ICQ, WinGate SOCKS5, & RRAS Packet filtering on NT

Danny Sinang ( (no email) )
Wed, 17 Dec 1997 12:25:41 -0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Mitch Wagers: "RE: 56K x2 server side modems"
Next message: Juergen Weiss: "IIS 4.0 and ASP"
Next in thread: Jason Zigmont: "Re: ICQ, WinGate SOCKS5, & RRAS Packet filtering on NT"

Hi.

Here's my current setup:
======================
1. NT Server 4.0 w/ SP3 and RRAS
2. Running Bind NT DNS server, IIS 3.0 and a Content-filtering proxy server
( WebSense )
3. I enforce content-filtering by forcing my dial-in users to use the proxy
server by assigning them private IP addresses.
4. Everything ( web, ftp, email, irc ) works fine, except that my dial-in
users can't use ICQ.

Here's the problem:
======================
1. One dial-in user wants to use ICQ
2. I activated WinGate's SOCKS5 server ( on NT server also )
3. I could connect my ICQ client on my workstation PC ( connected to my LAN
) to ICQ server via WinGate SOCKS5 server.
4. I told my dial-in users to configure their ICQ client software to use my
WinGate's SOCKS5 server.
5. They can't connect to ICQ server even though WinGate indicates a SOCKS5
connection was initiated.

IP addresses:
==============
1. NT Server LAN card - 208.142.150.9 ( 255.255.255.252 ) & 172.31.1.1 (
255.255.255.0 )
2. Dial-up connection to ISP - 208.142.150.6
3. Dial-in users ( private IP addresses ) - 172.31.1.2 ( 255.255.255.0 )

Question :
======================
Any idea on how to solve this ?

Here's an idea:
======================
1. Assign users valid IP addresses
2. Use packet filtering to disable routing through of packets pertaining to
web and ftp access

Special things to consider:
======================
1. Access to my IIS web and ftp server should still be available to
everyone - be it from the outside or from my local lan.
2. Proxy server residing on NT server should still be able to make requests
for my web , ftp, and IRC clients
3. Email should still work

Given all the info above, here are my other questions:
=======================================
1. What type of packet filters should I make ? Input or Output ?
2. On what interface should I put the filters ? On my LAN card or on my
dial-up interface to my ISP ?
3. I read the RRAS docs but I'm still confused. Would somebody be kind
enough to help me make the packet filters ?

Danny Sinang
President, Uplink Technologies, Inc.
danny@uplink.com.ph
http://www.uplink.com.ph/danny/

Previous message: Mitch Wagers: "RE: 56K x2 server side modems"
Next message: Juergen Weiss: "IIS 4.0 and ASP"
Next in thread: Jason Zigmont: "Re: ICQ, WinGate SOCKS5, & RRAS Packet filtering on NT"