahoo (wheels351972) MSN (wheels@pivot.net)

The whole line section is this appletHtml += "\n<APPLET CODE="Client.class" codebase="http://johndoe.d2gwebsite.com/Java" NAME="client"

Question is was I supposed to change ANYTHING more?

I just dont understand why people are hanging at the authentication.