Ottawa PC Users' Group, Inc.
 Software Reviews


WinRoute Pro v4.1
by Chris Taylor

Over the past year, I have used SyGate to share the PUB II ADSL Internet connection with other computers in my house. Although I was pretty satisfied with the product, I had a couple of minor issues with accessing an Exchange Server from my client machines. To provide protection from the black hats on the Internet, I used BlackICE Defender. It also seemed to do a good job, although I found its flashing icon a little annoying after a while.

Win Route Then I heard of a product that would do both the above jobs and more, while permitting more extensive customization - WinRoute Pro v4.1 from Tiny Software. It is a NAT (Network Address Translation) gateway, allowing multiple machines to share an Internet connection, a packet-filter firewall to keep the wolves at bay, a DHCP server to take care of TCP/IP configuration on machines on the local LAN, a DNS forwarder to take care of name resolution requests for all machines, a POP3 mail server to provide mail services, and a proxy server to conserve bandwidth.

Installation and initial configuration was very simple and clearly laid out in the 128-page PDF-format manual downloaded from the Internet (an extra US$20 gets a boxed copy with printed manual). My primary interest was with the NAT gateway so my computers could share the PUB II connection to the Internet. Since the computers were already configured with appropriate network cards, I was up and running in minutes.

NAT allows you to share a single valid, Internet-routable IP address with all your computers that are networked together. The nice thing about using NAT is that software on your client machines does not need to be reconfigured in order to access the Internet. In essence, almost everything works as if the computer had its own connection to the Internet. This is in sharp contrast to proxy servers which only work with certain types of software and require re-configuration on each client machine. The manual has a wonderful section that clearly explains how NAT works.

One potential problem with using a NAT gateway is if you want people on the Internet to be able to access computers behind your NAT gateway. Since these machines have what is known as private IP addresses, it is not possible to connect directly to them from the Internet. There is simply no way that Internet routers will pass on the packets to those private IP addresses. WinRoute Pro gets around this problem through port mapping. Basically, you tell WinRoute Pro that packets coming into the WinRoute Pro computer (which has a valid Internet-routable address) destined for a particular port should be forwarded to a specific machine on your internal network. For example, if you are running a Web server on a computer behind the NAT gateway, you could tell the port mapper that any packets sent to port 80 (the default for Web servers) should be forwarded on to the computer running the Web server, which then responds to the web requests.

By default, WinRoute Pro closes all inbound ports, effectively preventing anyone on the Internet from connecting to your computer and doing bad things. In cases like PUB II, you want to open some ports to allow folks from the Internet to connect to your computer. I needed to open port 21 for Telnet, 23 for FTP, 25 for SMTP, 80 for HTTP (Web server), and 110 for POP3. WinRoute Pro includes a packet filter firewall that is easily configured to control access to any TCP or UDP port. You can open ports for access from a specific IP address or address range or allow access from any address. You can even limit the period of time a port is accessible. For example, you could make a web server available only from 5:00 p.m. on Fridays until 8:00 a.m. on Mondays.

Not only can you limit inbound traffic, but you can do the same for outbound. If you want to ensure your 8-year old is not surfing the web from the computer in his room all night, it is a simple matter to limit outbound access to certain hours. You can also block access to particular ports from a specific computer.

In the WinRoute Pro firewall, the action to be performed on inbound packets may be set to permit, drop, or deny, with the default being deny. This means the port is visible, but the person can't connect to the port. For the ultimate in security, you want to tell the firewall to drop packets. That way, your computer does not even appear to exist to others out on the Internet. Very cool! Personally, I think drop should be the default action. If you download build 20 or higher from the Tiny Software web site, you can change the default to drop. I discovered this almost by accident. I suggested to Tiny Software that they add a history list to the Web site and they have agreed to do so.

The mail server in WinRoute Pro appears to be quite functional, allowing you to configure an e-mail server that will function within your LAN. Connecting to the outside world is a bit more complex. While you can easily send e- mail to the Internet, receiving is a little harder. To do this right, you need to register a DNS name. Given that you need two DNS servers in order to register a name, plus the fact that you probably only have one valid Internet-routable IP address, suffice it to say that you are going to need some assistance here. However, there are free DNS hosting services (http://granitecanyon.com) that enable you to run your own Internet mail services for all the folks on your network, whether that is your family or the employees of a company.

If you want to conserve bandwidth, WinRoute Pro includes a proxy server. A proxy server receives requests for HTML elements such as pages and graphics. If the cache in the proxy server already has the information from a previous request, it returns the information directly, saving the fetch across the Internet. If it does not have the information already, the proxy server fetches it over the Internet, returns the information to the requesting machine and stores a copy in the cache in case someone else requests it. I am not a fan of proxy servers, but it is there for those who want to use it.

WinRoute Pro has excellent logging capabilities that can help when it comes to trouble-shooting. I was able to analyse log files to discover the root of my problems with Exchange Server. When I connect to the Exchange Server, it picks two completely random UDP ports above 1024 for use in pushing new mail notifications to the client. I first attempted to use the port mapper to map all accesses from the IP address of my Exchange Server on ports above 1024 and send them to my client machine. So far no luck, but I have not given up yet.

WinRoute Pro v4.1 requires a Pentium class PC with 32MB RAM, 1MB disk space, and Windows 9x/NT4/Win2K. Cost ranges from US$199 for 5 users to US$699 for unlimited. For those with somewhat less demanding requirements, WinRoute Lite and WinRoute Home drop some of the more advanced features for prices as low as US$49. See the Web site at http://www.winroute.com for details.


Bottom Line:

WinRoute Pro v4.1
Tiny Software Proprietary Software (US $199)
from Tiny Software
Web site: http://www.winroute.com


Addendum:

As of February 1st, 2002, WinRoute Pro is sold by Kerio Technologies, Inc., and is thus called Kerio WinRoute Pro (v. 4.2.4).
Kerio Technologies, Inc. Logo

 

 


Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON  K2G 1S6

The opinions expressed in these reviews may not necessarily
represent the views of the OPCUG or its members.

Page created: 10-Sep-00
Page updated: 23-Oct-2002