Dear All
Our link is moved to http://aitisis.wordpress.com
Senin, 28 Juni 2010
Jumat, 25 Juni 2010
How to read and open .DAT files in Windows
So you just received an email with an attachment that someone sent you, but the extension on the file is .DAT. What exactly is a .DAT file and how to you open .DAT files? Those are two questions I’m going to try to answer as this is an issue that I’ve seen many times in my IT career!
The first thing to understand about .DAT files is that it indicates a file that has arbitrary data. That means it’s not associated with any one particular program or application. When you see a file with a .XLS extension, you know it’s referring to an Excel file, and so on. But with .DAT files, you have to figure out how to open it yourself and it may not be the same program each time.
Image Source:http://www.hannonhill.com
The best way to open a .DAT file is to use the program that created it. However, if you’re not sure, you can always try Notepad. Now when you open it in Notepad, you may be able to recognize some of the data, but the rest will most likely be junk spewed out by the program that created it.
You’ll normally only see this file format when receiving emails with attachments. Most common programs today do not generate .DAT files and only computer programmers use these files on any kind of regular basis.
So your first step would be to ask the person who sent you the email if they know which program was used to create the file. Now if they tell you that they actually sent a picture or a document and they are not sure why it’s a .DAT file, it could be that the file extension was changed in the process of having the email routed to you.
For some strange reason, some email programs automatically change the file extension on email attachments to .DAT. So if the person sent you a picture and now it’s a .DAT file, you first need to save it to your computer and then change the file extension to JPG or GIF or PNG or whatever you think it’s supposed to be. If they sent you a Word document, change it to .DOC, etc.
You can change the file extension on a file by first going to My Computer, clicking on Tools and then Folder Options.
Next click on the View tab and then scroll down to the option “Hide extensions for known file types” and UNCHECK it. In this way, we’ll now be able to see the file extension and change it to something else.
Now simply right-click on the .DAT file and change the file extension after the dot to the desired file format.
You should also see the icon representing the file change to the appropriate program use to open that file type, i.e. Excel in the above picture.
So what do you do if you’re not sure which program it came from or what the original file extension was supposed to be? You can also try right-clicking on the file and then choosing Open With and try different programs. For example, I changed one of my Excel files to a .DAT extension and then right-clicked on it to open it with Excel and it worked!
Now I just chose Microsoft Excel from the list and Excel was able to read the file since the data was written by Excel, it just had a wrong file extension.
You can also try other programs like Windows Media Player since it will open it if it happens to be a video, MP3, or similar media format. So hopefully you are now able to open your mysterious .DAT file using one of the above mentioned methods! If not, post a comment and I will try to help! Enjoy!
[tags].dat file, open dat file, how to open a dat file, how to open a dat file, dat file extension, what is a dat file[/tags]
source : http://www.online-tech-tips.com/computer-tips/how-to-open-dat-files/
The first thing to understand about .DAT files is that it indicates a file that has arbitrary data. That means it’s not associated with any one particular program or application. When you see a file with a .XLS extension, you know it’s referring to an Excel file, and so on. But with .DAT files, you have to figure out how to open it yourself and it may not be the same program each time.
Image Source:http://www.hannonhill.com
The best way to open a .DAT file is to use the program that created it. However, if you’re not sure, you can always try Notepad. Now when you open it in Notepad, you may be able to recognize some of the data, but the rest will most likely be junk spewed out by the program that created it.
You’ll normally only see this file format when receiving emails with attachments. Most common programs today do not generate .DAT files and only computer programmers use these files on any kind of regular basis.
So your first step would be to ask the person who sent you the email if they know which program was used to create the file. Now if they tell you that they actually sent a picture or a document and they are not sure why it’s a .DAT file, it could be that the file extension was changed in the process of having the email routed to you.
For some strange reason, some email programs automatically change the file extension on email attachments to .DAT. So if the person sent you a picture and now it’s a .DAT file, you first need to save it to your computer and then change the file extension to JPG or GIF or PNG or whatever you think it’s supposed to be. If they sent you a Word document, change it to .DOC, etc.
You can change the file extension on a file by first going to My Computer, clicking on Tools and then Folder Options.
Next click on the View tab and then scroll down to the option “Hide extensions for known file types” and UNCHECK it. In this way, we’ll now be able to see the file extension and change it to something else.
Now simply right-click on the .DAT file and change the file extension after the dot to the desired file format.
You should also see the icon representing the file change to the appropriate program use to open that file type, i.e. Excel in the above picture.
So what do you do if you’re not sure which program it came from or what the original file extension was supposed to be? You can also try right-clicking on the file and then choosing Open With and try different programs. For example, I changed one of my Excel files to a .DAT extension and then right-clicked on it to open it with Excel and it worked!
Now I just chose Microsoft Excel from the list and Excel was able to read the file since the data was written by Excel, it just had a wrong file extension.
You can also try other programs like Windows Media Player since it will open it if it happens to be a video, MP3, or similar media format. So hopefully you are now able to open your mysterious .DAT file using one of the above mentioned methods! If not, post a comment and I will try to help! Enjoy!
[tags].dat file, open dat file, how to open a dat file, how to open a dat file, dat file extension, what is a dat file[/tags]
source : http://www.online-tech-tips.com/computer-tips/how-to-open-dat-files/
WMDecode - get attachments from winmail.dat files on Windows
Programs for Free Download
The download you may be looking for first is WMDecode for Windows - for extracting files from winmail.dat mail messages (files named winmail.dat or ATT00001.dat).
The remainder are indispensable add-ins for your EPOC32 palmtop. They have been tested on a Psion Series 5, but most should work on the 5mx, 5mx Pro, GeoFox, NetBook, Series 7, Osaris, and Revo or Revo Plus. Some notes are included below on compatibility. The WMDecode program is the only program here for Microsoft Windows, all the others are for EPOC32/Symbian/Psion etc.
They are free for you to download and use. We have put much time into producing these and we would appreciate it very much if you purchased software licenses via RegNet (secure transaction).
--------------------------------------------------------------------------------
WMDecode - get attachments from winmail.dat files on Windows
Download WMDecode.zip (25K) For Windows 95, 98, ME, NT, 2000, XP, Vista etc. Version 1.11
Microsoft Windows version of WinMail.dat decoder - all versions of Windows. Time-limited - expires 28 May 2010.
(Download again from here when it expires. Click this link to get a non-expiring version for only $10. See ReadMe.txt in download).
WMDecode is a utility you can use in conjunction with your e-mail program. When you receive a message from a user with Microsoft Outlook who has sent you a message in Microsoft Outlook RTF format, you will receive the normal message text along with an attached file named 'winmail.dat'. Strictly speaking it's not a Word rich text file and you can't use Word to read it.
The winmail.dat file contains a formatted version of the message (which this program ignores) and any attached files. WMDecode will scan the selected winmail.dat file for attachments and save them individually, defaulting to the original (long) filename.
WMDecode is easy to use. To install, copy the file WMDecode.exe to your desktop. To use, just drag/drop a WINMAIL.DAT file from your Desktop or file-folder onto it to retrieve the attached files.
HELP!! For a full User Guide Please Click Here. Download HTML Help guide from here HTMLHelp.chm.
Note - if you use Microsoft Outlook Express and receive a message from an Outlook user which should have an attachment but appears to be missing then it may be still there. Just drag the email itself from Outlook Express to the desktop, then drag it again onto WMDecode.exe. Attachments will then be searched for - easy!
(This is a new feature in Version 1.11 - If you are a registered user then please email me and I can arrange for you to have it emailed to you).
--------------------------------------------------------------------------------
DownCount - Word and Number Game V1.07 Pocket Brain Exerciser!
DownCount.zip (56K) For EPOC32/Psion/Symbian WITH ROM DICTIONARY - e.g. Series 5,5mx & 7
DownCountR.zip (56K) For EPOC32/Psion/Symbian WITH RAM DICTIONARY - e.g. Revo, Revo+ or Mako
DownCount will test your word and number skills. You will need to think quickly to get a good score. Resemblances to a TV quiz game of a similar name are purely coincidental!
To install DownCount run the SIS file in the zip archive.
NOTE: If you have a Revo (or other EPOC32 without built-in dictionary), ensure that the Spell application on the Revo CD-ROM is installed first, and that you are installing the correct version of DownCount- DownCountR.sis (otherwise DownCount AND Spell may not work).
There are 9 rounds in a game:
3 Word rounds
1 Number round
3 Word rounds
1 Number round
1 Conundrum round
You can pick a game difficulty of 'Easy' which gives you double the time to play each round.
The Word Round Each round is in two stages. In the first for the Word round, select 9 letters using the Vowel or Consonant buttons. You have up to 30 seconds to do this from selecting the first letter. After the last letter is selected the next stage starts and you then have 30 seconds to make the longest word you can out of your chosen letters. When the 30 seconds is over, your answers are checked against the dictionary and scored. Then the computer works out any alternatives for you to see how much better you could have done.
The Number Round In the first stage for the Number round, select 6 numbers using the '25/75/100' or '1-10' buttons. You have up to 30 seconds to do this from selecting the first number. After the last number is selected the next stage starts and you are shown the target number to reach. You then have 30 seconds to enter an arithmetic expression using chosen numbers only once to make a sum as close as possible to the target. You can use the screen buttons to enter a number, the number keys and the symbols ×÷+-(). You can enter more than one answer by pressing the Enter key and the best scoring answer will be chosen at the end of the round. When the 30 seconds is over, your answers are checked against the target number and scored. Then the computer works out any alternatives - the computer plays a mean number round!
The Conundrum Round Press Enter to start the Conundrum round. The computer selects a 9 letter word and randomly orders its letters. You then have 30 seconds to make a 9 letter word out of those letters. When the 30 seconds is over, your answers are checked against the dictionary and scored. Then the computer works out any alternatives.
Enjoy the game!
--------------------------------------------------------------------------------
WinMail.zip (7K) For EPOC32/Psion/Symbian Operating System Only, Not Windows (see above download).
WinMail - Extract attachments from winmail.dat files V1.04 Extracts even more file 'types'.
A program which extracts attachments from the WINMAIL.DAT file sent by Microsoft Outlook with Rich Text Format messages.
This program is a utility you can use in conjunction with the Psion/Symbian e-mail program. When you receive a message from a user who has 'mistakenly' sent you a message in Outlook RTF format, you will receive the normal message text along with an attached file named 'winmail.dat'. Strictly speaking it's not a Word rich text file and you can't use Word to read it, it's a format called TNEF.
This winmail.dat file contains a formatted version of the message (which this program ignores) and any attached files. Save the winmail.dat file to any folder and then run this program. It will scan the selected winmail.dat file for attachments and prompt you to save them individually, defaulting to the original (long) filename.
--------------------------------------------------------------------------------
Anagram.zip (9K)
Anagram - Anagram Generator V1.1 Released as SIS file, Symbian UID. Some bug fixes for longer phrases. [ Revo users - please install the Psion Spell checker from your CD and then install this file instead: AnagramRevo.zip ]
This program 'discovers' multi-word anagrams. Enter your word or words in the top box. Extra spaces are removed and the words are converted to lower case. Press Enter and the program will use the computer's dictionary to work out a multi-word anagram. E.G. enter the word 'orchestra' and you will get a list of anagrams including 'cart horse'.
Various options include minimum word lengths and one letter words.
--------------------------------------------------------------------------------
FivePlay.zip (16K)
FivePlay - Mobile Music Sound Player V1.3 Added Revo compatibility
Lets you play selected multiple sound files in a sequence. It's a bit like an MP3 player, only it uses native EPOC32 format sound files. (Why create an MP3 player for the Series 5 when the speaker cannot reproduce MP3 quality and MP3 files are larger anyway?) FivePlay lets you set up PlayLists which play your audio tracks in the order you want them.
A 4 minute track takes up 2Mb, so to make this a practical proposition you really need a big CF disk to store an 'Album'. Many PC programs are available which 'rip' CD tracks and export then to WAV files - you can then use PsiWin to covert and copy them to the Series 5. I find that it's useful to approximately double the volume of the sound file before transferring it. Playing sound takes some current though, so you do need to watch your battery life.
--------------------------------------------------------------------------------
Play.zip (16K)
Play - Sound File Player for the Revo V1.01
The Series 5/mx and others have 'Record' for recording and playing sound files. Although there's no microphone on the Revo, it can still play sound files. Play lets you play a sound file. It uses native Psion format sound files. Download sound files from the web or convert them using PsiWin. INSTALL ON REVO ONLY - MAKES SOUND FILES OPEN BY CLICKING ON THEM.
source : http://www.biblet.freeserve.co.uk/
The download you may be looking for first is WMDecode for Windows - for extracting files from winmail.dat mail messages (files named winmail.dat or ATT00001.dat).
The remainder are indispensable add-ins for your EPOC32 palmtop. They have been tested on a Psion Series 5, but most should work on the 5mx, 5mx Pro, GeoFox, NetBook, Series 7, Osaris, and Revo or Revo Plus. Some notes are included below on compatibility. The WMDecode program is the only program here for Microsoft Windows, all the others are for EPOC32/Symbian/Psion etc.
They are free for you to download and use. We have put much time into producing these and we would appreciate it very much if you purchased software licenses via RegNet (secure transaction).
--------------------------------------------------------------------------------
WMDecode - get attachments from winmail.dat files on Windows
Download WMDecode.zip (25K) For Windows 95, 98, ME, NT, 2000, XP, Vista etc. Version 1.11
Microsoft Windows version of WinMail.dat decoder - all versions of Windows. Time-limited - expires 28 May 2010.
(Download again from here when it expires. Click this link to get a non-expiring version for only $10. See ReadMe.txt in download).
WMDecode is a utility you can use in conjunction with your e-mail program. When you receive a message from a user with Microsoft Outlook who has sent you a message in Microsoft Outlook RTF format, you will receive the normal message text along with an attached file named 'winmail.dat'. Strictly speaking it's not a Word rich text file and you can't use Word to read it.
The winmail.dat file contains a formatted version of the message (which this program ignores) and any attached files. WMDecode will scan the selected winmail.dat file for attachments and save them individually, defaulting to the original (long) filename.
WMDecode is easy to use. To install, copy the file WMDecode.exe to your desktop. To use, just drag/drop a WINMAIL.DAT file from your Desktop or file-folder onto it to retrieve the attached files.
HELP!! For a full User Guide Please Click Here. Download HTML Help guide from here HTMLHelp.chm.
Note - if you use Microsoft Outlook Express and receive a message from an Outlook user which should have an attachment but appears to be missing then it may be still there. Just drag the email itself from Outlook Express to the desktop, then drag it again onto WMDecode.exe. Attachments will then be searched for - easy!
(This is a new feature in Version 1.11 - If you are a registered user then please email me and I can arrange for you to have it emailed to you).
--------------------------------------------------------------------------------
DownCount - Word and Number Game V1.07 Pocket Brain Exerciser!
DownCount.zip (56K) For EPOC32/Psion/Symbian WITH ROM DICTIONARY - e.g. Series 5,5mx & 7
DownCountR.zip (56K) For EPOC32/Psion/Symbian WITH RAM DICTIONARY - e.g. Revo, Revo+ or Mako
DownCount will test your word and number skills. You will need to think quickly to get a good score. Resemblances to a TV quiz game of a similar name are purely coincidental!
To install DownCount run the SIS file in the zip archive.
NOTE: If you have a Revo (or other EPOC32 without built-in dictionary), ensure that the Spell application on the Revo CD-ROM is installed first, and that you are installing the correct version of DownCount- DownCountR.sis (otherwise DownCount AND Spell may not work).
There are 9 rounds in a game:
3 Word rounds
1 Number round
3 Word rounds
1 Number round
1 Conundrum round
You can pick a game difficulty of 'Easy' which gives you double the time to play each round.
The Word Round Each round is in two stages. In the first for the Word round, select 9 letters using the Vowel or Consonant buttons. You have up to 30 seconds to do this from selecting the first letter. After the last letter is selected the next stage starts and you then have 30 seconds to make the longest word you can out of your chosen letters. When the 30 seconds is over, your answers are checked against the dictionary and scored. Then the computer works out any alternatives for you to see how much better you could have done.
The Number Round In the first stage for the Number round, select 6 numbers using the '25/75/100' or '1-10' buttons. You have up to 30 seconds to do this from selecting the first number. After the last number is selected the next stage starts and you are shown the target number to reach. You then have 30 seconds to enter an arithmetic expression using chosen numbers only once to make a sum as close as possible to the target. You can use the screen buttons to enter a number, the number keys and the symbols ×÷+-(). You can enter more than one answer by pressing the Enter key and the best scoring answer will be chosen at the end of the round. When the 30 seconds is over, your answers are checked against the target number and scored. Then the computer works out any alternatives - the computer plays a mean number round!
The Conundrum Round Press Enter to start the Conundrum round. The computer selects a 9 letter word and randomly orders its letters. You then have 30 seconds to make a 9 letter word out of those letters. When the 30 seconds is over, your answers are checked against the dictionary and scored. Then the computer works out any alternatives.
Enjoy the game!
--------------------------------------------------------------------------------
WinMail.zip (7K) For EPOC32/Psion/Symbian Operating System Only, Not Windows (see above download).
WinMail - Extract attachments from winmail.dat files V1.04 Extracts even more file 'types'.
A program which extracts attachments from the WINMAIL.DAT file sent by Microsoft Outlook with Rich Text Format messages.
This program is a utility you can use in conjunction with the Psion/Symbian e-mail program. When you receive a message from a user who has 'mistakenly' sent you a message in Outlook RTF format, you will receive the normal message text along with an attached file named 'winmail.dat'. Strictly speaking it's not a Word rich text file and you can't use Word to read it, it's a format called TNEF.
This winmail.dat file contains a formatted version of the message (which this program ignores) and any attached files. Save the winmail.dat file to any folder and then run this program. It will scan the selected winmail.dat file for attachments and prompt you to save them individually, defaulting to the original (long) filename.
--------------------------------------------------------------------------------
Anagram.zip (9K)
Anagram - Anagram Generator V1.1 Released as SIS file, Symbian UID. Some bug fixes for longer phrases. [ Revo users - please install the Psion Spell checker from your CD and then install this file instead: AnagramRevo.zip ]
This program 'discovers' multi-word anagrams. Enter your word or words in the top box. Extra spaces are removed and the words are converted to lower case. Press Enter and the program will use the computer's dictionary to work out a multi-word anagram. E.G. enter the word 'orchestra' and you will get a list of anagrams including 'cart horse'.
Various options include minimum word lengths and one letter words.
--------------------------------------------------------------------------------
FivePlay.zip (16K)
FivePlay - Mobile Music Sound Player V1.3 Added Revo compatibility
Lets you play selected multiple sound files in a sequence. It's a bit like an MP3 player, only it uses native EPOC32 format sound files. (Why create an MP3 player for the Series 5 when the speaker cannot reproduce MP3 quality and MP3 files are larger anyway?) FivePlay lets you set up PlayLists which play your audio tracks in the order you want them.
A 4 minute track takes up 2Mb, so to make this a practical proposition you really need a big CF disk to store an 'Album'. Many PC programs are available which 'rip' CD tracks and export then to WAV files - you can then use PsiWin to covert and copy them to the Series 5. I find that it's useful to approximately double the volume of the sound file before transferring it. Playing sound takes some current though, so you do need to watch your battery life.
--------------------------------------------------------------------------------
Play.zip (16K)
Play - Sound File Player for the Revo V1.01
The Series 5/mx and others have 'Record' for recording and playing sound files. Although there's no microphone on the Revo, it can still play sound files. Play lets you play a sound file. It uses native Psion format sound files. Download sound files from the web or convert them using PsiWin. INSTALL ON REVO ONLY - MAKES SOUND FILES OPEN BY CLICKING ON THEM.
source : http://www.biblet.freeserve.co.uk/
what is winmail .dat email file ?
Dealing with the winmail.dat file: the problem and the solutions
The Problem
Email users sometimes find that they receive email messages with a strange file attached, called winmail.dat. When they attempt to open this file, either it can't be opened at all, or it contains "garbage" data.
The situation causing this is that people are using several different email client programs to receive, read, and send email. The most commonly used email client programs at GPC seem to be Microsoft Outlook and Netscape (specifically the Messenger component), with a small minority of techno-geeks using Eudora. Unfortunately, Outlook does not "play nice" with the other email programs all the time. This causes problems, not for the sender of the email, but the recipient, particularly when actual files are attached to messages.
Outlook97/2000
Outlook is a rather powerful email client program with a number of features that look very attractive. Most notably, Outlook allows users to send email in a variety of formats:
as plain vanilla text with no formatting
in Rich Text Format, which allows for a limited amount of formatting, such as boldface/italic/underlined text or different fonts
formatted with the HTML formatting language so that it appears (sort of) like a web page
formatted as a Microsoft Word document.
It's these formatting options that cause the problems.
When an Outlook user composes and sends a message using either Rich Text Format or HTML Format, Outlook automagically generates a file, winmail.dat, and attaches it to the end of the message. winmail.dat contains formatting information, in a human-unreadable form, that Outlook will use on the receiving end to display this email message correctly. Unfortunately, Outlook is the ONLY email client program that can use this information! Netscape Messenger, Eudora*, and other email client programs don't understand this information.
The Solutions
If you are receiving these winmail.dat files
I assume at this point that you are not using Microsoft Outlook as your email client program, since this wouldn't be a problem if you were using it.
One solution to the problem is to visit http://www.biblet.com and download the WMDecode program found there (look about halfway down the page). This will at least allow you to decode the winmail.dat files and extract any useful attachments from them.
Other than this, there's not much you can do on your end to fix the problem, since it's not your email program generating the problem. If you just don't want to deal with the problem, the other approach is to reply to the individual who sent you the offending email and ask that they re-send the message, with the attached files, as a plain text message, not in Rich Text Format or HTML. If they don't know how to do this, you can, of course, refer them to this document!
If you are sending these winmail.dat files
If someone emails you to complain that they couldn't read your attachments, or to ask what this "winmail.dat" file is that you sent them, chances are you sent this email using Microsoft Outlook 97/2000 (or, very remotely possibly, another product using Microsoft Exchange Server). Although you are not the one having the problem, you are the one who gets to fix the problem.
You have multiple possible ways to fix the problem, depending on how you have set up your address book capabilities and whether or not you are using a mailing list or group mailing to send out the offending email. Please read the remainder of this section before you begin making changes to your settings, as there are two special situations, discussed first, that you must consider before choosing the appropriate solution.
Special Situations
If you are sending messages to a mailing list or as a group mailing
In this situation, you MUST set ALL users up so that they receive plain text email. If even one user is set up in your address book, or your default setting is to receive Rich Text Format or HTML format email, everyone will receive that format. You must either edit every address book entry for every individual on your mailing list, or change your default sending mode to plain text. Both methods are described below.
If you use an online directory (LDAP server) to look up the recipient's address
In this situation, you have no address book entry to edit, so you may either change your default sending mode to plain text or change the sending mode manually for each message.
Solution details
If the recipient is in your address book
Open up your Outlook Address Book, either by clicking on the Address Book icon or by choosing Tools->Address BookSelect the recipient's entry in your address book and open up their Properties, either by clicking on the Properties button or double- clicking on the recipient's entry.
Select the "Name" tab in the Properties dialog window.
Check the box at the bottom of the window that says "Send email using plain text only".
Click the "OK" button.
If you enter the recipient's address manually in the To: line of your email message
EACH TIME you send a message to this person, you must:
Create a new email message as you normally would, but before sending it,
Choose Format->Plain Text from the menu bar.
Now send your message.
If you want to change your default sending mode
You may change your default sending mode in Outlook, thereby sending all email messages as plain text, by doing the following:
Select Tools->Options from the Outlook menu bar.
Select the "Mail Format" tab in the dialog window.
In the first drop-down list, under the "Message Format" heading, select Plain Text
Click the "OK" button.
source : http://facstaff.gpc.edu/~jbenson/resource/winmail.htm
The Problem
Email users sometimes find that they receive email messages with a strange file attached, called winmail.dat. When they attempt to open this file, either it can't be opened at all, or it contains "garbage" data.
The situation causing this is that people are using several different email client programs to receive, read, and send email. The most commonly used email client programs at GPC seem to be Microsoft Outlook and Netscape (specifically the Messenger component), with a small minority of techno-geeks using Eudora. Unfortunately, Outlook does not "play nice" with the other email programs all the time. This causes problems, not for the sender of the email, but the recipient, particularly when actual files are attached to messages.
Outlook97/2000
Outlook is a rather powerful email client program with a number of features that look very attractive. Most notably, Outlook allows users to send email in a variety of formats:
as plain vanilla text with no formatting
in Rich Text Format, which allows for a limited amount of formatting, such as boldface/italic/underlined text or different fonts
formatted with the HTML formatting language so that it appears (sort of) like a web page
formatted as a Microsoft Word document.
It's these formatting options that cause the problems.
When an Outlook user composes and sends a message using either Rich Text Format or HTML Format, Outlook automagically generates a file, winmail.dat, and attaches it to the end of the message. winmail.dat contains formatting information, in a human-unreadable form, that Outlook will use on the receiving end to display this email message correctly. Unfortunately, Outlook is the ONLY email client program that can use this information! Netscape Messenger, Eudora*, and other email client programs don't understand this information.
The Solutions
If you are receiving these winmail.dat files
I assume at this point that you are not using Microsoft Outlook as your email client program, since this wouldn't be a problem if you were using it.
One solution to the problem is to visit http://www.biblet.com and download the WMDecode program found there (look about halfway down the page). This will at least allow you to decode the winmail.dat files and extract any useful attachments from them.
Other than this, there's not much you can do on your end to fix the problem, since it's not your email program generating the problem. If you just don't want to deal with the problem, the other approach is to reply to the individual who sent you the offending email and ask that they re-send the message, with the attached files, as a plain text message, not in Rich Text Format or HTML. If they don't know how to do this, you can, of course, refer them to this document!
If you are sending these winmail.dat files
If someone emails you to complain that they couldn't read your attachments, or to ask what this "winmail.dat" file is that you sent them, chances are you sent this email using Microsoft Outlook 97/2000 (or, very remotely possibly, another product using Microsoft Exchange Server). Although you are not the one having the problem, you are the one who gets to fix the problem.
You have multiple possible ways to fix the problem, depending on how you have set up your address book capabilities and whether or not you are using a mailing list or group mailing to send out the offending email. Please read the remainder of this section before you begin making changes to your settings, as there are two special situations, discussed first, that you must consider before choosing the appropriate solution.
Special Situations
If you are sending messages to a mailing list or as a group mailing
In this situation, you MUST set ALL users up so that they receive plain text email. If even one user is set up in your address book, or your default setting is to receive Rich Text Format or HTML format email, everyone will receive that format. You must either edit every address book entry for every individual on your mailing list, or change your default sending mode to plain text. Both methods are described below.
If you use an online directory (LDAP server) to look up the recipient's address
In this situation, you have no address book entry to edit, so you may either change your default sending mode to plain text or change the sending mode manually for each message.
Solution details
If the recipient is in your address book
Open up your Outlook Address Book, either by clicking on the Address Book icon or by choosing Tools->Address BookSelect the recipient's entry in your address book and open up their Properties, either by clicking on the Properties button or double- clicking on the recipient's entry.
Select the "Name" tab in the Properties dialog window.
Check the box at the bottom of the window that says "Send email using plain text only".
Click the "OK" button.
If you enter the recipient's address manually in the To: line of your email message
EACH TIME you send a message to this person, you must:
Create a new email message as you normally would, but before sending it,
Choose Format->Plain Text from the menu bar.
Now send your message.
If you want to change your default sending mode
You may change your default sending mode in Outlook, thereby sending all email messages as plain text, by doing the following:
Select Tools->Options from the Outlook menu bar.
Select the "Mail Format" tab in the dialog window.
In the first drop-down list, under the "Message Format" heading, select Plain Text
Click the "OK" button.
source : http://facstaff.gpc.edu/~jbenson/resource/winmail.htm
Setting Alarm sensor, cara hubungkan alarm ke line telepon
Berikut sedikit ringkasan cara setting alarm
MENGENAL LAMPU INDIKATOR
- lampu 1 : pintu terbuka (lampu off)
- lampu 2 : status sensor
- lampu main : jika ada listrik (on)
- lampu batery : jika aktif (on) tahan sampai 8 jam
- lampu trouble : (on) jika terjadi masalah line telepon mati/ listrik mati , untuk mengecek apakah kondisi normal tekan Memori --> Enter , jika status lampu trouble masih menyala sedangkan semua perangkat line telepon dan listrik sudah normal maka segera call vendor
CARA HIDUPKAN ALARM
saat mau meninggalkan ruangan dan ingin mengihidupkan alarm
Tekan PASSKEY contoh : 123 --> enter (tunggu 30 detik, merupakan jeda waktu untuk meninggalkan ruangan sebelum alarm aktif)
CARA MEMATIKAN ALARM
ketika alarm bunyi, mematikannya
Tekan PASSKEY --> enter
MENGUBAH PASSKEY
- Tekan Program isi PASSKEY --> ENTER --> PROGRAM --> 1 --> ENTER --> 1 --> ENTER ISI PASSKEY BARU
- keluar menu PROGRAM --> ENTER
MEMASUKKAN NO TELEPON YANG OTOMATIS DIAL SAAT ALARM BUNYI
(maksimal 4 line telepon yang bisa diisi)
- Tekan PROGRAM --> PASSKEY --> ENTER --> PROGRAM --> 181 -->ENTER
Tekan 1 --> ISI NO TELEPON PERTAMA --> ENTER
untuk isi no telepon kedua .. dan seterusnya
PROGRAM --> 181 -->ENTER
Tekan 2 --> ISI NO TELEPON KEDUA --> ENTER
No telepon baru bisa langsung ditimpa ke nomor yang lama
GANTI TIMER EXIT DELAY
(waktu yang dibutuhkan untuk tinggalkan ruangan sebelum SENSOR MENYALA)
- tekan PROGRAM --> 000000 --> lampu program nantinya akan berkedip --> ISIKAN EXIT DELAY DALAM SATUAN DETIK contoh 30
GANTI TIMER ENTRY DELAY
(waktu yang dibutuhkan SENSOR untuk membunyikan alarm setelah mendeteksi panas dan gerakan )
- tekan PROGRAM --> 60 --> ENTER --> 1 --> ENTER
ubah / isi entri delay yang diinginkan salam detik, contoh 10
untuk zona sensor yang TERGANTUNG jumlah sensor maka waktu yang disetting disarankan sama jika masih dalam satu ruangan, zona sensor ini maksimal sampai 8
SETTING TIMER ZONA ENTRI DELAY
- tekan PROGRAM --> 144 --> ENTER --> 1 --> ENTER --> UBAH WAKTU zona 1 DALAM DETIK contoh 10
untuk zona 2
- tekan PROGRAM --> 144 --> ENTER --> 2 --> ENTER --> UBAH WAKTU zona 2 DALAM DETIK contoh 10
SETIAP AKHIRI KEGIATAN TEKAN PROGRAM --> ENTER
MENGENAL LAMPU INDIKATOR
- lampu 1 : pintu terbuka (lampu off)
- lampu 2 : status sensor
- lampu main : jika ada listrik (on)
- lampu batery : jika aktif (on) tahan sampai 8 jam
- lampu trouble : (on) jika terjadi masalah line telepon mati/ listrik mati , untuk mengecek apakah kondisi normal tekan Memori --> Enter , jika status lampu trouble masih menyala sedangkan semua perangkat line telepon dan listrik sudah normal maka segera call vendor
CARA HIDUPKAN ALARM
saat mau meninggalkan ruangan dan ingin mengihidupkan alarm
Tekan PASSKEY contoh : 123 --> enter (tunggu 30 detik, merupakan jeda waktu untuk meninggalkan ruangan sebelum alarm aktif)
CARA MEMATIKAN ALARM
ketika alarm bunyi, mematikannya
Tekan PASSKEY --> enter
MENGUBAH PASSKEY
- Tekan Program isi PASSKEY --> ENTER --> PROGRAM --> 1 --> ENTER --> 1 --> ENTER ISI PASSKEY BARU
- keluar menu PROGRAM --> ENTER
MEMASUKKAN NO TELEPON YANG OTOMATIS DIAL SAAT ALARM BUNYI
(maksimal 4 line telepon yang bisa diisi)
- Tekan PROGRAM --> PASSKEY --> ENTER --> PROGRAM --> 181 -->ENTER
Tekan 1 --> ISI NO TELEPON PERTAMA --> ENTER
untuk isi no telepon kedua .. dan seterusnya
PROGRAM --> 181 -->ENTER
Tekan 2 --> ISI NO TELEPON KEDUA --> ENTER
No telepon baru bisa langsung ditimpa ke nomor yang lama
GANTI TIMER EXIT DELAY
(waktu yang dibutuhkan untuk tinggalkan ruangan sebelum SENSOR MENYALA)
- tekan PROGRAM --> 000000 --> lampu program nantinya akan berkedip --> ISIKAN EXIT DELAY DALAM SATUAN DETIK contoh 30
GANTI TIMER ENTRY DELAY
(waktu yang dibutuhkan SENSOR untuk membunyikan alarm setelah mendeteksi panas dan gerakan )
- tekan PROGRAM --> 60 --> ENTER --> 1 --> ENTER
ubah / isi entri delay yang diinginkan salam detik, contoh 10
untuk zona sensor yang TERGANTUNG jumlah sensor maka waktu yang disetting disarankan sama jika masih dalam satu ruangan, zona sensor ini maksimal sampai 8
SETTING TIMER ZONA ENTRI DELAY
- tekan PROGRAM --> 144 --> ENTER --> 1 --> ENTER --> UBAH WAKTU zona 1 DALAM DETIK contoh 10
untuk zona 2
- tekan PROGRAM --> 144 --> ENTER --> 2 --> ENTER --> UBAH WAKTU zona 2 DALAM DETIK contoh 10
SETIAP AKHIRI KEGIATAN TEKAN PROGRAM --> ENTER
How to Setup Automatic Email Forwarding from Live Mail to Another Mail Account?
How to Setup Automatic Email Forwarding from Live Mail to Another Mail Account?
If you are new here, Subscribe to Full Feeds or by Email or follow us in Twitter and receive free daily updates on Office and Windows Tips, Tricks and Tweaks..
This post is part of the series, How to Access and Link Different Live IDs into One Account and Effectively Use It? and also explain how you can set up to automatically forward emails from a Live account to another email account
Previously in this series, How to Link Different Live IDs into One Account?
Forward the emails from all other linked accounts to one main account that you use most often. By this way you need not switch back and forth to check your mails and you will know when a mail arrives.
So how to setup automatic email forwarding in Live Account?
To forward the emails from an account to another, click on Options and then More Options. Under the title Manage your account, click Forward email to another email account. Select the option Forward your mail to another e-mail address and list the email address where you want the mail to be forwarded. Click Save. Accept the confirmation email and all the emails will now be forwarded to the main account.
(Note: 1. All forwarded mail will be deleted from the current account as you have the copy in the forwarded account, 2) Login at least once in 120 days to avoid deletion of account)
!Important!: You may have to lower the junk filter options as the junk emails will not be forwarded. So set the junk filter option to low in the account from where the mails are forwarded and set it to the desired level in your main account. Now the junk mails will be filtered in the main account. You can change the junk filter options under, Options -> More Options -> Filters and Reporting -> Choose a Junk Email Filter. Select the option Low and Save.
Next in this series, How to group incoming emails from different accounts into custom folders?
source : http://www.lytebyte.com/2008/03/13/how-to-setup-automatic-email-forwarding-from-live-mail-to-another-mail-account/
If you are new here, Subscribe to Full Feeds or by Email or follow us in Twitter and receive free daily updates on Office and Windows Tips, Tricks and Tweaks..
This post is part of the series, How to Access and Link Different Live IDs into One Account and Effectively Use It? and also explain how you can set up to automatically forward emails from a Live account to another email account
Previously in this series, How to Link Different Live IDs into One Account?
Forward the emails from all other linked accounts to one main account that you use most often. By this way you need not switch back and forth to check your mails and you will know when a mail arrives.
So how to setup automatic email forwarding in Live Account?
To forward the emails from an account to another, click on Options and then More Options. Under the title Manage your account, click Forward email to another email account. Select the option Forward your mail to another e-mail address and list the email address where you want the mail to be forwarded. Click Save. Accept the confirmation email and all the emails will now be forwarded to the main account.
(Note: 1. All forwarded mail will be deleted from the current account as you have the copy in the forwarded account, 2) Login at least once in 120 days to avoid deletion of account)
!Important!: You may have to lower the junk filter options as the junk emails will not be forwarded. So set the junk filter option to low in the account from where the mails are forwarded and set it to the desired level in your main account. Now the junk mails will be filtered in the main account. You can change the junk filter options under, Options -> More Options -> Filters and Reporting -> Choose a Junk Email Filter. Select the option Low and Save.
Next in this series, How to group incoming emails from different accounts into custom folders?
source : http://www.lytebyte.com/2008/03/13/how-to-setup-automatic-email-forwarding-from-live-mail-to-another-mail-account/
Senin, 21 Juni 2010
how to remove ipconfig.exe trojan on window xp process
Task Manager shows many ipconfig.exe processes running. Spyware, Antivirus scans are clean, What could it be?
I have run all the major free Antivirus, spam and trojan scans and nothing turns up. I tried Microsoft malicous code scanner. What can a person try to stop these runaway processes? At times there are 40-50 ipconfig.exe images running, under the system.
3 years ago
==================================
Best Answer - Chosen by Asker
Hi there,
Here's some detailed information on the malicious file ipconfig.exe:
http://spywarefiles.prevx.com/RRDAHJ8511…
The best and easiest way to remove this is by installing the Free Trial of Prevx1. This will scan your PC and remove this and any other infections free of charge.
Source(s):
http://www.prevx.com
source : http://answers.yahoo.com/question/index?qid=20070123110732AAqG8WX
I have run all the major free Antivirus, spam and trojan scans and nothing turns up. I tried Microsoft malicous code scanner. What can a person try to stop these runaway processes? At times there are 40-50 ipconfig.exe images running, under the system.
3 years ago
==================================
Best Answer - Chosen by Asker
Hi there,
Here's some detailed information on the malicious file ipconfig.exe:
http://spywarefiles.prevx.com/RRDAHJ8511…
The best and easiest way to remove this is by installing the Free Trial of Prevx1. This will scan your PC and remove this and any other infections free of charge.
Source(s):
http://www.prevx.com
source : http://answers.yahoo.com/question/index?qid=20070123110732AAqG8WX
Jumat, 18 Juni 2010
Can't create restore point win xp , turned off by group policy
Symptoms
System Restore tab may be missing in My Computer Properties. Also, when you start System Restore (rstrui.exe), you receive this message:
"System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator."
-or-
System Restore Properties page says disabled by Group Policy
Note: For a Windows Vista version of this article, see Restore point creation disabled by Group Policy.
Resolution
1. Click Start, Run and type regedit.exe and press Enter
2. Navigate to the following key:
HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore
In the right-pane:
•Delete the value DisableConfig
•Delete the value DisableSR
3. Exit the Registry Editor.
In Windows XP Professional, you can accomplish the above using Group Policy Editor as well.
1. Click Start, Run and type GPEDIT.MSC
2. Navigate to this path:
-> Computer Configuration
--> Administrative Templates
---> System
----> System Restore
3. Set Turn off System Restore to Not Configured
4. Set Turn off Configuration to Not Configured
More Information
Turn off System Restore corresponds to DisableSR registry value. With this Policy is turned ON, the System Restore tab may be missing in My Computer Properties. Also, when you run System Restore (rstrui.exe), you receive this message:
System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator.
Turn off Configuration corresponds to DisableConfig registry value. With this Policy turned ON, the System Restore tab will remain displayed but the user cannot configure the SR options. It reads disabled by Group Policy.
source : http://windowsxp.mvps.org/srpolicy.htm
System Restore tab may be missing in My Computer Properties. Also, when you start System Restore (rstrui.exe), you receive this message:
"System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator."
-or-
System Restore Properties page says disabled by Group Policy
Note: For a Windows Vista version of this article, see Restore point creation disabled by Group Policy.
Resolution
1. Click Start, Run and type regedit.exe and press Enter
2. Navigate to the following key:
HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore
In the right-pane:
•Delete the value DisableConfig
•Delete the value DisableSR
3. Exit the Registry Editor.
In Windows XP Professional, you can accomplish the above using Group Policy Editor as well.
1. Click Start, Run and type GPEDIT.MSC
2. Navigate to this path:
-> Computer Configuration
--> Administrative Templates
---> System
----> System Restore
3. Set Turn off System Restore to Not Configured
4. Set Turn off Configuration to Not Configured
More Information
Turn off System Restore corresponds to DisableSR registry value. With this Policy is turned ON, the System Restore tab may be missing in My Computer Properties. Also, when you run System Restore (rstrui.exe), you receive this message:
System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator.
Turn off Configuration corresponds to DisableConfig registry value. With this Policy turned ON, the System Restore tab will remain displayed but the user cannot configure the SR options. It reads disabled by Group Policy.
source : http://windowsxp.mvps.org/srpolicy.htm
NTLDR missing on windows xp , how to repair
How to Repair the Boot Sector:
If XP won't start it may be due to a damaged boot sector or a missing or corrupt ntldr or ntdetect.com files.
To replace damaged ntldr and ntdetect.com you can copy fresh files from the XP CD using the COPY command. Boot with the XP CD and enter the Recovery Console (as above). At the Command Prompt type the following (where "X" is your CD-Rom drive letter) allowing the files to overwrite the old files
COPY X:\i386\NTLDR C:
COPY X:\i386\NTDETECT.COM C:
Full source : http://www.webtree.ca/windowsxp/repair_xp.htm
If XP won't start it may be due to a damaged boot sector or a missing or corrupt ntldr or ntdetect.com files.
To replace damaged ntldr and ntdetect.com you can copy fresh files from the XP CD using the COPY command. Boot with the XP CD and enter the Recovery Console (as above). At the Command Prompt type the following (where "X" is your CD-Rom drive letter) allowing the files to overwrite the old files
COPY X:\i386\NTLDR C:
COPY X:\i386\NTDETECT.COM C:
Full source : http://www.webtree.ca/windowsxp/repair_xp.htm
Masalah Invalid boot.ini
5. Initializing Boot Menu. Pada tahap ini file boot.ini akan menampilkan menu boot, atau dalam kondisi default user secara otomatis memilih Windows XP. Kegagalan dalam tahap ini adalah tidakk ditemukannya file boot.ini dengan pesan error "Invalid boot.ini". Solusinya adalah dengan memperbaiki sektor boot. Caranya masuk ke dalam recovery console (booting dengan menggunakan CD Instalasi Windows) dan ketikkan bootcfg /rebuild.
source : http://www.kucinghitam.co.cc/2009/07/masalah-yang-biasa-terjadi-pada-windows.html
source : http://www.kucinghitam.co.cc/2009/07/masalah-yang-biasa-terjadi-pada-windows.html
Invalid Boot.ini or Windows could not start error messages when you start your computer
SYMPTOMS
When you start your computer after you upgrade to Microsoft Windows XP, you may...When you start your computer after you upgrade to Microsoft Windows XP, you may receive one or both of the following error messages:
Invalid Boot.ini
Windows could not start because the following file is missing or corrupt:
Windows\System32\Hal.dll
Back to the top
CAUSEThis issue may occur if the Boot.ini file is missing, damaged, or contains incor...This issue may occur if the Boot.ini file is missing, damaged, or contains incorrect entries.
Back to the top
RESOLUTIONTo resolve this issue, start the computer from the Windows XP CD, start the Reco...To resolve this issue, start the computer from the Windows XP CD, start the Recovery Console, and then use the Bootcfg.exe tool to rebuild the Boot.ini file. To do this, follow these steps:
Configure the computer to start from the CD-ROM or DVD-ROM drive. For information about how to do this, see your computer documentation, or contact your computer manufacturer.
Insert the Windows XP CD-ROM into your CD-ROM or DVD-ROM drive, and then restart your computer.
When you receive the "Press any key to boot from CD" message, press a key to start your computer from the Windows XP CD-ROM.
When you receive the "Welcome to Setup" message, press R to start the Recovery Console.
If you have a dual-boot or multiple-boot computer, select the installation that you have to use from the Recovery Console.
When you are prompted, type the administrator password, and then press ENTER.
At the command prompt, type bootcfg /list, and then press ENTER. The entries in your current Boot.ini file appear on the screen.
At the command prompt, type bootcfg /rebuild, and then press ENTER. This command scans the hard disks of the computer for Windows XP, Microsoft Windows 2000, or Microsoft Windows NT installations, and then displays the results. Follow the instructions that appear on the screen to add the Windows installations to the Boot.ini file. For example, follow these steps to add a Windows XP installation to the Boot.ini file:
When you receive a message that is similar to the following message, press Y:
Total Identified Windows Installs: 1
[1] C:\Windows
Add installation to boot list? (Yes/No/All)
You receive a message that is similar to the following message:
Enter Load Identifier
This is the name of the operating system. When you receive this message, type the name of your operating system, and then press ENTER. This is either Microsoft Windows XP Professional or Microsoft Windows XP Home Edition.
You receive a message that is similar to the following:
Enter OS Load options
When you receive this message, type /fastdetect, and then press ENTER.
Note The instructions that appear on your screen may be different, depending on the configuration of your computer.
Type exit, and then press ENTER to quit Recovery Console. Your computer restarts, and the updated boot list appears when you receive the "Please select the operating system to start" message.
source : http://support.microsoft.com/kb/330184
When you start your computer after you upgrade to Microsoft Windows XP, you may...When you start your computer after you upgrade to Microsoft Windows XP, you may receive one or both of the following error messages:
Invalid Boot.ini
Windows could not start because the following file is missing or corrupt:
Windows\System32\Hal.dll
Back to the top
CAUSEThis issue may occur if the Boot.ini file is missing, damaged, or contains incor...This issue may occur if the Boot.ini file is missing, damaged, or contains incorrect entries.
Back to the top
RESOLUTIONTo resolve this issue, start the computer from the Windows XP CD, start the Reco...To resolve this issue, start the computer from the Windows XP CD, start the Recovery Console, and then use the Bootcfg.exe tool to rebuild the Boot.ini file. To do this, follow these steps:
Configure the computer to start from the CD-ROM or DVD-ROM drive. For information about how to do this, see your computer documentation, or contact your computer manufacturer.
Insert the Windows XP CD-ROM into your CD-ROM or DVD-ROM drive, and then restart your computer.
When you receive the "Press any key to boot from CD" message, press a key to start your computer from the Windows XP CD-ROM.
When you receive the "Welcome to Setup" message, press R to start the Recovery Console.
If you have a dual-boot or multiple-boot computer, select the installation that you have to use from the Recovery Console.
When you are prompted, type the administrator password, and then press ENTER.
At the command prompt, type bootcfg /list, and then press ENTER. The entries in your current Boot.ini file appear on the screen.
At the command prompt, type bootcfg /rebuild, and then press ENTER. This command scans the hard disks of the computer for Windows XP, Microsoft Windows 2000, or Microsoft Windows NT installations, and then displays the results. Follow the instructions that appear on the screen to add the Windows installations to the Boot.ini file. For example, follow these steps to add a Windows XP installation to the Boot.ini file:
When you receive a message that is similar to the following message, press Y:
Total Identified Windows Installs: 1
[1] C:\Windows
Add installation to boot list? (Yes/No/All)
You receive a message that is similar to the following message:
Enter Load Identifier
This is the name of the operating system. When you receive this message, type the name of your operating system, and then press ENTER. This is either Microsoft Windows XP Professional or Microsoft Windows XP Home Edition.
You receive a message that is similar to the following:
Enter OS Load options
When you receive this message, type /fastdetect, and then press ENTER.
Note The instructions that appear on your screen may be different, depending on the configuration of your computer.
Type exit, and then press ENTER to quit Recovery Console. Your computer restarts, and the updated boot list appears when you receive the "Please select the operating system to start" message.
source : http://support.microsoft.com/kb/330184
Jumat, 11 Juni 2010
How to configure Network Address Translation in Windows Server 2003
Prerequisites
To configure the Routing and Remote Access and the Network Address Translation components, your computer must have at least two network interfaces: one connected to the Internet and the other one connected to the internal network. You must also configure the network translation computer to use Transport Control Protocol/Internet Protocol (TCP/IP).
If you use dial-up devices such as a modem or an Integrated Services Digital Network (ISDN) adapter to connect to the Internet, install your dial-up device before you configure Routing and Remote Access.
Use the following data to configure the TCP/IP address of the network adapter that connects to the internal network:
TCP/IP address: 192.168.0.1
Subnet mask: 255.255.255.0
No default gateway
Domain Name System (DNS) server: provided by your Internet service provider (ISP)
Windows Internet Name Service (WINS) server: provided by your ISP
Use the following data to configure the TCP/IP address of the network adapter that connects to the external network:
TCP/IP address: provided by your ISP
subnet mask: provided by your ISP
default gateway: provided by your ISP
DNS server: provided by your ISP
WINS server: provided by your ISP
Before you continue, verify that all your network cards or all your dial-up adapters are functioning correctly.
Configure Routing and Remote Access
To activate Routing and Remote Access, follow these steps:
Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
Right-click your server, and then click Configure and Enable Routing and Remote Access.
In the Routing and Remote Access Setup Wizard, click Next, click Network address translation (NAT), and then click Next.
Click Use this public interface to connect to the Internet, and then click the network adapter that is connected to the Internet. At this stage you have the option to reduce the risk of unauthorized access to your network. To do so, click to select the Enable security on the selected interface by setting up Basic Firewall check box.
Examine the selected options in the Summary box, and then click Finish.
Configure dynamic IP address assignment for private network clients
You can configure your Network Address Translation computer to act as a Dynamic Host Configuration Protocol (DHCP) server for computers on your internal network. To do so, follow these steps:
Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
Expand your server node, and then expand IP Routing.
Right-click NAT/Basic Firewall, and then click Properties.
In the NAT/Basic Firewall Properties dialog box, click the Address Assignment tab.
Click to select the Automatically assign IP addresses by using the DHCP allocator check box. Notice that default private network 192.168.0.0 with the subnet mask of 255.255.0.0 is automatically added in the IP address and the Mask boxes. You can keep the default values, or you can modify these values to suit your network.
If your internal network requires static IP assignment for some computers -- such as for domain controllers or for DNS servers -- exclude those IP addresses from the DHCP pool. To do this, follow these steps:
Click Exclude.
In the Exclude Reserved Addresses dialog box, click Add, type the IP address, and then click OK.
Repeat step b for all addresses that you want to exclude.
Click OK.
Configure name resolution
To configure name resolution, follow these steps:
Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
Right-click NAT/Basic Firewall, and then click Properties.
In the NAT/Basic Firewall Properties dialog box, click the Name Resolution tab.
Click to select the Clients using Domain Name System (DNS) check box. If you use a demand-dial interface to connect to an external DNS server, click to select the Connect to the public network when a name needs to be resolved check box,
Source : http://support.microsoft.com/kb/816581
To configure the Routing and Remote Access and the Network Address Translation components, your computer must have at least two network interfaces: one connected to the Internet and the other one connected to the internal network. You must also configure the network translation computer to use Transport Control Protocol/Internet Protocol (TCP/IP).
If you use dial-up devices such as a modem or an Integrated Services Digital Network (ISDN) adapter to connect to the Internet, install your dial-up device before you configure Routing and Remote Access.
Use the following data to configure the TCP/IP address of the network adapter that connects to the internal network:
TCP/IP address: 192.168.0.1
Subnet mask: 255.255.255.0
No default gateway
Domain Name System (DNS) server: provided by your Internet service provider (ISP)
Windows Internet Name Service (WINS) server: provided by your ISP
Use the following data to configure the TCP/IP address of the network adapter that connects to the external network:
TCP/IP address: provided by your ISP
subnet mask: provided by your ISP
default gateway: provided by your ISP
DNS server: provided by your ISP
WINS server: provided by your ISP
Before you continue, verify that all your network cards or all your dial-up adapters are functioning correctly.
Configure Routing and Remote Access
To activate Routing and Remote Access, follow these steps:
Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
Right-click your server, and then click Configure and Enable Routing and Remote Access.
In the Routing and Remote Access Setup Wizard, click Next, click Network address translation (NAT), and then click Next.
Click Use this public interface to connect to the Internet, and then click the network adapter that is connected to the Internet. At this stage you have the option to reduce the risk of unauthorized access to your network. To do so, click to select the Enable security on the selected interface by setting up Basic Firewall check box.
Examine the selected options in the Summary box, and then click Finish.
Configure dynamic IP address assignment for private network clients
You can configure your Network Address Translation computer to act as a Dynamic Host Configuration Protocol (DHCP) server for computers on your internal network. To do so, follow these steps:
Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
Expand your server node, and then expand IP Routing.
Right-click NAT/Basic Firewall, and then click Properties.
In the NAT/Basic Firewall Properties dialog box, click the Address Assignment tab.
Click to select the Automatically assign IP addresses by using the DHCP allocator check box. Notice that default private network 192.168.0.0 with the subnet mask of 255.255.0.0 is automatically added in the IP address and the Mask boxes. You can keep the default values, or you can modify these values to suit your network.
If your internal network requires static IP assignment for some computers -- such as for domain controllers or for DNS servers -- exclude those IP addresses from the DHCP pool. To do this, follow these steps:
Click Exclude.
In the Exclude Reserved Addresses dialog box, click Add, type the IP address, and then click OK.
Repeat step b for all addresses that you want to exclude.
Click OK.
Configure name resolution
To configure name resolution, follow these steps:
Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
Right-click NAT/Basic Firewall, and then click Properties.
In the NAT/Basic Firewall Properties dialog box, click the Name Resolution tab.
Click to select the Clients using Domain Name System (DNS) check box. If you use a demand-dial interface to connect to an external DNS server, click to select the Connect to the public network when a name needs to be resolved check box,
Source : http://support.microsoft.com/kb/816581
Configuring Windows Server 2003 to act as a NAT router
more years ago than I care to think about, IP addresses were handed out to companies on an indiscriminant basis. As the popularity of the Internet increased, IP addresses soon grew to be a scarce commodity. Internet service providers began to strictly limit the number of IP addresses that they would lease to companies. This presented an interesting challenge. A PC has to have an IP address in order to communicate with the Internet, but there weren’t enough IP addresses left for every PC to be given one. The solution to this problem was a technology called Network Address Translation (NAT). Today, NAT is alive and well, and more popular than ever. In this article, I will explain what NAT is and how you can configure Windows Server 2003 to act as a NAT router.
Published: Nov 17, 2005
Updated: Nov 17, 2005
Section: Articles & Tutorials :: Windows 2003
Author: Brien M. Posey
Printable Version
Adjust font size:
Rating: 3.5/5 - 314 Votes
12345
What is NAT?
So what is NAT? Network Address Translation, or NAT, is a technology that uses a router to share an Internet connection among the PCs on your private network, even though those PCs do not have a valid public IP address. There are both hardware and software NAT routers. In this particular situation, we will be configuring a Windows Server 2003 machine to act as a software based NAT router.
As you probably know, a router’s primary purpose is to regulate traffic flow between two networks, and a NAT router is no exception. The server that you will use as a NAT router must have two network interface cards (NICs) installed. One of these NICs will connect to the Internet and the other will connect to the private network. PCs on the private network will then send HTTP requests to the NAT server via the server’s private network connection. The server will then retransmit the request over the Internet on behalf of the client. When the requested Web site responds, the response is sent to the NAT server, which in turn forwards it to the client who made the original request. The client never communicates across the Internet directly.
IP Addressing Considerations
As I explained in the section above, a NAT router acts as a gateway between your private network and the Internet. The server that is acting as the NAT router must have two NICs. One of the NICs is connected to the Internet. This NIC must be assigned the IP address that was given to you by your Internet Service Provider.
The other NIC connects to your private network. As I mentioned, NAT does not expect you to have valid IP addresses on your private network. Instead, you are basically free to pick an address range at random. There is the off chance that the range that you pick might already be in use by a popular Web site, but I have only seen someone pick an address range that caused problems once. If you want to use an address range that is guaranteed not to interfere with anything on the Internet, you can use the 192.168.x.x address range.
After you pick an address range, I recommend setting up a DHCP server so that it will assign addresses from your chosen address range (the DHCP term for an address range is a scope) to the workstations on your network. You must however statically assign an address to the NIC on the NAT server that connects to your private network. For example, if you chose to use the address range 192.168.1.0 to 192.168.1.99, then you might consider assigning the address 192.168.1.0 to the NAT server. You could then use the 192.168.1.1 to 192.168.1.99 address block as your DHCP scope.
While you are configuring your DHCP server, there are a couple of other considerations that you need to make. As you may know, DHCP allows you to optionally assign a default gateway and a DNS server to workstations along with an IP address. When doing so, you must set the default gateway address to match the private network address that you assigned to your NAT server.
You have a few different options when choosing which DNS server address the DHCP server should assign to the workstations on your network. If you don’t have your own DNS server, then the best thing that you can do is to just use the IP address of your Internet service provider’s DNS server. If your network is running Active Directory though, then you already have a DNS server and you should use its address. It doesn’t matter if your DNS server is authoritative for your domain or not. Simply point the workstations to it. You can then set up a forwarder on the DNS Server so that any unresolved queries get forwarded to your ISP’s DNS server.
The advantage to pointing clients to your own DNS server rather than to your ISP’s DNS server is that doing so will provide your users with better performance. Your DNS server is local, so queries reach the server more quickly than they would reach a remote server. Furthermore, your DNS server has a built in cache so that popular Web sites do not have to be resolved each time a user visits them.
Setting Up NAT
Begin by selecting the Routing and Remote Access command from Windows’ Administrative Tools menu. When you do, Windows will display the Routing and Remote Access console. Locate your server (just below the Server Status). There should be a big red dot to the left of the server, indicating that the server is currently inactive. Now, right click on the server and select the Configure and Enable Routing and Remote Access command from the resulting shortcut menu. When you do, Windows will launch the Routing and Remote Access Server Setup Wizard.
Click Next to bypass the wizard’s Welcome screen. You will now see a screen that’s similar to the one that’s shown in Figure A. This screen allows you to select various configurations for Routing and Remote Access (RRAS). RRAS can be configured to do just about anything that you want, but Microsoft has included several templates to make the configuration process easier for common deployment types. Select the Network Address Translation (NAT) option and click Next.
Figure A: Select the Network Address Translation (NAT) option and click Next
The next screen that you will see, shown in Figure B, is a rather important one to pay attention to. The screen gives you the choice of selecting a network interface that is connected to the external network (usually the Internet) or to select a demand dial interface. In case you are wondering, demand dial is a feature that allows Windows to establish a dial-up connection when ever external connectivity is needed. For the purpose of this article, I am assuming that you have a broadband connection to the Internet. Additionally, I am assuming that the NIC that the broadband connection comes in through has a static IP address assigned to it. You will have to select that network interface.
Figure B: Select the NIC that connects the server to the outside world
Before you click Next, you should notice that there is a check box that allows you to enable a firewall for the connection. I recommend always selecting this option. The firewall will keep unwanted traffic out of your network. If you need to grant external users access to some service on your network, you have the option of configuring port forwarding to pass packets through the firewall to the desired network resource.
After you enable the RRAS firewall, click Next and you will see a screen asking you to select the network that will have shared Internet access. Although the dialog box uses some weird wording, it is basically just asking you to select the NIC that is attached to your private network. Make your selection, and click Next, followed by Finish to complete the process.
Source : http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Server-2003-act-NAT-router.html
Published: Nov 17, 2005
Updated: Nov 17, 2005
Section: Articles & Tutorials :: Windows 2003
Author: Brien M. Posey
Printable Version
Adjust font size:
Rating: 3.5/5 - 314 Votes
12345
What is NAT?
So what is NAT? Network Address Translation, or NAT, is a technology that uses a router to share an Internet connection among the PCs on your private network, even though those PCs do not have a valid public IP address. There are both hardware and software NAT routers. In this particular situation, we will be configuring a Windows Server 2003 machine to act as a software based NAT router.
As you probably know, a router’s primary purpose is to regulate traffic flow between two networks, and a NAT router is no exception. The server that you will use as a NAT router must have two network interface cards (NICs) installed. One of these NICs will connect to the Internet and the other will connect to the private network. PCs on the private network will then send HTTP requests to the NAT server via the server’s private network connection. The server will then retransmit the request over the Internet on behalf of the client. When the requested Web site responds, the response is sent to the NAT server, which in turn forwards it to the client who made the original request. The client never communicates across the Internet directly.
IP Addressing Considerations
As I explained in the section above, a NAT router acts as a gateway between your private network and the Internet. The server that is acting as the NAT router must have two NICs. One of the NICs is connected to the Internet. This NIC must be assigned the IP address that was given to you by your Internet Service Provider.
The other NIC connects to your private network. As I mentioned, NAT does not expect you to have valid IP addresses on your private network. Instead, you are basically free to pick an address range at random. There is the off chance that the range that you pick might already be in use by a popular Web site, but I have only seen someone pick an address range that caused problems once. If you want to use an address range that is guaranteed not to interfere with anything on the Internet, you can use the 192.168.x.x address range.
After you pick an address range, I recommend setting up a DHCP server so that it will assign addresses from your chosen address range (the DHCP term for an address range is a scope) to the workstations on your network. You must however statically assign an address to the NIC on the NAT server that connects to your private network. For example, if you chose to use the address range 192.168.1.0 to 192.168.1.99, then you might consider assigning the address 192.168.1.0 to the NAT server. You could then use the 192.168.1.1 to 192.168.1.99 address block as your DHCP scope.
While you are configuring your DHCP server, there are a couple of other considerations that you need to make. As you may know, DHCP allows you to optionally assign a default gateway and a DNS server to workstations along with an IP address. When doing so, you must set the default gateway address to match the private network address that you assigned to your NAT server.
You have a few different options when choosing which DNS server address the DHCP server should assign to the workstations on your network. If you don’t have your own DNS server, then the best thing that you can do is to just use the IP address of your Internet service provider’s DNS server. If your network is running Active Directory though, then you already have a DNS server and you should use its address. It doesn’t matter if your DNS server is authoritative for your domain or not. Simply point the workstations to it. You can then set up a forwarder on the DNS Server so that any unresolved queries get forwarded to your ISP’s DNS server.
The advantage to pointing clients to your own DNS server rather than to your ISP’s DNS server is that doing so will provide your users with better performance. Your DNS server is local, so queries reach the server more quickly than they would reach a remote server. Furthermore, your DNS server has a built in cache so that popular Web sites do not have to be resolved each time a user visits them.
Setting Up NAT
Begin by selecting the Routing and Remote Access command from Windows’ Administrative Tools menu. When you do, Windows will display the Routing and Remote Access console. Locate your server (just below the Server Status). There should be a big red dot to the left of the server, indicating that the server is currently inactive. Now, right click on the server and select the Configure and Enable Routing and Remote Access command from the resulting shortcut menu. When you do, Windows will launch the Routing and Remote Access Server Setup Wizard.
Click Next to bypass the wizard’s Welcome screen. You will now see a screen that’s similar to the one that’s shown in Figure A. This screen allows you to select various configurations for Routing and Remote Access (RRAS). RRAS can be configured to do just about anything that you want, but Microsoft has included several templates to make the configuration process easier for common deployment types. Select the Network Address Translation (NAT) option and click Next.
Figure A: Select the Network Address Translation (NAT) option and click Next
The next screen that you will see, shown in Figure B, is a rather important one to pay attention to. The screen gives you the choice of selecting a network interface that is connected to the external network (usually the Internet) or to select a demand dial interface. In case you are wondering, demand dial is a feature that allows Windows to establish a dial-up connection when ever external connectivity is needed. For the purpose of this article, I am assuming that you have a broadband connection to the Internet. Additionally, I am assuming that the NIC that the broadband connection comes in through has a static IP address assigned to it. You will have to select that network interface.
Figure B: Select the NIC that connects the server to the outside world
Before you click Next, you should notice that there is a check box that allows you to enable a firewall for the connection. I recommend always selecting this option. The firewall will keep unwanted traffic out of your network. If you need to grant external users access to some service on your network, you have the option of configuring port forwarding to pass packets through the firewall to the desired network resource.
After you enable the RRAS firewall, click Next and you will see a screen asking you to select the network that will have shared Internet access. Although the dialog box uses some weird wording, it is basically just asking you to select the NIC that is attached to your private network. Make your selection, and click Next, followed by Finish to complete the process.
Source : http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Server-2003-act-NAT-router.html
NAT in Windows 2003: Setup and Configuration
This article will describe how to setup and configure NAT in Windows 2003. NAT, or Network Address Translation, is a widely used IP translation and mapping protocol that works on the network layer (level 3) of the OSI model. It is sometimes referred to as a routing protocol because of the way it allows packets from a private network to be routed to the Internet.
NAT acts as a middle man between the internal and external network; packets coming from the private network are handled by NAT and then transferred to their intended destination.
A single external address is used on the Internet so that the internal IP addresses are not shown. A table is created on the router that lists local and global addresses and uses it as a reference when translating IP addresses.
NAT can work in several ways:
Static NAT
An unregistered IP address is mapped to a registered IP address on a one-to-one basis - which is useful when a device needs to be accessed from outside the network.
Dynamic NAT
An unregistered IP address is mapped to a registered IP address from a group of registered IP addresses. For example, a computer 192.168.10.121 will translate to the first available IP in a range from 212.156.98.100 to 212.156.98.150.
Overloading
A form of dynamic NAT, it maps multiple unregistered IP addresses to a single registered IP address, but in this case uses different ports. For example, IP address 192.168.10.121 will be mapped to 212.56.128.122:port_number (212.56.128.122:1080).
Overlapping
This when addresses in the inside network overlap with addresses in the outside network - the IP addresses are registered on another network too. The router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses.
How NAT works
A table of information about each packet that passes through is maintained by NAT.
When a computer on the network attempts to connect to a website on the Internet:
the header of the source IP address is changed and replaced with the IP address of the NAT computer on the way out
the "destination" IP address is changed (based on the records in the table) back to the specific internal private class IP address in order to reach the computer on the local network on the way back in
Network Address Translation can be used as a basic firewall – the administrator is able to filter out packets to/from certain IP addresses and allow/disallow access to specified ports. It is also a means of saving IP addresses by having one IP address represent a group of computers.
Setting up NAT
To setup NAT you must start by opening the Configure your server wizard in administrative tools and selecting the RRAS/VPN Server role. Now press next and the RRAS setup wizard will open. The screen below shows the Internet Connection screen in which you must specify which type of connection to the Internet and whether or not you want the basic firewall feature to be enabled.
Press next to continue. The installation process will commence and services will be restarted, after which the finish screen will be displayed - showing what actions have taken place.
Configuring NAT
Configuration of NAT takes place from the Routing and Remote Access mmc found in the Administrative Tools folder in the Control Panel or on the start menu.
The screenshot below shows the routing and remote access mmc.
Select which interface you wish to configure and double click it. This will bring up the properties window giving you the option to change settings such as packet filtering and port blocking, as well as enabling/disabling certain features, such as the firewall.
The remote router (set up previously) properties box is shown below. The NAT/Basic Firewall tab is selected.
You are able to select the interface type – to specify what the network connection will be. In my example I have selected for the interface to be a public interface connected to the internet. NAT and the basic firewall option have also been enabled. The inbound and outbound buttons will open a window that will allow you restrict traffic based on IP address or protocol packet attributes. As per your instructions, certain TCP packets will be dropped before they reach the client computer. Thus, making the network safer and giving you more functionality. This is useful if, for example, you wanted to reject all packets coming from a blacklisted IP address or restrict internal users access to port 21 (ftp).
For further firewall configuration, go to the Services and Ports tab. Here you can select which services you would like to provide your users access to. You can also add more services by specifying details such as the incoming and outgoing port number.
The list of services shown in the above screenshot are preset. Press Add to bring up the window that will allow the creation of a new service or select an available service and press Edit to modify that service. You will be asked to specify the name, TCP and UDP port number and the IP address of the computer hosting that service.
If the services in the list aren’t enabled then any client computer on the Windows 2003 domain will not be able to access that specific service. For example, if the computer was configured as shown in the image above and a client computer tried to connect to an ftp site, he would be refused access. This section can prove to be very useful for any sized networks, but especially small ones.
That concludes this article. As you have seen, Network Address Translation is a useful feature that adds diversity and security to a network in a small to medium sized company. With the advent, and implementation, of IPv6 still in its beginning stages, we can expect to see NAT being used for many years to come.
source : http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html
NAT acts as a middle man between the internal and external network; packets coming from the private network are handled by NAT and then transferred to their intended destination.
A single external address is used on the Internet so that the internal IP addresses are not shown. A table is created on the router that lists local and global addresses and uses it as a reference when translating IP addresses.
NAT can work in several ways:
Static NAT
An unregistered IP address is mapped to a registered IP address on a one-to-one basis - which is useful when a device needs to be accessed from outside the network.
Dynamic NAT
An unregistered IP address is mapped to a registered IP address from a group of registered IP addresses. For example, a computer 192.168.10.121 will translate to the first available IP in a range from 212.156.98.100 to 212.156.98.150.
Overloading
A form of dynamic NAT, it maps multiple unregistered IP addresses to a single registered IP address, but in this case uses different ports. For example, IP address 192.168.10.121 will be mapped to 212.56.128.122:port_number (212.56.128.122:1080).
Overlapping
This when addresses in the inside network overlap with addresses in the outside network - the IP addresses are registered on another network too. The router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses.
How NAT works
A table of information about each packet that passes through is maintained by NAT.
When a computer on the network attempts to connect to a website on the Internet:
the header of the source IP address is changed and replaced with the IP address of the NAT computer on the way out
the "destination" IP address is changed (based on the records in the table) back to the specific internal private class IP address in order to reach the computer on the local network on the way back in
Network Address Translation can be used as a basic firewall – the administrator is able to filter out packets to/from certain IP addresses and allow/disallow access to specified ports. It is also a means of saving IP addresses by having one IP address represent a group of computers.
Setting up NAT
To setup NAT you must start by opening the Configure your server wizard in administrative tools and selecting the RRAS/VPN Server role. Now press next and the RRAS setup wizard will open. The screen below shows the Internet Connection screen in which you must specify which type of connection to the Internet and whether or not you want the basic firewall feature to be enabled.
Press next to continue. The installation process will commence and services will be restarted, after which the finish screen will be displayed - showing what actions have taken place.
Configuring NAT
Configuration of NAT takes place from the Routing and Remote Access mmc found in the Administrative Tools folder in the Control Panel or on the start menu.
The screenshot below shows the routing and remote access mmc.
Select which interface you wish to configure and double click it. This will bring up the properties window giving you the option to change settings such as packet filtering and port blocking, as well as enabling/disabling certain features, such as the firewall.
The remote router (set up previously) properties box is shown below. The NAT/Basic Firewall tab is selected.
You are able to select the interface type – to specify what the network connection will be. In my example I have selected for the interface to be a public interface connected to the internet. NAT and the basic firewall option have also been enabled. The inbound and outbound buttons will open a window that will allow you restrict traffic based on IP address or protocol packet attributes. As per your instructions, certain TCP packets will be dropped before they reach the client computer. Thus, making the network safer and giving you more functionality. This is useful if, for example, you wanted to reject all packets coming from a blacklisted IP address or restrict internal users access to port 21 (ftp).
For further firewall configuration, go to the Services and Ports tab. Here you can select which services you would like to provide your users access to. You can also add more services by specifying details such as the incoming and outgoing port number.
The list of services shown in the above screenshot are preset. Press Add to bring up the window that will allow the creation of a new service or select an available service and press Edit to modify that service. You will be asked to specify the name, TCP and UDP port number and the IP address of the computer hosting that service.
If the services in the list aren’t enabled then any client computer on the Windows 2003 domain will not be able to access that specific service. For example, if the computer was configured as shown in the image above and a client computer tried to connect to an ftp site, he would be refused access. This section can prove to be very useful for any sized networks, but especially small ones.
That concludes this article. As you have seen, Network Address Translation is a useful feature that adds diversity and security to a network in a small to medium sized company. With the advent, and implementation, of IPv6 still in its beginning stages, we can expect to see NAT being used for many years to come.
source : http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html
What is a NAT Firewall/Router/Gateway?
What is a NAT Firewall/Router/Gateway?
"NAT" stands for "Network Address Translation", which is used to "map" the private IP addresses of individual computers on a local network, to a single IP address (the "NAT's address") on the Internet. Many providers use this to remap their end-consumer IP addresses to the Internet. Many small networks (SOHO and home private networks) use NAT to remap their home or office machines through a DSL (or DSL/Wireless) modem to the Internet.
A NAT firewall, router or gateway is simply a piece of equipment or software that makes the bridge between your local network and the Internet, and makes all of the connections appear to be from the NAT address, not the local address of the LAN computer.
A PAT firewall, router or gateway is effectively the same thing, except that it maps network ports, in addition to IP addresses. For the purposes of the CBL, a PAT is the same as a NAT.
IMPORTANT NOTE: If you are running your own wireless hub/router, it is often possible for "unwanted guests" to sneak into your network (either accidentally or deliberately) and emit crap through your Internet connection as well as have full access to your private network. It is critical that you take steps to protect your wireless connection. See the section on "I have a Wireless Hub/Router" below.
What's significant about NATs?
Virtually all viruses and spam-sending exploits have their own SMTP clients and attempt to send directly from the infected machine to the intended victim's mail server. They DO NOT go through the infected person's mail server, and obviously DO NOT leave mail server logs of any kind.
This means that the virus will establish a SMTP port 25 connection directly to the victim's mail server.
This means that Anti-spam and anti-virus filters on your mail servers CANNOT stop these things - because the email is not going through your mail servers.
Since all viruses and spam sending exploits forge headers, the only information we know is the originating IP address - which is the NAT, not the infected machine.
This means that if the CBL lists a NAT address, one or more machines on the NAT's local network are infected, and there is NO way for the CBL to identify which one[s] they are. Further, it's difficult even for you to tell which machine is really infected - you normally have to check the firewall logs to see which one of your customers is making suspicious connections directly to the Internet on port 25. Most administrators ignore or do not collect NAT logs.
The listed IP is a NAT. Now what do I do to secure it?
In a nutshell, you must to find a way to prevent these viruses and spam tools managing to connect directly from the infected machine through the NAT.
You MUST do this, because the CBL will NOT make exceptions for a NAT IP under any circumstances. We will give you breathing space to fix the problem, but we will not permanently delist a NAT.
There are a variety of ways to do this.
The simplest and most effective way to stop this is to configure your NAT to prohibit connections to the Internet on port 25 except from real mail servers. Not only does this stop all of these viruses and spams dead in their tracks, the NAT logs will immediately tell you the LAN address of the infected machine.
There's a growing list of examples of how to do this at the end of this page.
This can sometimes cause problems with customers with unusual requirements. But the benefits are huge - large providers report a enormous dropoff in complaints and virus problems once they do this. For example, going from a million virus complaints/problems in a month to less than a dozen.
The Internet provider industry now considers port 25 blocking of customer IP pools to be "Best Current Practice". You block port 25 access by default, and only enable port 25 access on request for static IP addresses that you believe are well run mail servers.
To aid in this, we point you to documentation from the Canadian Federal Anti-Spam Task Force. This contains, in part, a "Best Current Practises" for Network Managers: Companion Document to Recommended Best Practices for Internet Service Providers and Other Network Operators, specifically item 2.
You may also find Full FASTF Report useful (or at least interesting). While this BCP obviously applies to Canada specifically, it is a good model to follow everywhere.
The Messaging Anti-Abuse Working Group (MAAWG) has a document on managing port 25 that is also of interest.
You should have a mail server that customers can use (via "smart host" or "outbound SMTP server" settings in their mail readers) to send email to the Internet. This solves almost all of the issues with port 25 blocks.
For those customers who "roam" (particularly if your NAT is related to wireless connectivity) or use mail service provided by someone else, their mail providers should have a non-port-25 method of sending email - ie: "SMTP SUBMIT" on port 587 using SMTP authentication. Or, if there aren't many of those, you can exempt connection to those mail providers from your outbound port 25 blocking.
The above is described in somewhat more detail in the MAAWG document.
You can also encourage your customers to use their mail provider's webmail interface if they have one.
There are other ways to prevent outbound port 25 connections from viruses and spam, such as "outbound port 25 intercepter/filtering" arrangements and network level anti-virus "appliances". If selected and carefully configured, these can work. But they cannot be as effective as outright port 25 blocking.
Most large providers have come around to understanding that port 25 blocking is the ONLY way to get a handle on compromised computers.
Except in unusual environments (eg: wireless portals), providers report that less than 1% of their customers are affected by implementing port 25 blocking.
You can always arrange to have an outbound mail server for your customers that isn't behind the same NAT - correctly configured customers won't have problems with their email. However, this means that your NAT will continue to be listed, and those customers who don't switch will continue to be blocked. We do not believe this to be the right thing to do, because it continues to subject the rest of the Internet to viruses spewing from your network, and those customers that don't switch may still experience problems with email. However, it is a good way to move to a fully secured NAT and allow you to gradually move customers with unusual requirements.
Once you have implemented port 25 blocks in your NAT, delist your IP.
How do I find the infected machine on a NAT?
This can often be rather difficult, because many NAT gateways provide very little in the way of diagnostic/logging. See How to find BOTs on a LAN
I have a Wireless Hub/Router
If your Hub/Router is acting as your Internet connection (NAT'ing to the Internet), you will need to configure its firewall facilities as in the section "The listed IP is a NAT. Now what do I do?".
In addition, you need to take steps to protect your local network from intrusion. In other words: turn on wireless encryption.
If you don't turn on encryption, getting CBL listed is the least of your worries: ANYONE anyone wardriving by (or indeed a close enough neighbor) is automatically ON YOUR NETWORK and great destruction (eg: loss or theft of your private files, keylogging, backdoors or in some extreme cases, getting arrested) can ensue.
THIS IS NO JOKE! The consequences are very real, and the probability of being taken over is very high.
You really don't want your home network to be OWN3D BY CRIMINALS.
Wireless hubs usually support at least three varieties of encryption: WEP, WPA and WPA/PSK.
WEP is the old encryption methodology. It's relatively awkward to setup, and the encryption is fairly insecure. We advise against it.
WPA is more modern, and has highly secure encryption. "Plain WPA" generally requires that you have a Radius server on your network to perform per-user login authentication - you have to supply a userid and password to connect. This is generally more effort than small networks are willing to go to, but it does have advantages (eg: selectively allow/disallow casual users, logging).
WPA/PSK (WPA with "Public Shared Key") uses the same high security encryption as WPA, but it simpler to setup. You configure in a password into the hub, and anyone attempting to connect to the wireless LAN merely needs to supply that password to get connected. This is the simplest to use for very small home networks where ordinary WPA is overkill.
See your hub's documentation for further details - the CBL team cannot provide assistance on wireless hub configuration.
Nat configuration examples
We would appreciate contributions of simple examples of how to configure NATs/firewalls.
Please make sure you understand what these examples do before implementing anything derived from them.
Linux iptables
# Assume MTA on the gateway box, nothing from the LAN needs to contact
# the world on port 25 directly.
# Log packets trying to cross the interfaces.
iptables -A FORWARD -p tcp --dport 25 -j LOG
# Drop those packets
iptables -A FORWARD -p tcp --dport 25 -j DROP
# Assume MTA is inside the NAT and needs to be able to talk to the
# world, but not receive.
# Fill in this field
IP_OF_MTA_HOST=
iptables -A FORWARD -p tcp -s $IP_OF_MTA_HOST --dport 25 -j ACCEPT
# Log packets trying to cross the interfaces.
iptables -A FORWARD -p tcp --dport 25 -j LOG
# Drop those packets
iptables -A FORWARD -p tcp --dport 25 -j DROP
CISCO
These are generally applicable to most (all?) CISCO firewalls:
First you need to create an access list describing the traffic (X.X.X.X is the IP address of your mail server. Add more lines if you have more than one)
access-list acl_out permit tcp host X.X.X.X any eq 25
access-list acl_out deny tcp any any eq 25
... any other outbound rules you may want go here ...
access-list acl_out permit ip any any
Then you need to apply that access-list to the inside interface (because it is being checked on the inside before it goes out)
access-group acl_out in interface inside
source : http://cbl.abuseat.org/nat.html
"NAT" stands for "Network Address Translation", which is used to "map" the private IP addresses of individual computers on a local network, to a single IP address (the "NAT's address") on the Internet. Many providers use this to remap their end-consumer IP addresses to the Internet. Many small networks (SOHO and home private networks) use NAT to remap their home or office machines through a DSL (or DSL/Wireless) modem to the Internet.
A NAT firewall, router or gateway is simply a piece of equipment or software that makes the bridge between your local network and the Internet, and makes all of the connections appear to be from the NAT address, not the local address of the LAN computer.
A PAT firewall, router or gateway is effectively the same thing, except that it maps network ports, in addition to IP addresses. For the purposes of the CBL, a PAT is the same as a NAT.
IMPORTANT NOTE: If you are running your own wireless hub/router, it is often possible for "unwanted guests" to sneak into your network (either accidentally or deliberately) and emit crap through your Internet connection as well as have full access to your private network. It is critical that you take steps to protect your wireless connection. See the section on "I have a Wireless Hub/Router" below.
What's significant about NATs?
Virtually all viruses and spam-sending exploits have their own SMTP clients and attempt to send directly from the infected machine to the intended victim's mail server. They DO NOT go through the infected person's mail server, and obviously DO NOT leave mail server logs of any kind.
This means that the virus will establish a SMTP port 25 connection directly to the victim's mail server.
This means that Anti-spam and anti-virus filters on your mail servers CANNOT stop these things - because the email is not going through your mail servers.
Since all viruses and spam sending exploits forge headers, the only information we know is the originating IP address - which is the NAT, not the infected machine.
This means that if the CBL lists a NAT address, one or more machines on the NAT's local network are infected, and there is NO way for the CBL to identify which one[s] they are. Further, it's difficult even for you to tell which machine is really infected - you normally have to check the firewall logs to see which one of your customers is making suspicious connections directly to the Internet on port 25. Most administrators ignore or do not collect NAT logs.
The listed IP is a NAT. Now what do I do to secure it?
In a nutshell, you must to find a way to prevent these viruses and spam tools managing to connect directly from the infected machine through the NAT.
You MUST do this, because the CBL will NOT make exceptions for a NAT IP under any circumstances. We will give you breathing space to fix the problem, but we will not permanently delist a NAT.
There are a variety of ways to do this.
The simplest and most effective way to stop this is to configure your NAT to prohibit connections to the Internet on port 25 except from real mail servers. Not only does this stop all of these viruses and spams dead in their tracks, the NAT logs will immediately tell you the LAN address of the infected machine.
There's a growing list of examples of how to do this at the end of this page.
This can sometimes cause problems with customers with unusual requirements. But the benefits are huge - large providers report a enormous dropoff in complaints and virus problems once they do this. For example, going from a million virus complaints/problems in a month to less than a dozen.
The Internet provider industry now considers port 25 blocking of customer IP pools to be "Best Current Practice". You block port 25 access by default, and only enable port 25 access on request for static IP addresses that you believe are well run mail servers.
To aid in this, we point you to documentation from the Canadian Federal Anti-Spam Task Force. This contains, in part, a "Best Current Practises" for Network Managers: Companion Document to Recommended Best Practices for Internet Service Providers and Other Network Operators, specifically item 2.
You may also find Full FASTF Report useful (or at least interesting). While this BCP obviously applies to Canada specifically, it is a good model to follow everywhere.
The Messaging Anti-Abuse Working Group (MAAWG) has a document on managing port 25 that is also of interest.
You should have a mail server that customers can use (via "smart host" or "outbound SMTP server" settings in their mail readers) to send email to the Internet. This solves almost all of the issues with port 25 blocks.
For those customers who "roam" (particularly if your NAT is related to wireless connectivity) or use mail service provided by someone else, their mail providers should have a non-port-25 method of sending email - ie: "SMTP SUBMIT" on port 587 using SMTP authentication. Or, if there aren't many of those, you can exempt connection to those mail providers from your outbound port 25 blocking.
The above is described in somewhat more detail in the MAAWG document.
You can also encourage your customers to use their mail provider's webmail interface if they have one.
There are other ways to prevent outbound port 25 connections from viruses and spam, such as "outbound port 25 intercepter/filtering" arrangements and network level anti-virus "appliances". If selected and carefully configured, these can work. But they cannot be as effective as outright port 25 blocking.
Most large providers have come around to understanding that port 25 blocking is the ONLY way to get a handle on compromised computers.
Except in unusual environments (eg: wireless portals), providers report that less than 1% of their customers are affected by implementing port 25 blocking.
You can always arrange to have an outbound mail server for your customers that isn't behind the same NAT - correctly configured customers won't have problems with their email. However, this means that your NAT will continue to be listed, and those customers who don't switch will continue to be blocked. We do not believe this to be the right thing to do, because it continues to subject the rest of the Internet to viruses spewing from your network, and those customers that don't switch may still experience problems with email. However, it is a good way to move to a fully secured NAT and allow you to gradually move customers with unusual requirements.
Once you have implemented port 25 blocks in your NAT, delist your IP.
How do I find the infected machine on a NAT?
This can often be rather difficult, because many NAT gateways provide very little in the way of diagnostic/logging. See How to find BOTs on a LAN
I have a Wireless Hub/Router
If your Hub/Router is acting as your Internet connection (NAT'ing to the Internet), you will need to configure its firewall facilities as in the section "The listed IP is a NAT. Now what do I do?".
In addition, you need to take steps to protect your local network from intrusion. In other words: turn on wireless encryption.
If you don't turn on encryption, getting CBL listed is the least of your worries: ANYONE anyone wardriving by (or indeed a close enough neighbor) is automatically ON YOUR NETWORK and great destruction (eg: loss or theft of your private files, keylogging, backdoors or in some extreme cases, getting arrested) can ensue.
THIS IS NO JOKE! The consequences are very real, and the probability of being taken over is very high.
You really don't want your home network to be OWN3D BY CRIMINALS.
Wireless hubs usually support at least three varieties of encryption: WEP, WPA and WPA/PSK.
WEP is the old encryption methodology. It's relatively awkward to setup, and the encryption is fairly insecure. We advise against it.
WPA is more modern, and has highly secure encryption. "Plain WPA" generally requires that you have a Radius server on your network to perform per-user login authentication - you have to supply a userid and password to connect. This is generally more effort than small networks are willing to go to, but it does have advantages (eg: selectively allow/disallow casual users, logging).
WPA/PSK (WPA with "Public Shared Key") uses the same high security encryption as WPA, but it simpler to setup. You configure in a password into the hub, and anyone attempting to connect to the wireless LAN merely needs to supply that password to get connected. This is the simplest to use for very small home networks where ordinary WPA is overkill.
See your hub's documentation for further details - the CBL team cannot provide assistance on wireless hub configuration.
Nat configuration examples
We would appreciate contributions of simple examples of how to configure NATs/firewalls.
Please make sure you understand what these examples do before implementing anything derived from them.
Linux iptables
# Assume MTA on the gateway box, nothing from the LAN needs to contact
# the world on port 25 directly.
# Log packets trying to cross the interfaces.
iptables -A FORWARD -p tcp --dport 25 -j LOG
# Drop those packets
iptables -A FORWARD -p tcp --dport 25 -j DROP
# Assume MTA is inside the NAT and needs to be able to talk to the
# world, but not receive.
# Fill in this field
IP_OF_MTA_HOST=
iptables -A FORWARD -p tcp -s $IP_OF_MTA_HOST --dport 25 -j ACCEPT
# Log packets trying to cross the interfaces.
iptables -A FORWARD -p tcp --dport 25 -j LOG
# Drop those packets
iptables -A FORWARD -p tcp --dport 25 -j DROP
CISCO
These are generally applicable to most (all?) CISCO firewalls:
First you need to create an access list describing the traffic (X.X.X.X is the IP address of your mail server. Add more lines if you have more than one)
access-list acl_out permit tcp host X.X.X.X any eq 25
access-list acl_out deny tcp any any eq 25
... any other outbound rules you may want go here ...
access-list acl_out permit ip any any
Then you need to apply that access-list to the inside interface (because it is being checked on the inside before it goes out)
access-group acl_out in interface inside
source : http://cbl.abuseat.org/nat.html
Langganan:
Postingan (Atom)