I had some concerns before writing this article, because various broadband access methods have become increasingly common, and software-based proxy servers seem to be only applicable to families or small businesses, at this time, the usage of writing it seems a little old, and may even be regarded as a low-energy behavior by some experts. But I believe that after reading this article, you should change your view on wingate.
First introduce the software environment:
Operating System: win2000 professional
Access Device: ADSL
Agent service software: wingate 4.3 pro Chinese Version
Software Installation is very convenient, As long as next, next, finish. After the restart, an icon will appear in the status bar. Blue indicates normal operation. Red indicates stopping or exception.
As a matter of fact, the wingate Proxy service is ready to work. You only need to make a dial-up connection. If you want to use ie to browse, take ie5.5 as an example, you only need to go to the menu "tool"-"internet Options ", fill in the IP address of the proxy server in "LAN Settings" in the bookmarked column connection. The default port is 80 (which can be changed.
However, many of our users have other requirements, such as email, qq, irc, ftp, realyplay, quicktime, and other online operations. What should we do, it seems that it is not as good as the nat Gateway proxy service software (such as sygate) at this time. In fact, winsock and above already support direct nat connection and the function of direct winsock. You only need to install the client, but after I tried it, I thought it was not stable in this aspect. Can we only use it to view the webpage? Of course, the answer is no!
Email settings: As we all know, mail generally uses pop3 (Post Office Protocol 3) protocol, and smtp (Simple mail transmission) protocol for mail. The ports are 110 and 25 respectively. wingate also provides support for them. On the wingate main screen, switch to the "service" column and you can see that it lists many services, there is a pop3 proxy server, and the port is also 110 by default. The next step is the client settings. Here I use foxmail, taking Netease free mailbox as an example. Enter the ip address of the proxy server in the email receiving server. Enter the username in the format of "username # pop3 server address". Here, set it to "wxhsh # pop.yeah.net ". If your agent uses a non-standard port, you can change it in the advanced options of the customer software.
The initial installation of Wingate does not contain the smtp service, but it does not matter. You can add it manually by right-clicking in the blank area of the service bar, select "smtp proxy service" from "new service" (this option is not available below 4.3 and can be replaced by tcp ing ). Double-click the smtp proxy service and a window will pop up. In the "General" bookmarked column, "support sending emails through the isp Mail Server" is checked, currently, many free sending servers only send mails in the domain, and will automatically return mails that are not in the domain. Therefore, you can enter the email address accessed by your isp here, here I select smtp from the Shanghai hotline as "online.sh.cn ". The client only needs to change the sending server to the proxy server address.
Interaction with lan email servers: many small and medium-sized enterprises generally do not have domain names registered on intenet, but they have their own LAN email servers. Can they send external emails through it?
Take mdaemon3.57 as an example. You only need to enter the proxy server address in "isp/gateway host" s ip or domain name ", provided that the port of the smtp proxy server is not changed in wingate. When mdaemon finds that a letter's domain name is not a local domain name, it will be automatically sent out through this address, but there is some latency in the middle, there is a need for friends for reference.
QQ: It's too easy. Just fill in the proxy server address in the qq network settings (use sock5 proxy, the default value is 1080 ). The Irc method is the same as above. You only need to set it in the firewall.
Ftp: as a user with a website or personal homepage, this service is very important. The setting method is absoluteftp1.94:
Similar to the email setting, the ftp server uses the proxy server address, and the username format is changed.
Realplay & quicktime & mediaplay, in media play, you do not need to make any changes. It directly uses the proxy settings of ie.
In quicktime, you only need to fill in the sock and http addresses in streaming proxy, and then select "use http, port id" in stream transport, you can watch movies smoothly when the network is good.
But realply is not that simple. Although the setting is similar to quicktime, the method is: Select pna server on the proxy server and enter the proxy server address. The default port is 1090, http option settings are omitted. In "transmission", select "use specified transmission", "rtsp", and "pna" to only use http.
However, some websites that provide ra services may experience deadlocks, but some of them can be viewed normally. I still don't know the specific reason. If you know it, please kindly advise.
The software versions include realplay plus 9.0, quicktime5.02, and media play 7.1.
Resumable upload: Take getright4.5 as an example. In getright "configuation", "internet-proxy" hooks up "use proxy servers", and fill in http as follows, for ftp and sock proxy service addresses and ports, we recommend that you check "use http protocol with ftp proxy server" in ftp proxy settings.
However, in the process of using ADSL, I found a strange phenomenon. If wingate is installed in the 98 environment, it will not be able to use getright on the client, but netant will be able to work normally.
Civil Aviation ticket booking line settings: Because my company is an airline agent, sometimes I want to use the eterm software provided by travelsky to book tickets, so I also need to open a tcp ing service in wingate, set the port to 350. The default ing address is 202.108.104.98, the port is still 350, and the timeout value is 1800 seconds. The client only needs to change the server address to the proxy server no matter whether it uses eterm or "the front-end of the China Air Mail agent.
Some people say that Internet connection is like a double-edged sword. Yes, it brings us knowledge and information, and it is also mixed with a lot of viruses and unhealthy things. So here I will introduce the security settings in wingate:
1. Create a user
If your proxy server is installed on the master domain controller, you can skip this step and it will automatically import/synchronize users of nt/2000. If not, it does not matter. You only need to export the user list in plaintext txt mode on the master Domain Controller and then import it to wingate. Of course, you can also manually add or delete the list. (If not only nt users need to select wingate or windows Account in the database option ).
2. Group
There are two methods here. If you use wingate for dhcp and dns server, you can use the netbeui machine name as the assumed user reference. Here I use the IP address reference method: in the pop-up window, select "add by IP Address"-"add" and enter an IP address. If "assume" is your corresponding user, you can also create a user group, if you do not need to set different permissions for each user.
3. Set permissions
The following work is boring. It is even harder to set permissions for each user. Take www Proxy as an example to delete the default everyone. In the permission bar, press "add" and select a user or group from "specified user or group, select "user can assume", click "OK", and change the default right (system permission) to "must be at the same time", so that you can allow a user to perform http operations.
However, we also want to disable some http operations for this user, such as access to restricted Sites and software downloads.
Prohibit access to restricted Sites: Double-click this user and create a standard condition in "forbidden list". The rule is "http address". The condition is "include" and the specific address is added. In this way, a warning is displayed and recorded in wingate system information whenever the user accesses the site. (Best evidence of bonus deduction)
Software Download prohibited: because the current software formats available for download on the network are zip, exe, and rar, you can set three conditions in the "prohibit list" to "http address ",: "end with", specific address "zip, exe or rar" rules. This can effectively prevent the intrusion of unknown external software.
Wingate is an advanced proxy service software that separates all functions on the internet, so it is easy to combine various user permission settings. If some users only receive emails, only pop3 and smtp permissions are granted. Some users can only contact the Customer via qq, and only sock permissions are granted. (because sock can perform many operations, do not give it to users easily, and it is recommended to do some advanced filtering schemes in the permission ). It is recommended that super users (I .e. unlimited users) Add the hardware address of their network card as the verification condition in wingate to prevent unauthorized users from entering the network by changing the ip address.
NOTE: If more than one user can access a service, select "loop join all output links below" in the "page" Bookmarks Bar ", otherwise, the proxy service may not work properly. I personally think it is a wingate bug.
Some suggestions for non-monthly subscription users:
Many non-monthly subscription users who use modem or isdn often have this problem: they need to start a dial-up connection on the server every day to go to work, and manually cut it off after work. In case of disconnection, they need to re-dial again, using third-party software wastes resources and is inconvenient.
In wingate, all these tasks can be completed automatically.
There is a scheduler in wingate that can set the time to automatically complete the specified job on time. We can use this function to enable it to automatically dial and disconnect the dial-up connection. Method: double-click the scheduler to create a new event. Enter a note name in the description, for example, "auto dial? Quot;, select "regular event"-"Daily" plus specific time in the occurrence time, and add "dial description" to "operation" to complete. The automatic disconnection method is the same as above, you only need to change the description to "hanging up" in the operation.
But what if the client has another special request to go online after disconnection or disconnection within the normal time?
Wingate supports the "request dialing" function. You only need to check the "use request connection" box in the "dial" and double-click a dial connection, in the "General", check the "allow wingate to start this connection" box, and fill in the username and password in the box below, you can even set a period of time in the "access" box for users who can dial and allow them to request a dial-up.
The above is some of my experience in using wingate. However, as an excellent proxy service software, wingate has many other functions, such as dhcp, nat, and Cache Optimization, but I want to be able to do enough for a software that is only a few MB.
Note: Windows is the best wingate platform. Although it can work on 98, it has poor stability and cannot resolve the machine name. It can only display IP addresses, which is not convenient for real-time monitoring.
The above content only represents my personal opinions and may be incomplete or incorrect. You are welcome to correct and supplement it. Do not leave your pen and ink alone, or be laughed at for fear of mistakes, after all, most of us are not geniuses. When we make mistakes, it is important to write them out, which may be helpful to others. Thank you.