The NatWest On-Line Service
Nat West have introduced a new
online banking service. It looks quite useful.
However, rather than taking the sensible option of secure HTTP from a
normal web browser over an Internet connection, they have done something
very strange:
- You dial into their own Intranet directly, using a modem.
- You run a 'proxy' on your own computer, which encrypts the traffic
between you and their server.
- You point your web browser at this proxy, on
http://localhost:1794/ and use the service with a normal web
browser.
This has a number of drawbacks. The first is that the 'proxy' software,
IBM's "CBT Browser Crypto module", is a Win32 binary, so it's difficult
to use the service from anything but a Windows machine.
Also, an increasing number of people do not use an old-fashioned modem
to connect to the Internet any more. BT will be rolling out DSL shortly,
and people are using ISDN, cable-modems and leased lines for
connectivity. I also know a large number of students who have Ethernet
all the way to their bedrooms, but no telephone provision except a
payphone between 20 students. Infroducing an online system these days
which requires a dedicated modem link is bordering on insane.
Using NatWest On-Line with Linux
Nonetheless, it's possible to use this service with Linux, using
Wine to run the strange
Crypto-proxy program.
You still have to install the software under Windows and generate your
authentication keys, though. Although the key generation program appears
to generate a key happily when run under Wine, the resulting key doesn't
then actually work. After getting Nat West to unlock my account a couple
of times after three consecutive failed logins, I gave up and used the
key I had previously generated under Windows. If you have more luck or
more patience with it, please let me know - I don't see why it shouldn't
work.
Here's how you do it:
- Find a Windows box to use, and install the software on it. Go through
the key generation procedure.
- Install a version of Wine on your Linux box. The only version I've
tried it with is the latest which I happened to have in CVS, which I
believe is 19990815 - that's the latest date in the ChangeLog
anyway.
-
Boot into Linux.
- Copy the \Program Files\NatWest On-Line directory to
whatever directory has the same pathname in your Wine installation.
If you use Wine with the same copy of Windows that you installed the
software in, you shouldn't have to do anything, obviously.
-
Set up your machine to use Nat West's dialup as an alternative ISP.
Telephone number: 08457576176
Authentication: PAP
Username: userid@alivegoblin
Password: nastyfellow
The IP address that it will give you is in the 192.168.x.x subnet.
-
Add the following line to your /etc/hosts file (or NIS
map):
62.172.187.144 www.nwol.co.uk
-
Make sure that packets for 62.172.187.144 will be routed out the
correct interface. If you're not trying to remain connected to the
Internet while you're connected to Nat West, it's enough just to
make the PPP connection the default route. Otherwise, you want to do
something like:
# route add 62.172.187.144 dev ppp0
after the link is brought up each time.
-
Having dialled up and added the route if necessary, run the
bcmcmw32.exe program under Wine.
- Point your web browser at
http://www.nwol.co.uk/ and play. After you hit the 'log in'
button, the Crypto Proxy program should bring up a dialog box and ask
for your password, just as it did under Windows.
-
Contact NatWest On-Line on 0800 328 0211. Tell them that you're unhappy
with this system, and that they should be running a system on the real
Internet, using standard protocols such as Secure HTTP.
Failing that, at least connecting their existing system to the real
Internet would suffice for now. People with dedicated or ISDN
connections would then be able to use the service without having to
buy a modem and make extra phone calls for it. The IP address they're
using for their server really does appear to belong to Nat West. But
it's firewalled, or just not routed to, from the rest of the Internet.
If they were to fix that, it'd be a lot more useful.
David Woodhouse
Last modified: Tue Aug 24 13:24:47 BST 1999