WinGate Forums

[kangarolf]

Hi all,

You'll have to forgive my ignorance but this is the first time I have attempted to use a proxy server.

I have installed wingate on a server in the network which has two nics..the external one has the router as the gateway, the internal one has no gateway listed.

I am using transparent proxy so that no client configuration is required, I am only intercepting port 80 traffic and have checked the box to allow any port for HTTPS connections.

I have switched off the firewall as the external connection is already adequately firewalled.

The client can browse regular websites fine.

The client cannot access any HTTPS sites.

The client cannot access any external traffic for any other port, for instance teamviewer is installed and is looking to connect on port 5938.

In both cases the activity monitor shows the text;

NAT : TCP connection to EXTERNAL IP:PORT

The client just timesout....it looks like the traffic is going but not being allowed back in..?

Any help greatly appreciated.

Rolf

[adrien]

Hi

sounds to me like NAT is not enabled for some reason. This is set on the general tab of the Extended Networking properties in GateKeeper.

Which version of WinGate is this? 6.6.4?

Regards

Adrien

[kangarolf]

This is 6.2.2 it's the only version we ever bought. The nat box is checked on the general tab and the firewall is off.

Any other ideas?

Thanks
Rolf

[kangarolf]

I have installed the latest version (6.4.4) as a 30 day trial to see if that solves the issue but it appears to be the same.

No traffic except the intercepted port 80 (transparent proxy) traffic.

Thanks
Rolf

[adrien]

Hi

with WinGate you buy a license to use rather than a version, so your license will work in all versions after 6.0. I'd therefore recommend updating to 6.6.4.

If your clients are not configured to use a proxy, (I'm assuming this since you mention that the only traffic showing in WiNGate is intercepted port 80), then they would need to use NAT in WinGate for port 443 which is used for https.

Do you have any policies set for Extended Networking that may be preventing normal NAT traffic?

Do you see any reports / warnings in the system messages panel about requests that are rejected? Or in the firewall tab?

Adrien

p.s. sorry it took so long to release your posts - I only just saw notification they were waiting moderator approval.

[adrien]

Just re-read your posts.

So I see you're on 6.6.4 now, you can just activate your previous license rather than running a trial.

It also gives you packet capturing facililty. If you could do a capture on port 443 and send it in to our support desk we can see why NAT isn't working. It's possibly some up-stream issue.

How many NICs are in the WinGate computer? just 1?

Adrien

[kangarolf]

Two NICs in the wingate server one internal one external.

NAT is on in the extended configuration menu

Using transparent proxy because I dont want any client side setup changes

No firewall on

No policies added or edited

No error messages just the system messages that I have mentioned.

Thanks
Rolf

[adrien]

Hi

I think we'll need a packet capture to see why NAT isn't working for you.

I just noticed a comment you made in your original post about enabling all ports for HTTPS. Since the clients aren't configured to use a proxy, they won't even make a request to WinGate for HTTPS.

We actually don't really recommend intercepted connections for HTTP any more. It has a few issues, mainly because the client doesn't know it's going through a proxy. The problems that arise are related to authentication and some caching issues. If the clients were configured to use a proxy, then you'd find they go through the proxy for HTTPS also and i'd expect it to work, since it wouldn't rely on NAT (but we need to get that working as well anyway).

You can ease the pain for getting clients to use a proxy, using proxy auto-detection (on in browsers by default), or group policy if you're in an AD.

As for why NAT isn't working, yet intercepts are working, that makes me wonder if it's an up-stream (your gateway) issue, or if you have some other firewall / VPN / network packet processing software installed / running on the WinGate computer.

Adrien