WinGate Forums

[kziade]

Hello everyone.

Sorry to disturb, I have a little question I'm sure you will have an answer for :-)
I'm sorry if it has already been discussed, I didn't find the solution in fact.

I have a Wingate server, which is filtering the access for all my local network.
In this LAN, I have a webserver I want to be seen from the Internet (local IP 192.168.0.140)

So, basically, I went into the Extended Networking, then Port Security.
I clicked the Add button, and added these parameters :

• A description
• Internet computers to the Wingate PC : checked
• TCP : checked
• Ports : 80 to 80
• Action : redirect Packet to IP 192.168.0.140
• Notify on access
• Cloak connection failures
• Use default timeouts

But, as you can imagine, otherwise I would not be posting this ... it doesn't work !

What am I doing bad ?

Can you help me, please ?

[Nev]

Hi,

So before the redirect and when a user tried to connect to the web server [0.4] it caused a firewall hit on the external interface?

Can't recall whether you should enable 'don't translate source IP' at this time of day! :)

[kziade]

... when a user tried to connect to the web server [0.4]

Sorry, what do you mean by [0.4] ?

In fact, I think I found what was blocking : I had to let the ingoing requests pass through the 8080 port (in fact, any port should be good I imagine) and NAT it to 80 internally via the TCP Mapping Service.
I suppose it's because into my LAN, my WWW proxy Server is bound to the 80 port, and the proxy didn't understand that the request was from the external card ?

So, for now, the website in my LAN can be found via
http ://MachineName (via the LAN)
and
http : //myExternalIP:8080 (via the Internet, and I NAT it to MachineName on port 80)

If any of you have a better solution, I'm always interested :-)

Thanks

PS. : nothing to do with that, but for the board : I checked the 'Notify me when a reply is posted' checkbox, and had no mail for Nev answer ... Is that normal ?

[adrien]

you could always unbind the WWW proxy from external. Then port 80 should be available on external for a firewall hole.

Unless you are using it for a reverse proxy, or have it locked down so people can't use it, then you'll find spammers use it to send spam by using the CONNECT method to connect to servers on port 25.

[kziade]

Hi Adrien.

Thanks for the reply.

Just to be sure : do you mean that if I let the port 80 bind from external, spammers can use py servers to send spam ?

[adrien]

Hi

yes, if you leave the HTTP proxy bound to external, and don't lock it down, you will see users making connections on port 25 (e.g. a session "CONNECT to ..... :25") in there, used to send spam.

In general, any external proxy requests should be authed. Is there a reason you need to leave the www proxy bound to external? e.g are you using it as a reverse proxy or webserver?

Regards

Adrien