SOHO proxy server and firewall for Windows 95/98/NT

SOHO proxy server and firewall for Windows 95/98/NT

June 5, 2002

One of two proxy servers on the 'net currently using the WinProxy moniker (the other being Ositis' WinProxy), LAN-Projekt's WinProxy is an efficient combination firewall/proxy server. Like most combination firewall/proxy servers solutions, WinProxy has three major functions: modem sharing, firewall/proxy server capabilities, and Web page caching.

Modem sharing allows all computers on a local network to access the Internet through a single modem and Internet connection. The proxy server aspect handles outgoing requests from computers on a LAN, while the firewall handles incoming requests and protects against unauthorized access. Finally, caching allows for more efficient use of resources for users of the proxy server. With a shared cache, users can quickly and efficiently retrieve Web pages that have been downloaded previously without having to reconnect to the Internet.

In addition to supporting the HTTP (web) protocol, WinProxy also supports SSL/HTTPS (secure web), FTP, Gopher, and SOCKS 4/5 protocols (with SOCKS5 Authentication capabilities). Additionally, the server acts as a gateway for FTP, POP3, SMTP, News (NNTP), Real Audio, and Telnet services. WinProxy is also the first proxy server to include an integrated mail server.

WinProxy presents you with two options for sending and receiving mail. The first is to use the server's SMTP/POP3 Gateway, which will handle requests for receiving mail from specified POP3 servers and sending mail to specified SMTP servers. The second option is to use WinProxy's built-in mail server, which allows your users to send and receive their mail via the WinProxy SMTP/POP3 server. In this scenario, WinProxy automatically downloads and stores e-mail from specified POP3 servers and sends outgoing messages via the built-in SMTP server. The POP3 server also offers mail filters for sorting messages by recipient into specified mailboxes (the filters are limited to sorting by the To: e-mail header).

Additional features in WinProxy include support for up to 900 users and 100 groups of users, dial-up networking support, proxy cascading, URL restrictions (restrict access by specific users or groups to a list of URLs), dial-on-demand capabilities, Windows system traybar support (although it would be more useful if the icon changed colors and/or listed the number of users currently connected), Microsoft RRAS SteelHead support, the ability to run as a Windows NT system service, support for mapped links, and the ability to store passing data into the shared cache. WinProxy's firewall capabilities, while not on the level of an advanced commercial package, should prove good enough to turn away most unwanted attempts to compromise the system.

WinProxy offers three basic security options: logging, Secure Interfaces, and IP list restrictions. When logging is enabled, WinProxy will enter an entry into the security log anytime an attempt is made to access the server from an IP address not listed in the IP list or anytime a computer attempts to access the server via an insecure interface. The Secure Interfaces option allows you to authorize a group of local network interface IP addresses so that they can access the server. (Note: If no IP addresses are entered in the Secure Interfaces section, all computers will be able to access WinProxy.) Finally, the IP List is a list of specific IP addresses that are allowed to access WinProxy. Both single IP addresses and ranges of addresses can be entered in this field. (Again, if no addresses are entered, all IP addresses will be able to access WinProxy.)

One setback to initially getting up and running with WinProxy is its poor installation routine (the server also lacks an uninstall routine). After installing the server, you are presented with an icon for running the server itself and two additional icons for launching a readme file and for Web-based configuration documentation. In other words, there are no icons available for configuring the client. The problem is compounded by the lack of a wizard or similar helpful tool for assisting you in getting started quickly and painlessly.

Thankfully, though, once you understand how to get started (which can be an exercise of frustration if you don't take a peak at the readme file), configuration is a straightforward and intuitive process. WinProxy configuration is performed through a series of Web forms that are accessible via the http://host:3129/admin address (where host is the name of the computer running WinProxy). In addition to configuration tools and documentation, this page will present you with administration tools for displaying status (connection, dial-up, and cache statistics) and log information, logging in to the server, entering manual administration commands, and managing user mailboxes.

The server itself is available in four packages. The downloadable demo can be used freely for an unlimited period of time, but it is limited to two concurrent users, two mailboxes, and a maximum cache size of 1 MB. A $99 5-user license is available that extends the demo to five concurrent users, five mailboxes, and an unlimited cache. A $199 10-user license is also available, as is an unlimited-user license for $299. By sending a message to you can get a free trial key that enables you to try the unlimited version for 20 days. Complete pricing details are available from the WinProxy Web site.

Overall, like the other WinProxy available on the 'net, LAN-Projekt's WinProxy is a proxy server best suited for smaller and less intensive sites that need a combination proxy server/firewall/modem sharing solution in order to provide network security and improve Web performance to LAN users. Larger sites will likely want to take a look at the enterprise-level proxy servers from the likes of Netscape and Microsoft instead, but small office and home office users will find in WinProxy an inexpensive, feature-rich proxy server that more than meets their needs.

Pros: 7 Inexpensive proxy server/firewall/modem sharing solution, 7 Easy to configure and administer (once you know how to access the server's browser-based configuration/administration tools), 7 Extensive set of features

Cons: 7 Poor installation routine (no setup wizard or icon for launching the configuration interface), 7 Limited to 32-bit Windows platforms, 7 No uninstaller, 7 System traybar icon needs to provide more connection information

New: 7 Integrated POP3/SMTP mail server, 7 Real Audio support, 7 Web-based configuration, 7 Support for Mapped Links, 7 SSL (HTTPS) proxy support, 7 Proxy Cascading; 7 Release Notes

New in Update 1: Microsoft RRAS SteelHead support, advanced access list
Upgrade Meter: 2

New in Update 2: Added support for Mirabilis ICQ via SOCKS5; Release Notes
Upgrade Meter: 2

New in Update 3: Reordered entries so the last one in the log files is shown first; fixed problems that ocurred when WinProxy was restarted under Windows 98; can now be run as a service under Windows 95/98; weekends can be excluded in mail processing; added new, high priority mail headers that cause immediate mail send; increased the number of recepients that can be specified in "To:" and "CC:" mail headers; compatible with Windows 2000; Release Notes
Upgrade Meter: 2

New in 1.5: Protection against mail server abuse; time intervals when dial-up is allowed; three levels of mail logging; improved cache performance; administration interface is better arranged; UDP ports mapping; remote POP3 account can also contain @ character; maximal length of POP3 account was increased (up to 128 characters per account and 256 characters per server); three levels of mail logging (downloaded via POP3, received via SMTP, and outgoing mail); sys admin can select a mail account where all e-mails will be stored; SMTP server support requires a previous logging (SMTP before to POP3); improved administration interface; simple uninstallation; proxy/cache option of whether the TTL should be read from HTTP header; Release Notes
Upgrade Meter: 2

New in 1.5.1: Schedule dial replaced by demand dial; time intervals option (HH:MM-HH:MM) added for when the connecting to the Internet is allowed (default set-up is daily 00:00-23:59); can map UDP ports; Release Notes
Upgrade Meter: 2

Version Reviewed: 1.4 Update 2
Date of Review: 6/26/99
Last Updated: 10/1/01
Reviewed by: Forrest Stroud

Operating Systems / Latest Versions:

Windows NT Server: Intel - (v1.4 Update 2). Windows 95/98 - (v1.4 Update 2)