Re: ICQ, WinGate SOCKS5, & RRAS Packet filtering on NT

Jason Zigmont ( jason@kilroys.net )
Thu, 18 Dec 1997 18:17:47 -0500

Unfortunenly you need to have valid IP addresses to use ICQ... I fought
with this one at one of my client's offices...

Jason

At 12:25 PM 12/17/97 -0000, you wrote:
>Hi.
>
>Here's my current setup:
>======================
>1. NT Server 4.0 w/ SP3 and RRAS
>2. Running Bind NT DNS server, IIS 3.0 and a Content-filtering proxy server
>( WebSense )
>3. I enforce content-filtering by forcing my dial-in users to use the proxy
>server by assigning them private IP addresses.
>4. Everything ( web, ftp, email, irc ) works fine, except that my dial-in
>users can't use ICQ.
>
>Here's the problem:
>======================
>1. One dial-in user wants to use ICQ
>2. I activated WinGate's SOCKS5 server ( on NT server also )
>3. I could connect my ICQ client on my workstation PC ( connected to my LAN
>) to ICQ server via WinGate SOCKS5 server.
>4. I told my dial-in users to configure their ICQ client software to use my
>WinGate's SOCKS5 server.
>5. They can't connect to ICQ server even though WinGate indicates a SOCKS5
>connection was initiated.
>
>IP addresses:
>==============
>1. NT Server LAN card - 208.142.150.9 ( 255.255.255.252 ) & 172.31.1.1 (
>255.255.255.0 )
>2. Dial-up connection to ISP - 208.142.150.6
>3. Dial-in users ( private IP addresses ) - 172.31.1.2 ( 255.255.255.0 )
>
>
>Question :
>======================
>Any idea on how to solve this ?
>
>
>Here's an idea:
>======================
>1. Assign users valid IP addresses
>2. Use packet filtering to disable routing through of packets pertaining to
>web and ftp access
>
>
>Special things to consider:
>======================
>1. Access to my IIS web and ftp server should still be available to
>everyone - be it from the outside or from my local lan.
>2. Proxy server residing on NT server should still be able to make requests
>for my web , ftp, and IRC clients
>3. Email should still work
>
>
>Given all the info above, here are my other questions:
>=======================================
>1. What type of packet filters should I make ? Input or Output ?
>2. On what interface should I put the filters ? On my LAN card or on my
>dial-up interface to my ISP ?
>3. I read the RRAS docs but I'm still confused. Would somebody be kind
>enough to help me make the packet filters ?
>
>
>
>Danny Sinang
>President, Uplink Technologies, Inc.
>danny@uplink.com.ph
>http://www.uplink.com.ph/danny/
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com
>
>
>
___________________________________________________________
Jason Zigmont (N1JIV) jason@kilroys.net
Director Voice: (860)828-2474
Kilroy's Internet/Empath Systems Fax: (860)829-4279
Quote of the Day:
* I'm not cheap, but I am on special this week
___________________________________________________________