WinGate Forums

[massmax]

Hello,
I have a w2003 server with two nics installed, one for the internal lan and one for the internet.
The tcpip (2000/XP) user's configuration have as default gw the ip of the internal nic of the server.
I have installed Wingate 6.1.4 in the server with its defaults to share internet to users in lan, plus managing email etc, but now all users can surf without restrictions, even if www service is not enabled! The only way to block them is checking proxy button in IE using the ip of the Wingate server, but if users uncheck it (and they do!), they surf again...
If I stop the Qbik service the surfing is blocked, so it's a Wingate's issue.
No RRAS service is enabled.
I need that Wingate permits surfing ONLY if the proxy option is enabled in IE (or Mozilla).

Any help?
Thanks.

Max

[adrien]

Hi Max

You'll find that the users are making NAT connections. If you want to block this to force your users to make proxy connections, there are several options.

1. disable NAT in WinGate - this can be turned off in the General tab of the Extended Networking Properties.

2. Intercept HTTP connections through to the WWW proxy. This will only work when the proxy is running though - I don't know how you're planning to use the proxy to control surfing (i.e. do you want to be able to turn surfing on and off by disabling/enabling the www proxy or something). This at least will mean the policies of the WWW proxy will apply even if users don't configure their browser to use a proxy. To do this, enter the port numbers you want to intercept on the sessions tab of the WWW proxy.

Adrien

[massmax]

Hi Max

You'll find that the users are making NAT connections. If you want to block this to force your users to make proxy connections, there are several options.

1. disable NAT in WinGate - this can be turned off in the General tab of the Extended Networking Properties.

This is disabled by default, so I don't need to change this param.

2. Intercept HTTP connections through to the WWW proxy. This will only work when the proxy is running though - I don't know how you're planning to use the proxy to control surfing (i.e. do you want to be able to turn surfing on and off by disabling/enabling the www proxy or something). This at least will mean the policies of the WWW proxy will apply even if users don't configure their browser to use a proxy. To do this, enter the port numbers you want to intercept on the sessions tab of the WWW proxy.

Adrien

This doesn't work! I check the box for intercepting HTTP connections, and I added port 80 as port to be blocked and checked the box on the left. I see the "started" signal. The clients on lan continue to surf...
What's wrong?
Thanks.
Max

[deftech]

You check the NAT setting or do you think it's disabled by faith alone :).

NAT was always enabled by default for me, check it if you haven't.

If they can surf without the "enable proxy settings" in IE then they have to be getting out through NAT.

If you do ipconfig, what are their settings?

[massmax]

You check the NAT setting or do you think it's disabled by faith alone :).

NAT was always enabled by default for me, check it if you haven't.

If they can surf without the "enable proxy settings" in IE then they have to be getting out through NAT.

If you do ipconfig, what are their settings?

Hi,
NAT ratio button is not checked by default installation, and, to be sure about what I'm telling, I have checked by my self in the general tab under ENS more than 10 times... :)
The most relevant data in client configuration ipconfig are:
IP address: 192.168.250.102
No routing enabled
No proxy WINS enabled
No DHCP
Default GW: 192.169.250.101 (this is the internal nic in the WinGate server, the second nic links directly to the hardware firewall which is linked to the internet)
NAT is enabled ONLY by this hardware firewall, that is managed by our ISP.
The issue is: if I stop the WinGate engine, surfing is stopped too. If WinGate engine is started, surfing is enabled for everybody, even if the WWW proxy service is stopped or deleted from WinGate config...
Thanks.
Max

[massmax]

Help please! :(

[adrien]

Hi

what shows up in GateKeeper's activity pane when the users are surfing?

adrien

[massmax]

Hi

what shows up in GateKeeper's activity pane when the users are surfing?

adrien

Nothing...!
If I stop the WinGate engine, surfing is stopped too. If WinGate engine is started, surfing is enabled for everybody, even if the WWW proxy service is stopped or deleted from WinGate config...

[adrien]

Hi

It is possible that WinGate is acting as a router instead of NAT between your internet device (is it a DSL/NAT device) and your internal LAN.

Try disabling routing in WinGate - on the General tab of the Extended Networking properties.

Routed traffic doesn't show up in GateKeeper, only NAT traffic and proxy sessions.

Adrien

[massmax]

Hi

It is possible that WinGate is acting as a router instead of NAT between your internet device (is it a DSL/NAT device) and your internal LAN.

Try disabling routing in WinGate - on the General tab of the Extended Networking properties.

Routed traffic doesn't show up in GateKeeper, only NAT traffic and proxy sessions.

Adrien

Yes, it works. But. I have a VPN (very simple VPN, just sharing resources to a remote office), and without routing it's dead!
What can I do?
Thanks.

[adrien]

Hi

If you need routing enabled, and routing is configured so that clients can access your external gateway directly, then about the only way to control surfing would be to

1. enable NAT in WinGate
2. In the www proxy, intercept port 80. Don't set up any blocks on port 80 in extended networking.

then all port 80 should go through the proxy. To enable control over whether users can surf or not, instead of turning on or off the proxy, you would need to instead modify the policies for the proxy.

Adrien