Before writing this article I had some concerns, because now a variety of broadband access has become more and more civilian, and the use of software Proxy server seems to only apply to the home or small enterprises, the use of it seems to be a bit old-fashioned, and even some experts as a low-energy behavior. But I am sure you will have a better view of Wingate after reading this article.
First, introduce the software environment:
Operating system: Win2000 Professional
Access Equipment: ADSL
Agent service software: Wingate 4.3 Pro Chinese version
Software installation is very convenient, as long as the next,next,finish on the line, after the reboot in the status bar will appear an icon, blue indicates that the normal work, red description stop or abnormal error.
In fact, Wingate Agent service has been able to work, as long as dial-up connection on the line, if you want to use IE browse, to ie5.5 as an example, as long as the menu "Tools"-"Internet Options", bookmarks Bar connection in the "LAN settings" in the IP address of the proxy server to fill, The port defaults to 80 (can be changed), on the line, simple.
But many of our users have other needs, such as email,qq,irc,ftp,realyplay,quicktime and other Internet-related operations, how to do, as if it is not as good as those NAT class Gateway Proxy service software (such as Sygate), In fact, wingate4.3 above has been supporting the direct connection of NAT, and there are Winsock directly connected functions, as long as the installation of clients on the line, but I tried to feel it in this aspect of the work is not stable, we can only use it to look at the page, the answer is certainly not!
Email settings: As is known to all, general mail receipts use the POP3 (Post Office Protocol 3) Protocol, which sends a credit SMTP (Simple Mail Transfer) protocol. Port corresponding to the 110 and 25,wingate at the same time provide their support, in the Wingate main screen to the "service" bar, you can see that it lists a number of services, including POP3 proxy server, the port defaults to 110, the next is the client set up, I use foxmail here, take NetEase free mailbox for example. Enter the IP address of the proxy server in the mail receiving server, the username fills in here to note that the input format is "username #pop3 server Address", I am here set to "Wxhsh#pop.yeah.net". If your agent uses a non-standard port, you can change it in the middle of the customer software option.
Wingate Initial installation does not take the SMTP service, but it does not matter, you can add by hand, the right mouse button in the service bar blank, "New services" Select the SMTP Proxy service (4.3 does not have this option, you can use TCP mappings instead). And then double-click the SMTP Proxy service, you will see a pop-up window, in the "General" bookmarks Bar in the "Support through the ISP mail server to send e-mail" on the hook, because now many free senders server only send mail in this domain, to reply to the address is not the domain of the mail will automatically return the letter, So here you can fill in your ISP access to the e-mail address, I choose the Shanghai hotline of the SMTP, for "online.sh.cn." The client simply changes the outgoing server to a proxy server address.
With the LAN mail server interaction: Many small and medium-sized enterprises generally do not have the domain name registered on the Intenet, but have their own local area network mail server, then can through it to the external letter?
Take mdaemon3.57 as an example, simply enter the proxy server address in "Isp/gateway host" s IP or domain name, provided you do not change the port of the SMTP proxy server in Wingate. When MDaemon found that a letter domain name is not local will automatically send it through this address, but some delay in the middle, there is a need for friends to reference.
QQ: Too simple, as long as the QQ network settings to fill in the proxy server address on the line (with the SOCK5 agent, the default is 1080). IRC method ditto, as long as the firewall set on the line.
ftp: As a user with a website or a personal homepage, this service is very important, set the method to absoluteftp1.94 for example:
Similar to the email setting, the FTP server uses the proxy server address, and the username format is changed to @ on the line.
Realplay&quicktime&mediaplay: For the network common streaming multimedia format, they are undoubtedly the most commonly used software, I found in the use of Wingate to QuickTime and media play support is quite good, Without even making changes in media play, it uses IE's proxy settings directly.
and QuickTime in the streaming proxy in the sock and HTTP address, and then in the stream transport selected "use Http,port ID" on the completion of the network in good condition can be smooth watching the film.
But realply is not so simple, although the setup and QuickTime is similar, the method is: Select the PNA server in the proxy server, fill in the Proxy server address, the port defaults to the 1090,HTTP option set slightly. In transport, select Use specified transport, and both "RTSP" and "PNA" choose to use HTTP only.
However, some of the sites that provide RA services may have deadlocks, some of which can be viewed normally. The specific reason I am not clear, someone knows the words welcome advice.
Software version is divided into: Realplay plus 9.0,quicktime5.02,media play 7.1.
Breakpoint Continuation: Take getright4.5 as an example, in the GetRight "configuation" in "Internet-proxy" in the "Use proxy servers" hook, respectively, fill in the Http,ftp and sock proxy service address and port , it is recommended to hook up "Use HTTP protocol with FTP proxy server" in the FTP proxy settings.
However, in the process of using ADSL I found a strange phenomenon, if the Wingate installed in 98 of the environment can not be used on the client computer GetRight, and netant can be used normally.
Civil Aviation booking line settings: Because my company belongs to the aviation agency, sometimes to use the Eterm software provided by Travelsky for booking work, so also open a TCP mapping service in Wingate, Port set to 350, the default mapping address is : 202.108.104.98, the port is still 350 and the timeout is set to 1800 seconds. The client either uses the Eterm or "the Air China letter proxy front End" All simply changes the server address to the proxy server.
Some people say that interconnection is like a double-edged sword, yes, it brings us knowledge and information, but also mixed with a lot of viruses and unhealthy things. So I'm going to introduce the security settings in Wingate:
1. Build User
If your proxy server is installed on the primary domain controller then you can omit this step and it will automatically import/sync nt/2000 users. If not, it does not matter, as long as the primary domain controller to export the user list in plaintext txt, and then import Wingate, of course, you can also manually add delete. (If you are not using NT users, select Wingate or Windows accounts in the database option.)
2. Grouping
There are two ways of doing this, if you use Wingate to do DHCP and DNS server, you can use the NetBEUI machine name as a hypothetical user reference, I use the IP address reference, the method is: Press "assume user", in the pop-up window select "By IP Address"-"add", enter the IP address , "Suppose" for your users, you can also do a group of users, if you do not need to set different permissions for each user.
3. Set permissions
The following work is boring, if you want to set permissions for each user is more painful. Taking the WWW agent as an example, remove the default everyone, press Add in the permission bar, select a user or group in the specified user or group, choose "User can assume" below, and change the default rights (System permissions) to "must also". This allows you to allow a user to perform HTTP operations.
But we also want to ban some HTTP operations for this user, such as restricting access to restricted sites and downloading software.
Prohibit access to Restricted sites: Double-click the user to create a standard condition in the "Prevent List", which is: HTTP address, Condition: included, and then add a specific address. This will display a warning message whenever this user accesses the site and is documented in the Wingate system information. (Best evidence of deduction of bonuses)
Download software is not allowed: because now the network can download the software format is generally zip, exe, RAR, so you can in the "Prohibit list" set three conditions for "HTTP address": "End With", the specific address "zip,exe or rar" rules. This can effectively prevent the intrusion of foreign unknown software.
Wingate is a senior Agent service software, the Internet on a variety of functions are divided into services, so it is convenient to combine a variety of user rights settings, such as some users can only receive e-mail, only to POP3 and SMTP permissions, and some can only use QQ contact with customers, Just give sock permission (because sock can do many things, so don't give it to the user easily, and suggest some advanced filtering options in the permissions). For Superuser (that is, unrestricted users) it is best to Wingate the hardware address of its network card as a verification condition to join, so as to prevent illegal users from changing IP access.
Note: If you set more than one user in a service to access, please select "Loop connect all of the following output" in the "Interface" Bookmarks bar, or it may cause the agent service to work abnormally, personally think it is a bug of Wingate.
A suggestion to non-monthly subscribers:
Many non-monthly users who use modem or ISDN often have this trouble: to start a dial-up connection on the server every day, and then hand-cut after work, in the event of disconnection and again to redial, the use of Third-party software waste resources and inconvenient.
In Wingate, these tasks can be done automatically.
There is a scheduler in Wingate that allows you to set the time to automatically do the work you specify, and we can use this feature to automatically dial and disconnect the dial-up connection. Double-click the Scheduler, create a new event, and enter a friendly name in the description, such as "Auto dial?" quot, the occurrence of time to select "Normal event"-"daily" plus specific time, "operation" to add "dial description", completed, automatic disconnection method, as long as the operation of the "Hang up description" can be.
But if the break in the normal time or in the disconnection after the client has a special request to go online and how to do?
Wingate supports the "Demand Dial" feature, just tick the use Request connection box on the dialer and double-click a dial-up connection, and in general, the Allow Wingate to start this connection box, and then fill in the Username password in the box, and even access box to set up dial-up users and allow them to request dialing time period, powerful bar.
These are some of my experiences in using Wingate, however, Wingate as a good agent service software There are many other functions, such as dhcp,nat, cache optimization and so I did not try, but I want to be a few m large software, it can do good enough.
Note: Wingate is the best platform for Windows2000, although the 98 can work, but the stability is poor, and can not resolve the machine name, can only display IP address, real-time monitoring is not convenient.
The foregoing only represents personal opinion and may be incomplete or erroneous, welcome everyone to correct and add, do not begrudge their own pen and ink, also do not because of fear of writing wrong to be laughed at, after all, most of us are not geniuses, there must be mistakes, it is important to write it, may be helpful to others, thank you.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.