NAT Server

The NAT server provides connections to Internet services for ResNet PCs that won't work through the web cache. Not all services are supported. Following a spate of attempted security breaches by local students we have enforced stricter access control rules on the NAT server.


NAT Server Rules

There are currently rules in place to allow certain protocols or services. Anything that is not specifically allowed is blocked. The fact that a service s allowed does not imply that ISS provides any support for the service - see Support Issues.

The following protocols are allowed:

  • ICMP - protocol used for control messages and problem diagnosis.
  • TELNET - protocol used to logon to remote computers.
  • SSH - secure replacement for telnet and several other cleartext protocols.
  • POP - also known as POP3 - the most basic protocol for downloading email.
  • IMAP - also known at IMAP4 - a more advanced protocol for downloading email.
  • IRC - one of the first interactive chat services.
    Note that DCC is not permitted due to previous problems with misuse.
  • Yahoo Messenger - an interactive chat service.

In addition, there are rules in place to permit use of the following services:

  • ICQ - an interactive chat service.
  • AIM - AOL interactive chat service.

The following protocols are not allowed (or, where noted, don't work):

  • SMTP - Simple Mail Transfer Protocol - this means that while you can collect mail from remote POP or IMAP servers you must send out mail though the University mail server (smtp.lancs.ac.uk).
  • all other traffic - is blocked.

Note: you can receive email from external providers, but you must configure your emailer to send through the University mail server. For details see Configure Outlook.

The following protocols/services will not be added to the 'allowed' list:

  • DCC - Direct Client to Client - used by IRC to transfer files. This was previously allowed, but has been removed due to misuse.
  • HTTP - use the web cache instead.
  • FTP - use the web cache instead.

This change in policy should reduce the number of external complaints that we receive (and have to spend time investigating) due to students attempting to breach security on remote systems.

To the Top
Line

Support Issues

MSN Messenger, AIM, IRC, ICQ, Yahoo Messenger

ISS does not provide any support for these services. We can give no advice or help on their use beyond what is noted on this page.

FTP

Due to technical limitations of the FTP protocol, only 'passive mode' FTP can be supported via the web cache. Many FTP clients support passive mode, either by default, or by a minor configuration change.

Unfortunately the above does not always work - an alternative is being considered.

More information on FTP client configuration is available from About FTP.

MSN Messenger

MSN Messenger can be configured to use the web cache:

  1. start MSN Messenger (ensure that you are NOT signed in).
  2. click on the 'Tools' menu then the 'Options' option - see tabbed Options dialog.
  3. click on the 'Configuration' tab.
  4. click on the 'I use a proxy server' option.
  5. drop the 'Type' list and choose 'Http Proxy' option.
  6. in 'Server' box, type: wwwcache.lancs.ac.uk
  7. in 'Port' box, type: 8080
  8. click OK.
  9. Sign in as usual

The sound feature of MSN IM is not available.

©Lancaster University   ISS Governance   Computer User Agreement   Privacy Statement  

Lancaster University
Bailrigg
LancasterLA1 4YW United Kingdom
+44 (0) 1524 65201