Re: Wingate alternatives on Linux

From: Mouse Anony (nil_einne1_at_email.com)
Date: 09/26/03 

Date: 26 Sep 2003 06:37:45 -0700

"Eric Gibson" <aithien@bellsouth.net> wrote in message news:<kiRcb.25915$an.18583@bignews6.bellsouth.net>...
> Try something like http://www.smoothwall.org/ I guess. It's a linux distro
> designed specifically for firewalls, it has a web based management system
> and it's free. If you go to http://www.freshmeat.net/ there are a lot of
> management (CGI) scripts for linux iptables/ipchains. A whole lot of them.
>
> From what I read winsock redirector is just for wingate (which I believe
> acts as a proxy and/or SOCKS firewall)... You don't need something like this
> with any default linux ip masquerading setup, you just set up the linux box
> as your gateway and the source machine should be able to use any port it
> wants.

Actually Wingate has NAT (called ENS), the Winsock Redirector Service
and proxy (including socks support and transparent redirect of the
previous two to the proxies. I don't really use the proxies except
socks on some occasions. But I do use the WRS. While doing research, I
realised that it's more correctly called the WinGate Internet Client
(WGIC) which according to their homepage provides an alternative to
manual proxy server settings without the limitations that NAT (Network
Address Translation) imposes on some Internet applications. WGIC is a
simple client installation for each computer on the network. The WGIC,
in conjunction with the Gateway Discovery Protocol (GDP) and the
Winsock Redirect Protocol (WRP), provide communication between all of
the clients through the WinGate server. I don't really know enough to
try to explain how it works but it does. I think strictly speaking it
is a proxy of sorts but it only requires you to install an app in your
comp and after that everything just access the internet like normal.

I use the WGIC as my main access point on most computer with NAT as
backup. On some occasions, applications doesn't use it for some reason
(must be to do with the way they access the winsock layer) so NAT is a
very useful backup. But I prefer the WGIC since as the page says, it
enables many protocols/applications to work which don't work with NAT
for some reason (e.g. embed the IP in the data stream) to work without
requiring me to manually set up proxies, and that's assuming the app
supports them, or doing other things like port mapping etc. Also of
course it sometimes makes it easier for more then one user to use the
same app at once (or sometimes one can use NAT and the other WGIC).
Mind you, it isn't perfect of course and doesn't always work.
Sometimes, using NAT instead is better but I can easily tell the WGIC
to ignore an app so it'll use NAT. But still, overall it works well
without too much worrying in most instances if an app is going to work
and if it doesn't what do I need to do.

However, although WinGate does have a firewall, it's not really that
great, especially in protecting against trojans etc because there is
no way of application level control if you're using both the WGIC and
NAT (at least none that I can think of). Still it can be used to block
on a port basis so it protects against the real nasties like RPC. I've
tried using ZoneAlarm with WinGate but it wasn't happy. So security is
probably not as good as would be hoped.

But anyway, I digress. Thanks for your help. But it doesn't look as if
I'm going to find anything useful available yet. I say yet because I
just discovered during my research that a WinGateX is in development
for Linux. It looks likely it'll be the solution to my problems.
However, it's only in a tech preview/alpha stage so I'm expecting a
long wait :-(

Relevant Pages

  • Re: Wingate alternatives on Linux
    ... > management scripts for linux iptables/ipchains. ... Actually Wingate has NAT, ... is a proxy of sorts but it only requires you to install an app in your ...
    (comp.os.linux.networking)
  • Re: Help for a secure Firewall
    ... > router with static NAT to a Linux Box Server. ... > Obviously with NAT I could build a web-server! ... > configure the router with NAT to my linux box (all ports,!? ... > Is Apache a danger used also as a Proxy server? ...
    (comp.security.firewalls)
  • Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall
    ... external VPN servers? ... > I did know you have Linux for NAT and my original suggestions still stand. ... > solution has IPsec passthrough, ...
    (microsoft.public.win2000.security)
  • Re: public ip address behind nat
    ... Basically because NAT is altering all packets leaving on rl0 on your 'nat' ... machine, to the outside world the packets leaving your network, from 'app' ... >your public IPs to the externalinterface of your NAT box.I have a similar ... Lee Johnston, Wildcard Internet ...
    (freebsd-net)
  • problem with llinux multi ethernet cards configuration
    ... I'am trying to configure 2 LANS to access internet via a linux box. ... /sbin/iptables -t nat -P POSTROUTING ACCEPT ... PING 10.251.160.49: 56 data bytes ... packets transmitted, 2 packets received, 0% packet loss ...
    (comp.os.linux.networking)