WinGate Forums

[Skynetuser]

Hello,
we have a problem setting up an ftp proxy with any form of authentication enabled.

The ftp servers we try to reach are external, not part of our network.
As soon as we remove "everyone - unrestricted rights", and set up a group that has to be authenticated in order to access the proxy (restricted by security level), there's no way to login into it. We tried with some of the most common ftp clients and from command line.

We use the o/s database (Windows 2003 server users and groups).
From command line we got disconnected from the server "500 Wingate engine access denied" as soon as we ftp it.
Do we miss something here? Is there any special rule to look at?

Please let us know as we need to use a number of scripts that run from command line, and some of our customers use CuteFTP and the like to connect to some (internal and external servers).

F.

Edit: we have Wingate v. 6.1.2.1094

[genie]

Are FTP user names the same as Wingate/OS user names?

[Skynetuser]

Sure, we have a number of Windows users, and they have the same rights for http/ftp.

F.

[genie]

What I mean is this: when you login into an FTP server, do the FTP server clients names match the names registered in your NT database?

[adrien]

Hi

The FTP proxy itself does not handle authentication, so setting this in your policy would mean that the users of the FTP proxy (your LAN clients) would need to become authenticated to the proxy by some other method, e.g. by running our auth program QbikAuth.exe

http://www.wingate.com/downloads/QbikAuth.exe

Adrien

[chuck16]

How do you use this qbikauth program. The problem I'm having is that the FTP Site I'm trying to get to requires knowled of our IP Address to verification of getting in.

It keeps coming back with an "Unknown IP" Address. Anybody have any thoughts or a setting in Wingate that I need to turn on?

Cheers
Evan

[genie]

QbikAuth is a tiny app that sits in the tray and keeps the client authenticated with Wingate.

As of the IP-based authentication - if a client goes through Wingate, the source IP address from the FTP server perspective will be a Wingate machine external IP.

[chuck16]

Ok Thanks for that.

So here's my situation...
I have tried logging into our OFFSITE FTP Site that uses IP based security. IE: they enter our IP address into their database and that allows us on to our FTP Site. It would seem that their site recognizes our IP and let us on but, then it's like it immediately kicks us out...

Now i've tried this from 2 other sites out side of our connection using hardware based firewalls and I can get in with no problems at all. So, that tells me that Wingate is doing something to our FTP Access. Is there anything that I need to do to configure the FTP Access from within the firewall or Wingate?

Cheers
Evan

[genie]

Can you do traffic capture on the Wingate machine?

[chuck16]

Can u tell me how to do that? and I will try and set it up to watch it? A History tab or something turned on?
I turned on history and started capturing the FTP stuff and it says that it stores information in a d:\@wing.... folder that doesn't exist. Is there way to setup the default debug folder???

Cheers
evan

[genie]

What you need to do is a Commview or Ethereal or WinPcap - any network sniffer will do. Or you can use QBIK' NetPatrol.

[chuck16]

What you need to do is a Commview or Ethereal or WinPcap - any network sniffer will do. Or you can use QBIK' NetPatrol.

And I install this on the Proxy server itself?

[chuck16]

Ok Installed on proxy server and here is the result.



Thoughts?

[genie]

Aye, the server does not know your IP address - what IP address is set for being allowed on the FTP server?

[chuck16]

Our IP is 24.108.0.193 and that should be aloud on 72.2.4.49 or so i'm told....

[genie]

can you email this trace file to me?

[chuck16]

Emailed! Thanks let me know if you find anything.
Cheers
Evan