Hello,
I assume that it is possible.. (in fact I thought I was already doing it).
What is the best way to ban NAT from one particular PC ? (But still have it enabled for all other PC's on the LAN). I think its the only way to prevent P2P usage ? (I mean Kazaa-Lite, for example, can be setup to use any! port).
And secondly would it be possible to enable NAT for just one single port (e.g. mail 110) for that PC ? If so, what is the best way ?
regards, SHB
is it possible to ban NAT from some PC's ?
Moderator: Qbik Staff
8 posts
• Page 1 of 1
is it possible to ban NAT from some PC's ?
by shb » Nov 30 03 2:51 pm
- shb
- Posts: 25
- Joined: Nov 25 03 9:50 pm
by javila » Dec 03 03 2:57 am
The only way that I imagine it is blocking the port on the ENS>firewall ports confgurations. In order to there is no aplication control as it exists on the wingate client configuration, there is really low possibilities to ban an aplication or an especific site.
Another way that I would used were the www proxy server URL ban in the policies option.
That is all I can know, I hope that works
Javier
Another way that I would used were the www proxy server URL ban in the policies option.
That is all I can know, I hope that works
Javier
- javila
- Posts: 93
- Joined: Nov 13 03 3:43 am
- Location: Santa Cruz de la Sierra - Bolivia
by ChrisH » Dec 03 03 3:22 am
SHB,
It is possible. I block users from using NAT to run Kazaa (or anything else) using ENS policies. How have you got your policies set up now? Are they per service or system wide? Do any user machines have WGIC installed?
If you have a particular user to block from NAT and all others have access then I would suggest an ENS policy for restricted user and one for all others ( put them in a group).
It is possible. I block users from using NAT to run Kazaa (or anything else) using ENS policies. How have you got your policies set up now? Are they per service or system wide? Do any user machines have WGIC installed?
If you have a particular user to block from NAT and all others have access then I would suggest an ENS policy for restricted user and one for all others ( put them in a group).
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
by javila » Dec 03 03 4:15 am
They are configured per service, each server has differents kinds of permision, all this based in the fact that I got installed wingate clients on my internet clients machines.
Based on that I got configured the policies of the services (specialty the WRP service to only let pass the mos common aplications: Outlook, Outlook Express, MSN mess, Yahoo Mess, Iexplore, Mozilla) and only one a month the updater of the window, and the lavasoft ad-ware updater.
I hope this works, anything else just let me know.
Javier
Based on that I got configured the policies of the services (specialty the WRP service to only let pass the mos common aplications: Outlook, Outlook Express, MSN mess, Yahoo Mess, Iexplore, Mozilla) and only one a month the updater of the window, and the lavasoft ad-ware updater.
I hope this works, anything else just let me know.
Javier
- javila
- Posts: 93
- Joined: Nov 13 03 3:43 am
- Location: Santa Cruz de la Sierra - Bolivia
by shb » Dec 03 03 6:25 pm
Thanks for the replies :)
I'm not sure what javila is saying. I think he has a different configuration that me (e.g. WGIC). Thanks anyway..
Firstly, I do not have any policies setup now. Secondly, no machines have WGIC installed.
So if I follow your recommendation (which I am going to do), I need to setup 2 groups one called "restricted" and one called "all-others". Is that right ? Once I do that, how exactly do I setup an ENS policy for them ?
Secondly, can I do it at the "machine" level rather than at a "user" level. This is because the machine that I do not want to have NAT access only has Win-Me installed and so users do not sign-on when they are using it. I want to prevent any user on that machine from using NAT.
Thanks again for replying, regards SHB
I'm not sure what javila is saying. I think he has a different configuration that me (e.g. WGIC). Thanks anyway..
ChrisH wrote:It is possible. I block users from using NAT to run Kazaa (or anything else) using ENS policies. How have you got your policies set up now? Are they per service or system wide? Do any user machines have WGIC installed?
If you have a particular user to block from NAT and all others have access then I would suggest an ENS policy for restricted user and one for all others ( put them in a group).
Firstly, I do not have any policies setup now. Secondly, no machines have WGIC installed.
So if I follow your recommendation (which I am going to do), I need to setup 2 groups one called "restricted" and one called "all-others". Is that right ? Once I do that, how exactly do I setup an ENS policy for them ?
Secondly, can I do it at the "machine" level rather than at a "user" level. This is because the machine that I do not want to have NAT access only has Win-Me installed and so users do not sign-on when they are using it. I want to prevent any user on that machine from using NAT.
Thanks again for replying, regards SHB
- shb
- Posts: 25
- Joined: Nov 25 03 9:50 pm
by adrien » Dec 03 03 9:02 pm
policies work by granting access, the default policies that everything uses grants everyone access to everything from internal, so what you need to do is configure the ENS policy tab to set
Default system rights are ignored.
Then you need to create 2 policies, one for the limited access you want to give the one machine (machine A)
Recipient: Everyone, user may be unknown
Location: specify location, add the IP address of machine A to included locations
Advanced: Add a filter and a criterion, server port number equals 110
this policy will allow machine A to use port 110 for NAT, and nothing else.
then you create another policy
Recipient: Everyone, user may be unknown
Location: specify location, add "*" to included locations, and the IP of the machine you only want port 110 access for to "excluded locations"
then this policy will allow everyone except machine A to do anything. Therefore, machine A can only do port 110 for NAT and everyone else can do anything.
Adrien
Default system rights are ignored.
Then you need to create 2 policies, one for the limited access you want to give the one machine (machine A)
Recipient: Everyone, user may be unknown
Location: specify location, add the IP address of machine A to included locations
Advanced: Add a filter and a criterion, server port number equals 110
this policy will allow machine A to use port 110 for NAT, and nothing else.
then you create another policy
Recipient: Everyone, user may be unknown
Location: specify location, add "*" to included locations, and the IP of the machine you only want port 110 access for to "excluded locations"
then this policy will allow everyone except machine A to do anything. Therefore, machine A can only do port 110 for NAT and everyone else can do anything.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by ChrisH » Dec 04 03 1:38 pm
SHB,
Sorry, I was thinking you were wanting "user" level. Must read carefully! Adrien has easiest to implement NAT solution. Did you have something set up before? I ask, because in your first post you said you thought you already were restricting NAT. WGIC on the ME machine might be an alternative. This allows you to restrict by application as well. WinGate has many ways to implement policies. IMHO one of its great features.
Sorry, I was thinking you were wanting "user" level. Must read carefully! Adrien has easiest to implement NAT solution. Did you have something set up before? I ask, because in your first post you said you thought you already were restricting NAT. WGIC on the ME machine might be an alternative. This allows you to restrict by application as well. WinGate has many ways to implement policies. IMHO one of its great features.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
8 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 281 guests