Apologies for any information repeated. As of WinGate release 2.1b, the default behavior of the program is to not accept proxy connections on the "real" IP address of the machine by default. Since the damage has already been done with the mass use of the earlier versions, I threw together a simple stopgap fix for Cisco routers. Adding the following lines to your access lists gives a simple and effective fix for the majority of the problem: router#config t Enter configuration commands, one per line. End with CNTL/Z. router(config)#access-list <n> deny tcp any <user space address> <user space hostmask> eq 1080 router(config)#access-list <n> permit ip any any router(config)#int <ethernet interface> rouetr(config-if)#ip access-group <n> in <n>=a number between 100-199 <user space address>/<user space hostmask>=The addresses of your dialup users. Please noted that access list hostmasks are backwards from normal convention, so a 255.255.255.0 subnetmask would be 0.0.0.255. <ethernet interface>=the interface of the network segment your dialup users are on. The last two commands can be repeated for multiple interfaces. What this does: This blocks the standard SOCKS Proxy port for all machines inside the specified network mask. Since there are VERY few instances where an ISP would find it desirable for a user to run a proxy on their dialup connection, this shouldn't disrupt any of your services. Also, please note that there is an article posted to http://www.wingate.net/secure-wingate.htm on how to secure open WinGate's. Hope this helps, Mike Zimmerman mikeat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:47:06 PDT