Hi,
I use the WWW Proxy Service to give Internet access to the users of my network and defined restrictions to see only specific sites for a group of users. I did not use the BAN option but I defined a list of permitted web sites they can navigate.
I want to change to NAT and I need to know if I can have these same kind of restrinctions too as I do not see a NAT Service.
Regards,
Jorge Maldonado
INTERNET RESTRICTIONS
Moderator: Qbik Staff
6 posts
• Page 1 of 1
by adrien » Oct 07 05 4:06 pm
hi
the simplest way for this is to transparently proxy - the client machines are configured not to use a proxy, but are set up like for a NAT solution. However wingate intercepts the connections, and they go through the proxy anyway - then you can keep all the rules just in the WWW proxy.
Check the Sessions tab in the WWW Proxy. This is where you enable transparent proxy, and define the ports it intercepts.
Adrien
the simplest way for this is to transparently proxy - the client machines are configured not to use a proxy, but are set up like for a NAT solution. However wingate intercepts the connections, and they go through the proxy anyway - then you can keep all the rules just in the WWW proxy.
Check the Sessions tab in the WWW Proxy. This is where you enable transparent proxy, and define the ports it intercepts.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by JORGEMAL » Oct 08 05 5:27 am
adrien wrote:hi
the simplest way for this is to transparently proxy - the client machines are configured not to use a proxy, but are set up like for a NAT solution. However wingate intercepts the connections, and they go through the proxy anyway - then you can keep all the rules just in the WWW proxy.
Check the Sessions tab in the WWW Proxy. This is where you enable transparent proxy, and define the ports it intercepts.
Adrien
I did what you told me but I have a problem now.
I tried setting some filters following a Knowledgebase Article called "Blocking client access to Specific URL's and Sites" which, at the end, says as follows:
------------------------------------------------------------------------------
By default WinGate performs Http-Socks handover when the request fail via HTTP, and as a result you will need to configure this policy in the Socks Proxy service as well.
To do this:
Open Socks Proxy Server under the Services tab in Gatekeeper.
Select the Socks Advanced tab.
In the HTTP Protocol section select the USE this Policy radio button and from the drop down menu select WWW proxy server.
Click OK till you have exited the Socks Proxy Server
Save changes in GateKeeper.
------------------------------------------------------------------------------
I wanted to do what it says but I do not see the "HTTP Protocol section" mentioned above. In the SOCKS Advanced tab all I have is a SOCKS Request section with 2 checkbox options:
1. Perform reverse name lookup . . .
2. Use RFC1929 ...
What can I do in this case ?
I have Wingate version 6.0.4.
If I do not pay attention to the SOCKS Advanced options above then I cannot access any web page. The only way I get access is when I set the "Default rights" to "may be used instead" but this way I get access to everywhere. If I change the "Default rights" to "are ignored" or "MUST also be granted" then I do not have access anywhere.
The System Policies are "Everyone, Unrestricted rights" by default and if I delete it and set here the same rules and groups I have as in the WWW service then everything works fine but I think it is not a good idea to have the rules duplicated.
Regards,
Jorge Maldonado
- JORGEMAL
- Posts: 29
- Joined: Apr 17 04 4:34 am
by jamesc » Oct 08 05 2:53 pm
I did not use the BAN option but I defined a list of permitted web sites they can navigate.
When you say you defined a list of permitted websites, you are talking about creating policies correct?
I wanted to do what it says but I do not see the "HTTP Protocol section" mentioned above. In the SOCKS Advanced tab all I have is a SOCKS Request section with 2 checkbox options:
1. Perform reverse name lookup . . .
2. Use RFC1929 ...
We will have to change that, that must be for an earlier version.
Questions:
1. How are your users authenticated in the WWW proxy service? Basic / Java / NTLM / Assumed by ip / Assumed by name / None(Unknown)
2. What group(s) are you adding in for the policy?
3. What user database? WinGate / NT Local / NT Domain
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by JORGEMAL » Oct 11 05 4:36 am
jamesc wrote:I did not use the BAN option but I defined a list of permitted web sites they can navigate.
When you say you defined a list of permitted websites, you are talking about creating policies correct?I wanted to do what it says but I do not see the "HTTP Protocol section" mentioned above. In the SOCKS Advanced tab all I have is a SOCKS Request section with 2 checkbox options:
1. Perform reverse name lookup . . .
2. Use RFC1929 ...
We will have to change that, that must be for an earlier version.
Questions:
1. How are your users authenticated in the WWW proxy service? Basic / Java / NTLM / Assumed by ip / Assumed by name / None(Unknown)
2. What group(s) are you adding in for the policy?
3. What user database? WinGate / NT Local / NT Domain
Yes, a list of permitted websites means a policy in the WWW Service.
Now, I am answering your 3 questions.
1. I only defined that Users Maybe Authenticated in the Properties of a group called grpRestricted which will contain all of the users with Internet access restrictions.
2. I only have one group with one user, the group is called grpRestricted and the user in it is JorgeMal.
3. The user database is Wingate.
Regards,
Jorge Maldonado
- JORGEMAL
- Posts: 29
- Joined: Apr 17 04 4:34 am
by JORGEMAL » Oct 11 05 11:19 am
JORGEMAL wrote:jamesc wrote:I did not use the BAN option but I defined a list of permitted web sites they can navigate.
When you say you defined a list of permitted websites, you are talking about creating policies correct?I wanted to do what it says but I do not see the "HTTP Protocol section" mentioned above. In the SOCKS Advanced tab all I have is a SOCKS Request section with 2 checkbox options:
1. Perform reverse name lookup . . .
2. Use RFC1929 ...
We will have to change that, that must be for an earlier version.
Questions:
1. How are your users authenticated in the WWW proxy service? Basic / Java / NTLM / Assumed by ip / Assumed by name / None(Unknown)
2. What group(s) are you adding in for the policy?
3. What user database? WinGate / NT Local / NT Domain
Yes, a list of permitted websites means a policy in the WWW Service.
Now, I am answering your 3 questions.
1. I only defined that Users Maybe Authenticated in the Properties of a group called grpRestricted which will contain all of the users with Internet access restrictions.
2. I only have one group with one user, the group is called grpRestricted and the user in it is JorgeMal.
3. The user database is Wingate.
Regards,
Jorge Maldonado
As I did not have defined any authentication method in the WWW Service I made a change here and now it is working. I will keep testing and let you know if there is any additional issue.
Best regards,
Jorge Maldonado
- JORGEMAL
- Posts: 29
- Joined: Apr 17 04 4:34 am
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 103 guests