Demoing, a couple questions

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
George in Seattle

Demoing, a couple questions

Jul 06 07 5:16 pm

I have a small network of 8 fixed IP machines and 3 human users. Wingate installed very nicely on my gateway XP machine. However I am having problems with setting up anything to do with incoming connections.

#1. I'm having trouble setting up an incoming telnet connection to a machine on my network (call it 10.0.0.3). Do I use the "TCP mapping command service" for this and if so how do direct any port 23 external connection to connect to 10.0.0.3 only?

#2. In general, how do you specify *directionality* in gatekeeper, as in allowing/disallowing an incoming connection? The bindings say what to connect to, but not whether to work bidirectionally.

#3. What is the functional difference between adding a TCP mapping service in "services" and/or adding a "port range configuration" in "extended networking/port security". This appears redundant, but is it really? And why is there no port range ability in services?

Thank you in advance to anyone who can help me out.
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Re: Demoing, a couple questions

Jul 06 07 5:24 pm

George in Seattle wrote:I have a small network of 8 fixed IP machines and 3 human users. Wingate installed very nicely on my gateway XP machine. However I am having problems with setting up anything to do with incoming connections.

#1. I'm having trouble setting up an incoming telnet connection to a machine on my network (call it 10.0.0.3). Do I use the "TCP mapping command service" for this and if so how do direct any port 23 external connection to connect to 10.0.0.3 only?



I'd use a port 23 mapping in "Incoming connections from the Internet" in Extended networking, redirected to the IP 10.0.0.3


George in Seattle wrote:#2. In general, how do you specify *directionality* in gatekeeper, as in allowing/disallowing an incoming connection? The bindings say what to connect to, but not whether to work bidirectionally.


Bindings don't say what to connect to, but what interfaces to accept a connection from. Creating a binding in a service allows that service to accept connections on that interface. So binding a service to an external interface allows that service to be connected to from the network attached to that interface.

George in Seattle wrote:#3. What is the functional difference between adding a TCP mapping service in "services" and/or adding a "port range configuration" in "extended networking/port security". This appears redundant, but is it really? And why is there no port range ability in services?


A TCP mapping service is a service, it listens on sockets, makes connections and relays data. This pre-dates the port security redirects by about 6 years, and we left it in for backward compatibility. also it has some funky features such as

1. ability to intercept connections, and connect out through a specified default gateway
2. encryption support
3. more policy control and logging than the extended networking one.

The extended networking redirects are more efficient, since they only forward packets, don't require listening on sockets etc. Hence you can service a large range of ports without consuming vast amounts of system resources (which you'd need to do if you wanted to bind a TCP service to zillions of ports).

Adrien
George in Seattle

Jul 06 07 5:46 pm

Thanks! That helps a great deal.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index