Client Access Tab
The settings on this Tab affect how WinProxy interacts with your client applications and the amount of control you have over those connections. A trade-off exists between ease of client application configuration and the amount of control a WinProxy administrator has over Internet access.
Figure 3.17: Classic proxy path. Choosing Classic Proxy Only disables the lower-level functions of WinProxy
The Classic Proxy Only Setting.
The least transparent setting is the Classic Proxy Only setting (NAT and Transparent Proxy are disabled), in which each and every application must be specifically configured to run through a proxy. When this setting is chosen, WinProxy works exactly as WinProxy 2.1 did-no more, no less.
Classic Proxy provides the maximum control over user access to the Internet (e.g., you can set things so that clients access only mail servers designated by you). This setting is appropriate for schools, churches, businesses or anybody who wants to control site access. All that's required is the willingness to spend time on occasional administrative duties.
When choosing the Classic Proxy position on the slider, you disable the lower-level functions in WinProxy. You'll retain the application-level firewall (the same firewall as WinProxy 2.1), but not the system-level firewall provided by the 3.0 and above drivers.
The Classic Proxy is included as a subset of other access methods, thus offering its connectivity as well as the system-level firewall available with the other settings.
Figure 3.18: NAT path connections pass through the nether regions. You'll never see evidence of them at the user level.
The Network Address Translation Setting
The setting providing the least control over user access, NAT enables lower-level drivers but does not pass the connections through the WinProxy application level. Client Applications are then allowed to access the Internet through the NAT.
With NAT, Internet applications configured to use a proxy are shown in ConnectionView when active, and are subject to all of the restrictions and control available in the WinProxy interface. Unlike the Classic Proxy Only setting, however, the external driver-level firewall is active; proxy access through the firewall is regulated by the firewall settings.
Internet applications not configured to use a proxy go through the NAT. The connections are not visible in ConnectionView, and are not subject to any of the restrictions and control otherwise available in the WinProxy program. The application-level of WinProxy won't be aware of these connections, which means that you can't see them, log them, or regulate them.
For client machines to access the Internet through NAT, they must have the WinProxy IP address listed in their Network Gateway setting.
A Note for Dial-Up Users:Connections made through the NAT will not be seen by WinProxy's inactivity timer, making it possible for the inactivity timer to cut you off in mid-download. We recommend that Dial-Up users leave their Client Access Method at the default Transparent Proxy setting instead of switching to the NAT setting.
Figure 3.19: Transparent Proxy path. Transparent Proxy connections utilize lower-level drivers, passing through the application level interface where you can see them.
The Transparent Proxy Setting
Having control over the different levels allows WinProxy a choice of connection paths. If the connection is handled entirely at lower levels, then the operation is entirely by NAT and will be invisible at the user level.
The other choice: doing Network Address Translation down in the gutty-wuts, but passing the connection through the application level where you can see it, log it, and control it. This method, known as a Transparent Proxy, allows an ideal combination of ease of use and potential control.
There are two variations of Transparent Proxy provided: The first is Transparent Proxy for Web (HTTP), FTP and Mail only. NAT connections using any of these three protocols are routed through the application level where they can take advantage of caching (for HTTP), Anti-Virus scanning (all three), and all other WinProxy functions. Anti-Virus scanning is specifically for these three protocols-a major reason for providing this as a choice under Transparent Proxy. All other NAT connections go straight through the NAT, and are not visible to WinProxy at the user level. A slight speed advantage may be gained by having these other connections run only through the NAT.
The second variation of the Transparent Proxy is the one most users will find amenable. This choice is to send all NAT connections through WinProxy's application (user) level, where they can be seen and controlled (if necessary). This is the default setting: "Transparent Proxy - all connections." As you view the connections in WinProxy, you'll see little visible difference between Classic Proxy and Transparent Proxy connections; that's why we provide you with some clues such as using httn for Transparent proxy connection reports, and adding "Transparent Proxy" at the end of connection lines for other protocols.
When this setting is chosen, any applications configured to use a Proxy connect through the WinProxy Classic Proxy. Applications configured to use a network (but not a proxy) connect through the WinProxy Transparent Proxy
