ConnectionView
Overview
ConnectionView, WinProxy's Main Screen, is a helpful tool which displays important information:
- The status of all current connections to WinProxy.
- The enabled protocols and mapped ports which you have set up.
- Information about modem status (if you're using a dial-up connection).
- Status of enabled "services" such as site filtering, anti-virus, banner blocking, caching, and so on. You'll find this information at the bottom of the screen.
In addition, ConnectionView provides the entry point for all menu options.
ConnectionView in an idle state
The screenshot below shows a sample ConnectionView when WinProxy is idle. The modem, as indicated, is not currently in use or connected to the Internet Service Provider. The number shown, 90.0.0.1, is the internal network IP address of the WinProxy machine. All enabled protocols are visible below. The last entry, "gilliganvcn," is an incoming mapped port for a VNC computer-sharing application.
Figure 2.2: The ConnectionView screen in an idle state.
At this moment, WinProxy is listening for activity on the internal network connection. Each protocol shown- including the mapped port-has an associated port. For instance, the CERN HTTP, which is used primarily for web browsing, is on port 80. WinProxy responds to activity only on the ports shown; it will not respond to activity on any other ports.
This is true for external connections, also. If any incoming proxies are set up, they have their own set of listings under "Incoming Proxies" at the same hierarchic level as the 90.0.0.1 shown here. WinProxy would listen for connections only on the ports deliberately enabled, and would not be interested in connection attempts on any other ports. Since only one incoming port is shown here, WinProxy will respond to connection attempts only on that port (which is on its external network connection). It will not respond to any connection attempts on any other external ports. Most installations won't have incoming proxies set up.
SECURITY ALERT:If you have other network-responding applications on the WinProxy computer, they won't be shown here. For instance, if you have a web server running on port 8080, you won't see it or any other connections to that port. The behavior of other applications is the network administrator's responsibility. See "Security Considerations," later in section 2.5.
ConnectionView when a browser is running
The next screenshot shows ConnectionView when a browser is running and actively downloading a page:
Figure 2.3: The Connection View screen when the browser is actively downloading a page.
Connections are displayed in this window as soon as established and disappear shortly after completion. ConnectionView uses a fair amount of processor power, and may slow things down a bit if you have a fast Internet connection. Disabling ConnectionView increases the speed (and you'll still have access to the menu options). However, it's a good idea to maintain ConnectionView until you've satisfactorily configured WinProxy. For most common setups, like a Pentium machine connected through a regular modem, ConnectionView won't slow things down.
In this view, a browser on a client machine named "Gilligan" is connected through the Classic proxy to http://www.WinProxy.com. The URL shown after the arrow (www2.winproxy.com) is the name of one of our Web Servers. It's a valid alias for the URL requested by the browser, and thus passes WinProxy's Reverse Name Lookuptest. The third group-"HTTP:GET http://www2.winproxy.com"-reveals the name of the protocol and http command being used, as well as the name of the file being downloaded. Several different connection lines may be shown for a single browser connection, since browsers commonly download multiple files to form a requested page.
When the modem idle time reaches the limit established in the inactivity timer (see Dial-Up Setup in Chapter 3), WinProxy hangs up the modem. If you see modem in use by another program on the modem status line, WinProxy will not connect or hang-up the modem. If you manually use Dial-Up Networking to connect, this also WinProxy counts as "another program;" WinProxy won't hang up unless you've enabled the option always own the connection. WinProxy will be able to communicate over the modem even if another program connects it to the ISP.
Right-Clicks in ConnectionView
A feature offered in WinProxy 3.0 and above is the use of Right-Clicks to change WinProxy settings or connection status. For example, if you hold the mouse over the modem information line in ConnectionView and then click the right mouse button, WinProxy presents you with a couple of dialing options:
Figure 2.4: Right-clicking in ConnectionView allows easy access to options.
Clicking Settings takes you to the General and Dial-Up Setup section in Settings. If you click Hang-Up, Win-Proxy hangs up the modem connection immediately. It doesn't wait until active Internet connections are complete, nor will it double-check to determine if you really want to hang up. It's an immediate "guillotine" hang-up.
The screenshot below shows the results of a Right-Click on the Telnet protocol, which presents you with three options:
Figure 2.5: ConnectionView options available by right-clicking on the Telnet protocol.
You can enable or disable this protocol as you like. Keep in mind that it's a universal setting: enabling/disabling applies to all users on your network. Clicking on Properties takes you directly to the Telnet settings (the same Telnet page found under Settings/Protocols). The third option allows you to add/delete user access to telnet. The user list is taken from entries found under the Users Tab. If no entries have been made there, you won't have any choices here. In the example shown above, Chadwick is allowed to use Telnet, but Sales is not. To change either one, put the mouse pointer over the user name and left-click to toggle user permission.
This final example, below, illustrates another ability of Right-Clicking. If you hold the pointer over any connection line, you will see the option to Terminate:
Figure 2.6: Effecting immediate termination in ConnectionView.
If you then left-click on Terminate, the connection is terminated immediately-no ifs, ands, or buts. This feature is helpful when you're configuring new settings (WinProxy won't update settings while there are active connections).
Trouble-Shooting With ConnectionView
The information provided in ConnectionView can help you track down connection problems. The figure below shows a single, complete connection as a browser downloads a file:
Figure 2.7: Tracking down problems (Transparent Proxy vs. Classic Proxy connection).
The connection shown here is almost the same as the browser connection we showed you earlier, with one difference: it says "GET httn" instead of "GET http." This indicates that the browser is connecting through the Transparent Proxy rather than Classic Proxy.
Figure 2.8 shows one complete connection-a client computer downloading the files that make up a Web page- and a partial one:
Figure 2.8: Tracking down problems (complete/partial connections).
In this view, the WinProxy machine has an internal IP address of 10.0.0.1. The client machine, "Maryann," is actively downloading a web page from npr.org. Another client machine, BLUEBIRD, has made a telnet connection to the WinProxy machine, but has not yet made a telnet connection through WinProxy to another machine.
The figures below illustrate two conditions that will appear the same in ConnectionView.
The first example shows a failed external connection. We set up a direct connection on the external side-the sort obtained with a cable or DSL modem-and then physically disconnected the cable and made a browser request through WinProxy. Since WinProxy is unable to make a connection to the Internet, ConnectionView looks like this:
Figure 2.9: Tracking down problems (failed external connection leading to "404 Not Found" error).
In the above example, the internal IP address of the WinProxy machine is 10.0.0.1. The browser is on the computer named "BLUEBIRD." After a minute or so the connection line will disappear in the WinProxy window, and the browser will report a "404 Not Found" error.
The next example looks the same, but there is actually something a little different going on:
Figure 2.10: Tracking down problems (failed DNS request leading to "430 Unable to Resolve" error).
Here, the WinProxy machine has an internal IP address of 10.0.0.1. At the point shown, the browser on BLUEBIRD has made a connection request and WinProxy has initiated a DNS request to the ISP's DNS server to resolve the name into an IP address. The ISP's server has not come back with an answer-the DNS request has failed-and the connection does not proceed further. At the end of the time-out period (one to two minutes), this connection line will disappear and the browser will usually report a "430 unable to resolve" message.
The next example shows a failure at the final connection stage. The connection to the ISP is working, and the DNS lookup has succeeded:
Figure 2.11: Tracking down problems (failure at final connection).
The bottom connection is the one that has failed. For a minute or so, this line appeared only as "BLUEBIRD," with no further information shown. The line will normally be visible on the screen in the form shown for only a second or so at the end of the time-out period (about 45-60 seconds). The DNS lookup has succeeded. Now that WinProxy knows the numeric IP address of the target machine, it has tried several times to connect to that machine. When the connection attempt fails, WinProxy reports a "0.0.0.0" address and closes the connection attempt. The browser will probably report a "425 Unable to Connect" message.
It takes several packets back and forth to establish a connection, and somewhere in the process a packet wasn't received in time. Reasons include:
- a computer is there, but it's down at the moment
- a computer is there, but it's not accepting connections on that port
- a computer is there, but it's busy and fails to return connection packets in the allowed interval
- the TTL (Time To Live entry in the registry's packet settings) is too low
- a high packet-loss rate on the connection means that some packets just never show up (there is some redundancy built into the connection process, but a 5% packet loss rate is enough for you to see some failed connections)
The final example shows two things: 1) an incoming connection-a connection initiated from outside the firewall, connecting through an incoming mapped port to an IP address behind the firewall; and, 2) the form used for incoming connection information.
Figure 2.12: Incoming connections can sometimes take a surprising form.
In this view, a distant machine at IP address "dynamic51.pm02.pleasanton.best.com" has connected through an incoming mapped port on the WinProxy machine to the client machine at IP address 90.0.0.1. This connection line shows the IP address of the internal machine receiving the connection. That internal connection will almost always be to a machine other than the WinProxy machine itself. Take a look under the telnet protocol (the name shown, "ginger.minnow.com," is the WinProxy machine). The connection you see is WinProxy responding to the telnet connection request on its internal network connection-the one that just came in through the incoming port!
