Hi Support,
I'm testing out the 30-day trial of WinGate on my Win2003 Server to see if it can handle the following scenerio: I have a set of users who dialin to my server's serial port Equinox card through a modem. I want these users to ONLY to be able to use the internet connection on the server to obtain their email from the internet. Specifically, I only want them to be able to use the SSL ports 465 & 995 to only go to our corporate mail server (mail.mycorporation.com). Everything else should be blocked off for them.
Is this possible to do with WinGate? If so, can you relay to me the specific things I need to do to set this up?
Thanks,
Dirk Kaiser
Dialin User Group only connect for email
Moderator: Qbik Staff
4 posts
• Page 1 of 1
Dialin User Group only connect for email
by dirkkaiser » Oct 19 09 8:55 pm
- dirkkaiser
- Posts: 2
- Joined: Oct 19 09 8:48 pm
Re: Dialin User Group only connect for email
by logan » Oct 20 09 3:58 pm
Hi Dirk,
WinGate is quite capable of restricting users to accessing ports 465 and 995 onl, however I'm not familiar with how your Equinox modem and do not know how it changes things, if at all. I imagine that if the users connecting through the modem are able to talk to the WinGate in the same manner that a user on a local area network behind the server can, there shouldn't be any problems whatsoever.
When the users dial into the equinox, can they ping the computer that has WinGate installed?
How does the equinox show up in WinGates networking tab? Does it have it's own IP address that dial up users can route to?
- L
WinGate is quite capable of restricting users to accessing ports 465 and 995 onl, however I'm not familiar with how your Equinox modem and do not know how it changes things, if at all. I imagine that if the users connecting through the modem are able to talk to the WinGate in the same manner that a user on a local area network behind the server can, there shouldn't be any problems whatsoever.
When the users dial into the equinox, can they ping the computer that has WinGate installed?
How does the equinox show up in WinGates networking tab? Does it have it's own IP address that dial up users can route to?
- L
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
Re: Dialin User Group only connect for email
by dirkkaiser » Oct 28 09 6:47 pm
Hi Logan,
An Equinox card provides extra COM ports to a machine to which we hang off modems. Under the Windows 2003 "Routing and Remote Access" panel, these devices come in as five separate hardware modems (COM1 to COM5). Under the Windows User administration, I have given permission for the users to dial-in and connect to the internet through the modems by routing through the server. Each user when he connects is assigned an IP address based on an IP range that I have specified (192.168.1.81 - 85).
To answer your questions, yes once the user has dialed-in and is registered on the server, they can ping both the server and anywhere on the internet. They can go anywhere on the internet which is what I don't want as I pay by the megabyte. I want to restrict them to only going to the mail server (mail.mycorporation.com) and using the secure ports 465 & 995.
In WinGate, I don't see any devices other than the standard LAN Ethernet card.
As far as licensing WinGate goes, how many licenses should I be purchasing if I've got the server and the 5 inbound modems on this machine?
Looking forward to your reply,
Dirk
An Equinox card provides extra COM ports to a machine to which we hang off modems. Under the Windows 2003 "Routing and Remote Access" panel, these devices come in as five separate hardware modems (COM1 to COM5). Under the Windows User administration, I have given permission for the users to dial-in and connect to the internet through the modems by routing through the server. Each user when he connects is assigned an IP address based on an IP range that I have specified (192.168.1.81 - 85).
To answer your questions, yes once the user has dialed-in and is registered on the server, they can ping both the server and anywhere on the internet. They can go anywhere on the internet which is what I don't want as I pay by the megabyte. I want to restrict them to only going to the mail server (mail.mycorporation.com) and using the secure ports 465 & 995.
In WinGate, I don't see any devices other than the standard LAN Ethernet card.
As far as licensing WinGate goes, how many licenses should I be purchasing if I've got the server and the 5 inbound modems on this machine?
Looking forward to your reply,
Dirk
- dirkkaiser
- Posts: 2
- Joined: Oct 19 09 8:48 pm
Re: Dialin User Group only connect for email
by logan » Oct 30 09 3:05 pm
In this scenario, RRAS is a knife in WinGates back. While the clients are connecting through RRAS, they will completely bypass WinGate so WinGate get's no control. However, you can fix this by changing your net topography slighty.
If you install WinGate on a seperate computer in front of the RRAS machine, then the clients will have to connect through both RRAS AND WinGate to reach the internet. This means WinGate still gets control over the clients.
e.g.
client -> (modem -> equinox -> RRAS) -> (WinGate) -> Internet router -> Internet
If you install WinGate on a seperate computer in front of the RRAS machine, then the clients will have to connect through both RRAS AND WinGate to reach the internet. This means WinGate still gets control over the clients.
e.g.
client -> (modem -> equinox -> RRAS) -> (WinGate) -> Internet router -> Internet
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 8 guests