WinGate Forums

by **kgoodknecht** » Mar 19 04 12:29 pm

Upgraded to 5.2.3 today, instantly had no internet access, I narrowed it down to DNS.
DNS service is disabled in Wingate, I'm using Win2k Active Directory and MS DNS. None of my three DNS servers could resolve external names after upgrade. I'm using Wingate NAT and I could see the mappings set up but all DNS requests timed out.
I could not even use nslookup to connect to an external DNS server from the Wingate machine, it would just time out.
I uninstalled Wingate immediately got DNS back, installed 5.2.3 just to be sure and DNS stopped resolving, uninstalled wingate, DNS returned.

Re-installed 5.2.2 DNS still works, what was the change in 5.2.3 that could cause this?

I've never had any DNS problems before.

The bad part is I had a bunch of mappings set up for my DNS, web, Terminal services and mail servers and I had to recreate them.

Kevin D. Goodknecht [MVP]

by **ulenius** » Mar 20 04 9:35 am

I also got DNS errors in my system when I installed 5.2.3 now I am running 5.2 and I have no DNS errors but I have had instability with 5.2.2 thats why I run 5.2 today.

I hope for a 5.2.4 SOOOOON!

/A

by **kgoodknecht** » Mar 21 04 6:48 am

ulenius wrote:I also got DNS errors in my system when I installed 5.2.3 now I am running 5.2 and I have no DNS errors but I have had instability with 5.2.2 thats why I run 5.2 today.

I hope for a 5.2.4 SOOOOON!

/A

Not sure I want to try 5.2.4 if they don't even know what they did to 5.2.3 to stop DNS from resolving.

Kevin

by **Mickey** » Mar 22 04 9:35 am

I have the same problem with DNS.
I send debug files to Qbik but from this time no response.

by **genie** » Mar 22 04 9:47 am

Hi,

Apologies for not responding on this issue - we are trying to figure out what particular part of Wingate effects in this behavior - fix will be out shortly.

by **siphonix** » Mar 23 04 7:58 am

Same problem here. Where can I find the old 5.5.2 version? It's bad that you guys weren't able to fix this problem in almost a month.. Maybe it's time to look at other programs.. :-/

by **kgoodknecht** » Mar 25 04 2:42 am

genie wrote:Hi,

Apologies for not responding on this issue - we are trying to figure out what particular part of Wingate effects in this behavior - fix will be out shortly.

I can tell you this much it seemed that something was blocking port 53 from the system resolver.
My Wingate mail server was still able to get MX and reverse lookups on the Wingate machine. (I could see the cache building up)
But anything behind Wingate including the system resolver, dig and nslookup were unable to get lookups from either my internal DNS servers or by bypassing them to my ISP's DNS server.

Kevin Goodknecht [Microsoft MVP]

by **genie** » Mar 26 04 2:26 pm

Kevin, what kind of networking do you have there? Dialups, wireless?

by **kgoodknecht** » Mar 26 04 3:25 pm

genie wrote:Kevin, what kind of networking do you have there? Dialups, wireless?

The public side is on a 10 Mb LAN card with 65.x.x.x /29 Netblock 5 static IPs Cat 5 to an ADSL connection, private side is a 192.168.x.x/22 100Mb Cat 5 LAN to a 5 port switch.

This is the first problem I've had with Wingate. I've had v 3x, 4x, 5x. It has always worked perfect for me until 5.2.3 I feel like I have a vested interest and I don't want to change. I like the features and the performance it's a shame, I kind of feel snake bit now.

Kevin Goodknecht [Microsoft MVP]

by **genie** » Mar 26 04 3:29 pm

Now, you said your nslookup and dig attempts did not succeed as well - did you try using the external DNS server for resolving to bypass the internal Wingate resolver? Did you see any UDP NAT sessions from the client to this DNS server?

by **kgoodknecht** » Mar 26 04 3:42 pm

genie wrote:Now, you said your nslookup and dig attempts did not succeed as well - did you try using the external DNS server for resolving to bypass the internal Wingate resolver? Did you see any UDP NAT sessions from the client to this DNS server?

Wingate DNS is disabled, it is on a Win2k Domain Controller, I use MS DNS.
Nslookup and Dig both timed out on my DNS server and when I tried to bypass to my ISP's DNS servers.
I have Two DNS servers with delegated root zones behind Wingate when I tried to resolve against them, I could see the NAT mappings set up to the gTLD servers but they could not resolve, they just timed out.

The weird thing is apparently the Wingate mail server was able to resolve because I could see the cache building in the MS DNS console.

It was like the system DNS resolver was blocked, but how was the mail server in Wingate able to do its lookups when I couldn't? Does it have its own resolver?

Kevin Goodknecht [Microsoft MVP]

by **genie** » Mar 26 04 4:50 pm

Kevin, can you increase timeout for nslookup? Try 30 seconds timeout and see if it works.

by **n0ticer** » Mar 26 04 6:35 pm

i know this is not d answer to all dns problem. i myself had problems w/ wingate dns

but this has help me a lot

1) AnalogX FastCache

2) How to...

pls also note that u should disable wingate dns when running fastcache. tnx

by **Pascal** » Mar 26 04 6:52 pm

What types of problems did you have with WinGate DNS ? Can you give us a bit of details about the configuration, etc., please ?

by **n0ticer** » Mar 26 04 7:15 pm

ok, wingate dns is somehow working, but i dont find it smooth, sometimes clients connection is sluggish... sori i cant b so detailed coz im no expert. but my setup goes like this... (so basic)

client side: win98se (56 pc's)
no wgclient
dns enable
nic private ip 192.168.0.2 to 57
gateway --> 192.168.0.1
hosts file are set "192.168.0.1 name_of_my_server"

server side: winnt4 w/s
wingate
dns search order 192.168.0.1 --> w/c redirects to fastcache -->fastcache to my isp's dns
nic 1 private ip 192.168.0.1 w/c conx to d hub
nic 2 static issued by my isp w/c conx to d modem
dsl (alway connected)

by **sietze** » Mar 27 04 1:08 am

Could this be the same problem that has been posted by 2other users today? ENS cuts off the Internet.

What I see is that DNS and http request are send out, the router gets a reply, sends it to the external interface of the WinGate box, and there the packages are dropped, apparently because of UDP and TCP checksum probs. Possibly a prob with NAT behind NAT?

All logs are clear but the NAT log:

03/25/04 12:27:23 Debug: NAT error message code FFE0B40B, context 1412 OutICMP=0, InICMP=0, OutUDP=0, InUDP=0, OutTCP=762, InTcp=88
03/25/04 12:27:23 Debug: NAT error message code FFE0B40B, context 1420 OutICMP=3, InICMP=18, OutUDP=0, InUDP=0, OutTCP=0, InTcp=0
03/25/04 12:27:23 Debug: NAT error message code FFE0B40D, context 1426 Total locked memory in use is 190500
03/25/04 12:27:23 Debug: NAT error message code FFE0B40E, context 1433 Unknown Frames = 0, Status Queue Size = 128
03/25/04 12:27:26 Debug: NAT error message code FFE0B407, context 55 TCP checksum failed
03/25/04 12:27:28 Debug: NAT error message code FFE0B40B, context 1412 OutICMP=0, InICMP=0, OutUDP=0, InUDP=0, OutTCP=762, InTcp=88
03/25/04 12:27:28 Debug: NAT error message code FFE0B40B, context 1420 OutICMP=2, InICMP=18, OutUDP=0, InUDP=0, OutTCP=0, InTcp=0
03/25/04 12:27:28 Debug: NAT error message code FFE0B40D, context 1426 Total locked memory in use is 190500
03/25/04 12:27:28 Debug: NAT error message code FFE0B40E, context 1433 Unknown Frames = 0, Status Queue Size = 128
03/25/04 12:27:29 Debug: NAT error message code FFE0B406, context 102 UDP checksum failed

by **adrien** » Mar 27 04 1:19 am

Hi

Those aren't actually errors being logged there, they are a 1s stats dump of memory usage by the ENS... just logged as an error incorrectly (really need to remove them!)

Adrien

by **sietze** » Mar 27 04 1:32 am

Oh. Not really error? Failed ckecksums usually are bad news.

by **kgoodknecht** » Mar 27 04 2:46 am

genie wrote:Kevin, can you increase timeout for nslookup? Try 30 seconds timeout and see if it works.

I cannot check this, I uninstalled 5.2.3, DNS came back, reinstalled 5.2.3 and lost DNS, so I uninstalled 5.2.3 and went back with 5.2.2 and it works.
I am in a production environment and cannot have DNS down, I host ten public domains on my DNS servers behind Wingate. DNS being down is not an option. I certainly cannot live with a 30 second delay.

What I will have to do is plan for some downtime this weekend, backup the Wingate configuration, then try the upgrade again. If DNS stops I'll run as many test as I can to see what is going on.

by **corcoran** » Apr 02 04 9:13 am

holy hell that's my problem too - i dropped up from 5.0.7 to 5.2.3 for the better AV support (my kaspersky stopped updating).

i've got WG on a Win2k/SP4 and about 20 clients (XPPros/Win2Ks) using it for email and web.

can i DEMAND a download link for 5.2.2 please? This DNS being down isn't going to work, not for another minute.

by **davidth** » Apr 04 04 4:11 pm

I have the same problem, but only with a few pages. I get the HTTP 500 error message when I try to access pages like: hp.com (drivers), winproxy.com, wingate forums, and other more.

I think there is a DNS problem in wingate 5.2.3 (read at: http://forums.qbik.com/viewtopic.php?t=1402 ). I tried cleaning the cache and apparently the problem is solved.

Good luck.

(I posted a copy from: http://forums.qbik.com/viewtopic.php?p=6671 )

by **davidth** » Apr 04 04 4:14 pm

Can anyone tell me where can I get the 5.2.2 version?

by **PaulW** » Apr 05 04 12:58 pm

I don't know if this is related, but its stumped me...

DNS Resolving works 'for a short while' and then stops.

When it stops I notice the firewall in ENS/NAT starts blocking things such as...

Code: Select all: Source IP: xxx.xxx.xxx.xxx; Source Port: 53; Destination IP: xxx.xxx.xxx.xxx; Destination Port: 4030...

the destination port is then incremented for each attempt to access any page. I've tried turning off DNS services in WinGate, but to no avail, as it still keeps blocking it. It seems to cycle pretty much EVERY port! I usually run wingate with everything blocked, except 1024 to 4096, and this worked perfectly with version 5.0.5, but since upgrading to 5.2.3, I've had nothing but problems!

I also tried relaying UDP Broadcast Packets from port 53 but to no avail.

also it usually takes 4 hours for the DNS issue to appear, so I'm guessing its how long it takes to count up to 4096...

Also, completely un-related, in 5.0.5, I could ping out from my machine, yet still block all incoming PING requests (was useful as could keep tabs on my external webserver running in germany), but with 5.2.3, I can only ping out from my machine now if I let people ping in from the internet, which I would rather not allow. Is there any way to allow myself to ping out to external address (internet) but not be pinged FROM the internet?

I'm now off to down-grade to 5.0.5 until these issues are resolved, seens as I can't get hold of any other previous versions.
Cheers

Paul

by **PaulW** » Apr 05 04 1:52 pm

Ok just down-graded & all seems ok now, I can ping out again and not be pinged in, and the DNS is steady at port 1029.

However...

I'm guessing this new problem is from uninstalling 5.2.3 and putting 5.0.5 back on... I now have to manually restart the WinGate engine for it to even start to work (it does absolutely nothing until I do this) and also the ENS Firewall seems not to be displaying ANY entries, infact, the real-time monitoring of everything (traffic, firewall, history) just doesn't update until GateKeeper is restarted, and then its hard to get going as it keeps coming up with EXITING APPLICATION errors.,. I've tried re-installing WG5.0.5 about 6 times now, and same thing...

Looks like I'm going to have to re-install the OS :(

**EDIT**

I've gone through EVERY setting now, and it seems to be the WWW Proxy which isn't starting up as it should. Having to restart WinGate everytime the proxy server is rebooted is not ideal, so only fix I can think of is to completely reformat & re-install it. It's already 2:16am, I doubt I shall be getting any sleep now as this needs to be done & working by 8am when everyone starts work.

by **corcoran** » Apr 07 04 11:59 pm

david.

ftp://ftp.ccsoftware.ca/wingate/

ain't it cool?

5.2.2 fixed my dns stuff..

by **Mickey** » May 02 04 1:22 am

Its a month to go out and nothing new in this case.
DNS won't work and don't see any new release or beta NAT drivers to solve this problem (only old drivers from v5.2.2).....

by **genie** » May 03 04 10:23 am

Hi,

I'd like to apologise for not having solved this problem yet. However, the challenge that we face at the moment is that we cannot reproduce this DNS bugger in our test lab. I'd like to ask people, experiencing this problem for a favour: can you, please, drop me an email with just a couple of lines, showing your OS, network cards installed, whther dialup is used or not - any help would be trully appreciated.

by **kgoodknecht** » Jul 25 04 4:40 am

genie wrote:Hi,

I'd like to apologise for not having solved this problem yet. However, the challenge that we face at the moment is that we cannot reproduce this DNS bugger in our test lab. I'd like to ask people, experiencing this problem for a favour: can you, please, drop me an email with just a couple of lines, showing your OS, network cards installed, whther dialup is used or not - any help would be trully appreciated.

I wonder if this is my issue, I use a realtek 8029 for my internet gateway NIC.
http://forums.qbik.com/viewtopic.php?t=2286

by **Mickey** » Jul 25 04 9:37 am

kgoodknecht wrote:I wonder if this is my issue, I use a realtek 8029 for my internet gateway NIC.
http://forums.qbik.com/viewtopic.php?t=2286

Yes it is in almost 99,9% this issue because I have the same (RealTek 8029 to DSL modem) after upgrade from v5.2.2 to v5.2.3 and in fact work hardly with Gene (big Thanks to You and all group) and in WinGate 6.0 beta 3 this was fixed.
I was able using a never driver (from beta3, the newest is OK too) to solve this issue in WinGate v5.2.3

WinGate Forums

5.2.3 would not let DNS get out

5.2.3 would not let DNS get out

same problem

dns problem...

pascal re dns

ENS

that'll be my problem too

Wingate Downloads

Who is online