Restricting access to administration

Restricting administrative rights at an application level

When defining WinRoute users you have the option to define three levels of administrative rights for each user: Full access, log viewing only, or mail transfer/dial up control. For configuration manipulation and log viewing the administrator must use the administration program wradmin.exe. This application is just under one megabyte and can be run from any PC running Windows 95/98/ME/XP/NT/2k. It is possible to completely disable remote administration through the settings -> advanced -> remote administration. From this same dialog you can also restrict access to a particular pre-defined address group.

Restricting administrative rights at a network level

WinRoute uses TCP and UDP protocol both over port 44333. It is only necessary to open UDP port 44333 if you would like to view log window data in real time. If NAT is enabled, inbound access to port 44333 on the NAT'd interface will be refused. If NAT is not enabled or you wish to restrict access to a selected group of IP addresses you can set up filters in the settings -> advanced -> packet filter. For more information refer to the section 'Setting Up Security' in this Chapter.