ICQ, WinGate SOCKS5, & RRAS Packet filtering on NT

Danny Sinang ( (no email) )
Wed, 17 Dec 1997 12:25:41 -0000


Here's my current setup:
1. NT Server 4.0 w/ SP3 and RRAS
2. Running Bind NT DNS server, IIS 3.0 and a Content-filtering proxy server
( WebSense )
3. I enforce content-filtering by forcing my dial-in users to use the proxy
server by assigning them private IP addresses.
4. Everything ( web, ftp, email, irc ) works fine, except that my dial-in
users can't use ICQ.

Here's the problem:
1. One dial-in user wants to use ICQ
2. I activated WinGate's SOCKS5 server ( on NT server also )
3. I could connect my ICQ client on my workstation PC ( connected to my LAN
) to ICQ server via WinGate SOCKS5 server.
4. I told my dial-in users to configure their ICQ client software to use my
WinGate's SOCKS5 server.
5. They can't connect to ICQ server even though WinGate indicates a SOCKS5
connection was initiated.

IP addresses:
1. NT Server LAN card - ( ) & ( )
2. Dial-up connection to ISP -
3. Dial-in users ( private IP addresses ) - ( )

Question :
Any idea on how to solve this ?

Here's an idea:
1. Assign users valid IP addresses
2. Use packet filtering to disable routing through of packets pertaining to
web and ftp access

Special things to consider:
1. Access to my IIS web and ftp server should still be available to
everyone - be it from the outside or from my local lan.
2. Proxy server residing on NT server should still be able to make requests
for my web , ftp, and IRC clients
3. Email should still work

Given all the info above, here are my other questions:
1. What type of packet filters should I make ? Input or Output ?
2. On what interface should I put the filters ? On my LAN card or on my
dial-up interface to my ISP ?
3. I read the RRAS docs but I'm still confused. Would somebody be kind
enough to help me make the packet filters ?

Danny Sinang
President, Uplink Technologies, Inc.