The General Tab
Overview
Once you make a change to a configuration setting, it takes effect immediately-or, more precisely, as soon as you've returned to the Main Screen. You'll receive confirmation of changes through a small dialog box informing you that the new settings are now in affect. WinProxy waits for an end to all communications through the proxy before updating, so any connections in progress won't be disrupted.
If you have a dial-up connection to your Internet Service Provider, you'll be prompted to dial the ISP each time you enter Settings. Once connected, you can use names such as mail.myisp.com instead of numeric IP addresses. WinProxy does an immediate lookup if you use names; if you're not connected, the lookup fails and is followed by a routine time-out period.
Figure 3.1: The General Tab under Settings determines WinProxy's fundamental behavior.
The General Tab determines WinProxy's basic behavior. The screen shown above is from WinProxy on a Windows 95 operating system. If you're running WinProxy under NT, the only change will be the next-to-last option. Instead of Reside in the taskbar, and load before logging into Windows, this option will read Run as Service.
Tab options
Internal IP Address
The Internal IP address is the one used by WinProxy to listen for connections on your network from other computers.
After WinProxy examines your system, the IP address (or addresses) it has found appears in the window or drop-down tab. The address displayed is not directly configurable from this tab: if you intend to use an IP address different from the one shown, changes must be made within Control Panel/Networks.
A NOTE OF CAUTION:The IP address shown in the Internal IP box must not be the address of your external connection to the Internet.
For additional information, including a short discussion on the distinction between internal and external connections, click on the question mark.
Multiple IP Setup
If only one IP address is found, the Multiple IP selection is grayed out. If more than one IP address is found the selection is enabled, as shown in Figure 3.1. Clicking the enabled button produces this screen:
Figure 3.2: Selecting internal IP addresses.
WinProxy can find IP addresses but doesn't necessarily know which are internal and which are external. It makes an "educated" guess and tentatively puts non-routable numbers in the Internal box, but this placement isn't always accurate. Therefore, you need to double-check and be sure that: (1) ONLY the IP address(es) connecting to your local network are listed in the Internal IP box, and (2) the connection to your Service Provider is listed in the External box.
CERN Proxy Port
This is the internal port on which WinProxy listens for Web connections. When doing so, WinProxy uses the CERN Proxy specification, which supports the CERN Proxy protocol for HTTP and FTP. This port is the primary port used by your browsers for HTTP, FTP, and secure connections. The default setting for this proxy port 80, is commonly used as the port for World Wide Web activity. If you're already running a web server on your internal network, you may need to change this setting. Port numbers 81, 8080, and 8081 are common alternatives.
Proxy Cascading
If WinProxy is the only firewall/proxy between you and the Internet, you can ignore Proxy Cascading-it won't be needed for most installations in the U.S. and Canada operating behind standard service providers.
However, if you have one or more additional firewalls, you'll want to enable this feature. Some U.S./Canadian institutions do have multiple firewalls in place (certain cable modem providers, large corporations, government agencies, educational institutions, etc.). In addition, service providers outside North America commonly use a proxy when providing service to customers. For more pointers on determining whether you're operating behind another proxy server, look at Step #9 the Properties Wizard in Chapter 1, Section 1.6.
Another use of proxy cascading is to secure a network within another network while maintaining access to the Internet through an "upstream" firewall.
Proxy Cascading configures WinProxy to forward requests from itself to another proxy server. To set it up, you'll need to know the IP address and the Proxy port of the other proxy machine. Cascaded proxies can be nested as deeply as you like, but keep in mind that performance is degraded with each additional proxy cascade. Proxy cascading is currently only supported for HTTP and Secure Sockets requests. Other protocols, such as Mail and News, can be supported indirectly by pointing to the external proxy as the server. Telnet can be done by telnet-ting to the first proxy, then to the second, and then outside.
Cascading provides access to the intermediate network only when allowed by the next firewall. In practice you will often have access, including when another copy of WinProxy serves as the external firewall. An example: a company runs one copy of WinProxy used by all its employees, while a second copy is used by the R&D staff to further secure its valuable data. If you find that you have access to the intermediate net, but not to the outside world, then you probably need cascading to get out.
Cascading Port: This value must be set to the port number of the next proxy server between you and the Internet. If left blank (or if it's invalid), proxy cascading is disabled.
Cascaded Proxy IP: This value must be set to the IP Address of the next proxy server.
Administration Password
WinProxy allows simple administration from any machine on the internal network. Access to such remote administration-as well as to WinProxy's Time Window override-can be restricted with Administration Password. If this field is left blank:
- Remote administration via http://proxy.command can be done from any machine on the Internal network.
- Any user can override the time window.
- Any user at a WinProxy computer can enter the Settings and Advanced Settings pages.
BE A SAVVY USER:Don't forget the password. Write it down and put it in a safe place. There is no easy way to recover a lost or forgotten password.
Verify IP Addresses with Reverse Name Lookup
WinProxy contains a security feature that causes all name lookups to be verified with a reverse lookup before a connection is made. In normal operation an address in the domain name form-e.g., WinProxy.com-is con-
WinProxy verted to a numeric IP address with a DNS lookup before the page is retrieved from the Internet. When Reverse Name Lookup is enabled, WinProxy takes the results of the DNS lookup and does a reverse lookup-from number back to name-to ensure retrieving the name you started with.
This procedure adds security to the system by making it very difficult for hackers to use IP spoofing. WinProxy makes provision for common address changes like legitimate aliases and alternate servers, but it doesn't permit access to valid web pages if they are improperly configured. With a browser you'll see an explicit failure message, while other protocols show a non-specific message such as "403 forbidden." If you encounter trouble accessing certain sites, try disabling this feature.
NOTE:This option will be grayed out if you have enabled Proxy Cascading.
Disable ConnectionView Feature
ConnectionView allows WinProxy to show all connections on the main display. Keep in mind that such a display can slow down the system. If you are running on a slower machine with a fast Internet connection, you may want to disable Connection View by checking this box, thus speeding up Internet access. You'll still have access to menu items, but the main portion of the window is left blank.
Use Dial-Up Networking
If you want WinProxy to oversee the modem connection, click Dial-Up Setup to enable and configure this feature. WinProxy supports only the Microsoft Windows Dial-up Networking program and the AOL automatic dialer, which provide the connection to your Service Provider. More information on this feature is contained under General Properties.
NOTE:If you have a permanent connection or connect to the Internet manually, leave this option disabled.
Reside In The Taskbar And Load Before Logging Into Windows (Windows 95 and higher) or Run as a Service (Windows NT)
WinProxy can reside in the taskbar or system tray under Windows 95/98/NT/2000/Me/XP. When WinProxy is running in the system tray, it shows up as a small "mask" icon on the right side of the taskbar. Double-click on this icon to display/hide the main window. You can also right-click on the icon to connect or hang-up the modem.
Under Windows 95/98/2000/Me/XP, checking this option causes WinProxy to load before logging into Windows. This allows WinProxy to restart automatically even after a power failure, when nobody has yet logged into Windows.
Under NT, when running as a service, the options are more extensive. For more information on installing WinProxy as a service, refer to Chapter 4, Section 4.7, "Running WinProxy As a Service Under Windows NT."
Permit Domain Names In Mail, News And Mapped Port Configuration
Checking this box allows you to enter domain names in Mail, News and mapped port settings, rather than using IP addresses. More and more ISP's are using named servers, so they change the actual IP address at will. Most users these days must use names for their mail and servers. If it's possible to use the actual IP address, instead of the name, you add some security to your system. By using IP addresses you are much less susceptible to IP spoofing.
NOTE:You should be connected to the ISP when entering names into the configuration boxes.
