How to use WWW & NAT on Port 80 simultaneously for users
Jul 02 08 2:52 am
Hi Adrien,
I have gone thru nearly all the posts posted here but could not find a solution.
The problem i am facing rite now is that my entire network is working on WWW Proxy server on port 80 with ENS (Port80 intercept ON for Puresight filtering) which translate http:// requests into website name & General Internet sharing NAT is also ON in ENS which works fine for http requests other than port 80
Now i want to give one particular user/ip only access for NAT access instead of WWW proxy i.e. TCP at port 80 as the user is using a specific software that only works when the network mode is on NAT OR if proxy redirection is switched off on port 80...otherwise the application hangs and the activity pane shows a http:// at the wingate activity panel for sometime then times out.
I cannot put the entire wingate server on NAT mode for all users as i want to use puresight also for other users.
kindly help me know how to go about it.
Thanks
I have gone thru nearly all the posts posted here but could not find a solution.
The problem i am facing rite now is that my entire network is working on WWW Proxy server on port 80 with ENS (Port80 intercept ON for Puresight filtering) which translate http:// requests into website name & General Internet sharing NAT is also ON in ENS which works fine for http requests other than port 80
Now i want to give one particular user/ip only access for NAT access instead of WWW proxy i.e. TCP at port 80 as the user is using a specific software that only works when the network mode is on NAT OR if proxy redirection is switched off on port 80...otherwise the application hangs and the activity pane shows a http:// at the wingate activity panel for sometime then times out.
I cannot put the entire wingate server on NAT mode for all users as i want to use puresight also for other users.
kindly help me know how to go about it.
Thanks
- Attachments
-
- http:// times out after sometime
- WINGATE.JPG (90.06 KiB) Viewed 4418 times
Re: How to use WWW & NAT on Port 80 simultaneously for users
Jul 02 08 4:56 pm
This is what I would probe to isolate the problem or provide an alternative solution. And my apologies if you definitely know that the application cannot use a proxy.
If you temporarily disable PureSight or any other plugin from the proxy, does the application work?
Temporarily reduce the session timeout for the proxy?
Temporarily disable caching?
If this application has the ability to use a proxy server, have you tried manually setting it, or sending the request to a second www proxy server that you create in WinGate - no auth etc..?
Can you set this application to use a different port number for this destination address e.g. 81 instead of 80? Setting port numbers might be found in the GUI or registry or other parameters/command lines associated with the program. If you cannot find a port number to edit then you could try setting it inline with the destination ip address/domain name; x.x.x.x:81 – assuming that can be found/edited. So on the scenario that the port number can be changed, you could setup an ENS redirection for LAN to internet for port 81 that overrides the port back to 80; possibly specify an ip address, or leave blank / 0.0.0.0 if the destination address changes. And then of course lock down via policies etc...
I am not sure if this will work but… IF this application makes a DNS request before it uses NAT then you may be able to resolve the request to the WinGate servers IP and then pass the connection through a TCP Mapping. So first of all you would add a second ip address to the WinGate servers internal network card. Then you would edit your WWW Proxy Service so to only bind to the original ip address. Create a new TCP mapping in WinGate and bind it to port 80 on this new address you created, then map it to the proper destination for that application. Then go to the LAN Client and adjust the ‘hosts’ file so to resolve e.g. application.software.com to the WinGate servers new internal ip address. Hence any request made by the application will be relayed through the new TCP Mapping on port 80. And then of course lock down via policies etc…
Depending on your network setup, If this LAN Client is connected to the same switch/hub as the hardware internet router, can you make a route on the LAN Client to bypass WinGate for this applications destination ip address, and send it directly to the hardware internet router instead?
If you temporarily disable PureSight or any other plugin from the proxy, does the application work?
Temporarily reduce the session timeout for the proxy?
Temporarily disable caching?
If this application has the ability to use a proxy server, have you tried manually setting it, or sending the request to a second www proxy server that you create in WinGate - no auth etc..?
Can you set this application to use a different port number for this destination address e.g. 81 instead of 80? Setting port numbers might be found in the GUI or registry or other parameters/command lines associated with the program. If you cannot find a port number to edit then you could try setting it inline with the destination ip address/domain name; x.x.x.x:81 – assuming that can be found/edited. So on the scenario that the port number can be changed, you could setup an ENS redirection for LAN to internet for port 81 that overrides the port back to 80; possibly specify an ip address, or leave blank / 0.0.0.0 if the destination address changes. And then of course lock down via policies etc...
I am not sure if this will work but… IF this application makes a DNS request before it uses NAT then you may be able to resolve the request to the WinGate servers IP and then pass the connection through a TCP Mapping. So first of all you would add a second ip address to the WinGate servers internal network card. Then you would edit your WWW Proxy Service so to only bind to the original ip address. Create a new TCP mapping in WinGate and bind it to port 80 on this new address you created, then map it to the proper destination for that application. Then go to the LAN Client and adjust the ‘hosts’ file so to resolve e.g. application.software.com to the WinGate servers new internal ip address. Hence any request made by the application will be relayed through the new TCP Mapping on port 80. And then of course lock down via policies etc…
Depending on your network setup, If this LAN Client is connected to the same switch/hub as the hardware internet router, can you make a route on the LAN Client to bypass WinGate for this applications destination ip address, and send it directly to the hardware internet router instead?
Re: How to use WWW & NAT on Port 80 simultaneously for users
Jul 05 08 4:54 am
Thanks, james for the no. of solutions posted....but sorry to say none are working.
Firstly it only works when i disable by un-ticking transparent proxy redirection in WWW service (basically it is not able to connect when port 80 is intercepted in WWW service) and puresight being enable or disabled does not affect.
Secondly i have tried playing with session timeout timings, does not help.
Caching is already disabled as asked.
Tried setting another WWW proxy service at port 81 (with port intercept turned off) but it does not help.
Tried redirection of ports at ENS (Lan to wingate PC and Lan to Internet) but it does not work.
Tried DNS mapping in "hosts" file but it doest not help.
Tried setting up TCP mapping at port 80 and also port 81 and redirecting it back to wingate server still does not help.
So finally got another software (low level proxy server i.e. AnalogX proxy) using port 6588 then tried using my software, then it works perfectly but still there is drawback i have to disable the proxy at port 6588 at the client side manually from the IE lan proxy settings (once the application connects) to go back to wingate proxy direct connection for using internet for browsing n other app's.
Basically i have figured out the problem, is there any solution of doing customised NAT'ing for a particular ip/user(setting up of bypass for that user) with wingate at port 80 and same time not affecting the port80 intercept at WWW proxy service for other users??? OR is there any software which i can install at the client side which does specific proxy at port 6588 for that particular application only???
Firstly it only works when i disable by un-ticking transparent proxy redirection in WWW service (basically it is not able to connect when port 80 is intercepted in WWW service) and puresight being enable or disabled does not affect.
Secondly i have tried playing with session timeout timings, does not help.
Caching is already disabled as asked.
Tried setting another WWW proxy service at port 81 (with port intercept turned off) but it does not help.
Tried redirection of ports at ENS (Lan to wingate PC and Lan to Internet) but it does not work.
Tried DNS mapping in "hosts" file but it doest not help.
Tried setting up TCP mapping at port 80 and also port 81 and redirecting it back to wingate server still does not help.
So finally got another software (low level proxy server i.e. AnalogX proxy) using port 6588 then tried using my software, then it works perfectly but still there is drawback i have to disable the proxy at port 6588 at the client side manually from the IE lan proxy settings (once the application connects) to go back to wingate proxy direct connection for using internet for browsing n other app's.
Basically i have figured out the problem, is there any solution of doing customised NAT'ing for a particular ip/user(setting up of bypass for that user) with wingate at port 80 and same time not affecting the port80 intercept at WWW proxy service for other users??? OR is there any software which i can install at the client side which does specific proxy at port 6588 for that particular application only???
Re: How to use WWW & NAT on Port 80 simultaneously for users
Jul 09 08 1:51 am
Here's how I would approach this problem:
Create a new user name for the user needing NAT WWW access, and make the user assumed by ip address & computer name. Add the new user name in Extended Networking policies so that he/she has access to NAT. On the client side, make sure the HTTP proxy is empty in IE Tools...Options...Connections...LAN Settings...Advanced, or uncheck the 'use proxy server' box if you want NAT access for everything. The user will automatically be directed to NAT for WWW access. Users with other names will not be affected.
Sounds too easy... Am I missing something?
James
Create a new user name for the user needing NAT WWW access, and make the user assumed by ip address & computer name. Add the new user name in Extended Networking policies so that he/she has access to NAT. On the client side, make sure the HTTP proxy is empty in IE Tools...Options...Connections...LAN Settings...Advanced, or uncheck the 'use proxy server' box if you want NAT access for everything. The user will automatically be directed to NAT for WWW access. Users with other names will not be affected.
Sounds too easy... Am I missing something?
James
Re: How to use WWW & NAT on Port 80 simultaneously for users
Jul 09 08 2:54 pm
Hi Raghavkakar
To answer your question - when there is an intercept on for port 80, then all NAT, SOCKS and WGIC traffic destined to that port on the internet will be intercepted and processed by the proxy. Maybe you can let the forum know what this application is that you are using; it sounds like it works with another proxy solution so it should work with WinGate. You could also create a support ticket and Logan or Jason will work through it with you.
The solution re: ENS redirection for 81 to 80 does not seem to work for me. I used to work at the Qbik's office and I am sure that was possible. I have sent an email to one of their system engineers asking for assistance with that.
The solution re: TCP Mapping and DNS manipulation should have worked though.
And Dr. Who.
If there is an intercept (transparent proxy) on port 80, then all traffic would be intercepted by that proxy. To make your solution work then Raghavkakar would need to remove the intercept from WWW Proxy --> Sessions, and have each LAN Client setup with the proxy address. I believe he does not want to do that due to convenience and centralised control via WinGate.
*The ability to decide who gets intercepted is a feature I would expect in WinGate next major version.
To answer your question - when there is an intercept on for port 80, then all NAT, SOCKS and WGIC traffic destined to that port on the internet will be intercepted and processed by the proxy. Maybe you can let the forum know what this application is that you are using; it sounds like it works with another proxy solution so it should work with WinGate. You could also create a support ticket and Logan or Jason will work through it with you.
The solution re: ENS redirection for 81 to 80 does not seem to work for me. I used to work at the Qbik's office and I am sure that was possible. I have sent an email to one of their system engineers asking for assistance with that.
The solution re: TCP Mapping and DNS manipulation should have worked though.
And Dr. Who.
If there is an intercept (transparent proxy) on port 80, then all traffic would be intercepted by that proxy. To make your solution work then Raghavkakar would need to remove the intercept from WWW Proxy --> Sessions, and have each LAN Client setup with the proxy address. I believe he does not want to do that due to convenience and centralised control via WinGate.
*The ability to decide who gets intercepted is a feature I would expect in WinGate next major version.
Re: How to use WWW & NAT on Port 80 simultaneously for users
Jul 10 08 1:43 am
And Dr. Who.
If there is an intercept (transparent proxy) on port 80, then all traffic would be intercepted by that proxy. To make your solution work then Raghavkakar would need to remove the intercept from WWW Proxy --> Sessions, and have each LAN Client setup with the proxy address. I believe he does not want to do that due to convenience and centralised control via WinGate.
Thanks - I realized that after I had posted my 'solution'.