WinGate Forums

[mrpifloyd]

I want to only capture port 80 traffic outgoing and nothing else. How do I do this?

Steve

[Pascal]

Capturing as in using a packet sniffer to analyse the traffic or do you want to restrict your users to only allow traffic outgoing on port 80?

[mrpifloyd]

I want all traffic to flow freely accept traffic that would normally use port 80 such as web traffic.

[Pascal]

I want all traffic to flow freely accept traffic that would normally use port 80 such as web traffic.

Alright, if I understand that correctly my recommendation would be to use NAT as your primary method of providing service to the client / LAN PCs. This requires you to set the default gateway + (usually) DNS server for each client PC and having ENS enabled on the WinGate server. That will allow all traffic to flow through freely.

Then, go to the WWW Proxy Service on the Services tab in GateKeeper. Make sure that intercepts are enabled for port 80. That will redirect any traffic destined for port 80 through the proxy. You can then setup any policies you require in the WWW Proxy Service to provide any / all restrictions you desire.

When you setup those policies, be sure to exclude the System Policies from evaluation as well, as they would normally allow any traffic through.

(There are other ways to do this, such as setting the policy by port in System Policies or by actively blocking the ports in the firewall)

[mrpifloyd]

Ok that sounds like what I want to do. right now I have all traffic being NATed through a 2000 server and a router with the proxy server simply linked to the hub like all the other computers however I have them setup with Java and allso all there tcp/ip settings are manual to go to the proxy and then out to the router. So is that still the way I would do it as explained in the last response?

[Pascal]

So you have something like:

[Internet] <-> [Router] <-> [Windows 2000 Server] <-> [Lan Clients, including WinGate server]

OR

[Internet] <-> [Router] <-> [Windows 2000 Server + WinGate] <-> [Lan Clients]

All your LAN PCs are setup to use the WinGate PC as their default gateway. Have you also configured their browsers to connect directly to the WWW Proxy Service? And are you then using the Java Applet to provide authentication for the clients?

If that is the case, yes. You can still setup the appropriate policies in the WWW Proxy Service to restrict access. What I would add is to configure the router so it will only accept traffic from the WinGate PC (Your effective gateway then). This prevents your users from bypassing any restrictions you might place on them by simply setting the router as their default gateway.

[mrpifloyd]

Scenario one is correct, I have setup their browsers to use the proxy except for internal connections. I can't do the last part because the router is also a vpn connection but the users are working in a security firm and always on camera should they decide to play around :} Thanks for the help

[Pascal]

Great, if you need any help with the policy setup, etc. don't hesitate to post again. There are some real policy gurus lurking on these forums.