Application Servers running on the same machine as WinGate
Posted by Adrien de Croy (Import) on 30 January 2004 03:45 PM
Application Servers (such as IIS, Ftp Server etc) running on the same machine as WinGate can cause several problems if not configured properly. Mainly problems will occur if the application server causes port conflicts with the Proxy services in WinGate, by attempting to use the same port at the same time.

While there may be problems associated with the particular server application, the following are things to check to address and resolve common dilemmas.

Port Conflicts

When a proxy service port is in conflict with an application server (i.e. WinGate and the application server both installed on the same machine and they are both listening on the same port) the appropriate Proxy service will show up in GateKeeper as being stopped.To rectify this either:
  • Configure them both to use the same Port but on separate Network interfaces:
    (Requires the WinGate server to have two Network Interfaces).

    Port conflicts will only happen between two applications when they are listening on the same port on the SAME interface.

    In most common scenarios where Application servers are running on the same machine as WinGate, the machine will generally have two Network Interfaces, one with a private (internal) address and one with a public (external) address.

    When this is the case the Application server program can be configured to use its required port on the External interface, as it will usually only be accepting requests from the Internet and so only requires the use of the External IP address.

    The reverse is true for the corresponding WinGate proxy service, as it will usually only be accepting internal client Internet requests on this port through its Private interface.

    As long as the appropriate binding is set (external interface for the Application server program, and internal interfaces for the WinGate proxy service in question) then there should be no issues with port conflicts.
  • Change the port for the Proxy service to run on.
    This is a problem for example if the WWW Proxy Server and a Web server are both running on the same machine using port 80. If you change the port on the WWW Proxy Server in WinGate to say 8088, this conflict will be resolved.

    The disadvantage to this is that clients using the Proxy connection method will have to connect specifying port 8088 in their web requests for WWW to work properly.

    An alternative and easier way to resolve this is to change the port the Application server is configured to receive requests on rather then altering the Port of the particular Proxy service in WinGate.

    For example configure the FTP server to listen on port 2121 instead of Port 21. You can then use the Proxy service to receive these Internet requests on behalf of the FTP server and (through the use of the Non proxy request setting) pipe them directly to the server concerned without having to alter the FTP proxy service configuration.
For example of configuring an FTP server running on the same machine as WinGate:
  1. Open GateKeeper on the WinGate Server.
  2. Open the FTP Proxy Server under the Services tab.
  3. Select the Bindings tab.
  4. Select the Allow connections coming in on any interface radio button.
  5. Open the Non-proxy Requests tab.
  6. Select the Pipe requests through to predetermined server radio button. Here you should enter the IP address of the computer, which the FTP server is running on behind WinGate, to which all FTP requests from the Internet will be directed.
  7. Enter the port as 2121(or the new port the FTP server has been configured to listen on).
  8. Select OK as you exit out of the FTP Proxy Server
  9. Save changes in GateKeeper.

If you are using the benefits of the WinGate's Extended Networking features then an alternative way is to allow users on the Internet to access an Application Server behind WinGate by creating a security filter to handle inbound packets on the appropriate port.

So with the Example of an FTP server running on the same machine as WinGate you would do the following:
  1. Open GateKeeper on the WinGate server.
  2. Open Extended Network Services under the System tab.
  3. Select the Port Security tab.
  4. Click the Add button.
  5. On the port configuration dialog select Connections from the Internet and TCP as the protocol.
  6. Enter Port 21 or designated FTP port (as required) on the FTP server.
  7. Select the Allow Packet option.
  8. Click OK to exit the ENS configuration.
  9. Save changes in Gatekeeper
(1150 vote(s))
Not helpful

Comments (0)