transparent proxy - track source IP

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

transparent proxy - track source IP

Postby ik8sqi » Jan 04 19 5:29 am

We implemented WinGate to act as a proxy to some client machines by configuring the Internet Explorer proxy settings to point to Wingate on port 3129. We then added a "WWW Proxy Service" on WinGate listening on port 3129 to handle the traffic.

The issue is that when a client workstation browses the web, our firewall (all client workstations and WinGate are behind a firewall) sees the IP address of the WinGat server as the source IP, not the actual IP address of the workstation. We are thus unable to apply web browsing rules on the firewall based on the IP addresses of the workstations, as the firewall does not see the actual source IP of the workstation.

Is there a way to configure WinGate in some transparent mode so that, when clients browse the web, the firewall sees the actual IP of the workstation and not WinGate?

Thanks!

Roberto
ik8sqi
 
Posts: 1
Joined: Jan 04 19 5:20 am

Re: transparent proxy - track source IP

Postby adrien » Jan 04 19 5:14 pm

Hi Roberto

Normally WinGate is used to provide the web browsing rules, so it's unusual to have an upstream firewall doing this per client IP.

Since WinGate is a proxy, the connections it makes on behalf of clients come from its own IP, there's no way around that. However, you can configure WinGate to connect to an upstream proxy (the firewall) and tag the original client IP in an X-Forwarded-For header.

Would this help - is the firewall able to use XFF?

With flow-chart policy in WinGate you could add other headers as well.

Regards

Adrien de Croy
adrien
Qbik Staff
 
Posts: 5259
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: Bing [Bot] and 3 guests

cron