Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Aug 07 04 8:14 am
We installed Wingate 6 and the firewall was automatically treating the internal NIC as an Internet adapter and external NIC as a LAN adapter. Changing NICs' addresses didn't help.
We had to uninstall version 6 and install 5.2.3 which works fine.
Any suggestions?
Aug 07 04 3:02 pm
Janusz430 wrote:We installed Wingate 6 and the firewall was automatically treating the internal NIC as an Internet adapter and external NIC as a LAN adapter. Changing NICs' addresses didn't help.
We had to uninstall version 6 and install 5.2.3 which works fine.
Any suggestions?
In gatekeeper on the Network tab in the lower pane the Network connections are displayed, double click the connection icons on the General tab, you can select whether it an internal or external interface.
The question is why does it think the internal interface is an external interface, do you have a gateway defined on both adapters?
Only the external interface should have a gateway.
Aug 07 04 8:16 pm
Hi
WinGate uses the following tests to determine what sort of adapter something is.
1. If the adapter has a default gateway, it is deemed to be external.
2. If the adapter has any public IP address, it is deemed to be external.
otherwise it is deemed to be internal.
Public IP addresses are all IP addresses that are not private addresses. Private addresses are in the following 3 ranges:
192.168.0.0 - 192.168.255.255
172.16.0.0 - 172.31.255.255
10.0.0.0 - 10.255.255.255
Adrien
Aug 10 04 2:52 am
To my responders.
The problem was located only in the firewall part of Wingate. The Gatekeeper showed the correct assignment of all NICs. Changing the IP address on the NIC from public to private would cause the change in NIC assignment from external to internal just fine.
Only the firewall treated any internal NIC as unsafe and external NIC as safe one.
Janusz
Aug 10 04 4:15 am
OK, how do the firewall hits show up?
Do they show up as reason: "Port range", or something else... like "spoof attempt"?
If a packet is received on an interface marked as external, and it has a private source IP address, it is deemed spoofed if the interface IP is not also private.
Adrien
Aug 10 04 5:19 am
Adrian
Nothing like that. Simply - when I bound any service (WWW for example)
to the internal adapter, ENS opened port (80) for the connection from Internet to LAN. This would happen to any proxy service.
Janusz
Aug 10 04 5:47 am
What sort of network adapters are you using. Are they both the same make and model?
That is very odd. Normally it will only open a hole in "Connections from the Internet" if the adapter you are binding to is marked as external, OR if you have a policy which binds to "Any Adapter".
Adrien
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.