DNS Forward problem!!!

[voodoofox]

Hi! I have istalled wingate 5.2.3 and I have configured and started DNS service.... When I try, for example, to ping www.google.com from some of my workgroup machines wingate dials up and ping works (but there is no reply from google because it is protected) and I recieve google's IP. But when I try to surf using iexplorer (through DNS) I doesn't work!!!!!!! When I try to fetch some mail from pop3 server (also using DNS) NOTHING HAPPENS!!! Please help me!!!

[Nev]

Hi! I have istalled wingate 5.2.3 and I have configured and started DNS service.... When I try, for example, to ping www.google.com from some of my workgroup machines wingate dials up and ping works (but there is no reply from google because it is protected) and I recieve google's IP. But when I try to surf using iexplorer (through DNS) I doesn't work!!!!!!! When I try to fetch some mail from pop3 server (also using DNS) NOTHING HAPPENS!!! Please help me!!!

What happens if you put the IP and port number of the wingate machine in the browser settings of a client machine, [eg: like 192.168.0.1:80 can it surf?

[voodoofox]

Yes it can BUT, I don't want to surf through WWW Proxy service, I want to surf using DNS forwarding! But it just won't work!

[MattP]

Hi,

Not too sure what you mean by DNS forwarding, but if you don't want to use the WWW proxy then you can make a client connection to the WinGate server via NAT. Simply set the default gateway and the DNS server of the client to point at the internal adapter on the WinGate server. As long as you've set the WinGate server up correctly you should be fine. If you don't want to go through the WWW proxy make sure that TR(transparent redirection) is turned off on the sessions tab.

Regards,

Matt

[voodoofox]

Yes you are right I am conecting via NAT (but without WIGC, only DNS and Gateway set up on client), and TR is turned off but still I only get ping and no other transfer (no surf no mail checking).

With WIGC everything works normal, so I wonder is NAT even possible without WIGC installed on client machine?

[MattP]

Do you have the Extended Networking driver installed? NAT will only work if ENS is installed.

How have you got the WinGate server's DNS set up? You should have the external adapter's DNS pointing at the upstream (ISP's) DNS servers.

What do you see on the activity screen in GateKeeper when a client makes a NAT connection?

Can you turn on debug logging in the WWW proxy and turn on TRs and try to surf from a client, then post a snippet of the log here so we can see what is happening?

Thanks,

Matt

[voodoofox]

>Do you have the Extended Networking driver installed?

Yes!

>>How have you got the WinGate server's DNS set up?

There is no upstream server, there is only dial up connection! I have set up DNS server to recieve request from my network and I have turned firewall off and I enabled dial up for DNS request!

>>What do you see on the activity screen in GateKeeper when a client makes a NAT connection?

When I am pinging I see DNS lookup request from client machine but when I am using my browser I see nothing!!!

>>Can you turn on debug logging in the WWW proxy and turn on TRs and try to surf from a client, then post a snippet of the log here so we can see what is happening?

I can but I am not trying to surf using WWW proxy but only using DNS server so I asked if that is even possible with Wingate?

[kgoodknecht]

>Do you have the Extended Networking driver installed?

Yes!

>>How have you got the WinGate server's DNS set up?

There is no upstream server, there is only dial up connection! I have set up DNS server to recieve request from my network and I have turned firewall off and I enabled dial up for DNS request!

>>What do you see on the activity screen in GateKeeper when a client makes a NAT connection?

When I am pinging I see DNS lookup request from client machine but when I am using my browser I see nothing!!!

>>Can you turn on debug logging in the WWW proxy and turn on TRs and try to surf from a client, then post a snippet of the log here so we can see what is happening?

I can but I am not trying to surf using WWW proxy but only using DNS server so I asked if that is even possible with Wingate?

Can you ping by name and have it resolve? e.g. ping -a www.yahoo.com

If you can but you can't browse using NAT, you may have an MTU problem. Try this:
ping -f 1472 -f www.yahoo.com (1472 is the MTU if the NIC is set to 1500)
If the ping times out or you get "Packet needs to be fragmented..." reduce the 1472 MTU value until you get your ping returned. Then add 28 to that value and set that as the MTU on your machine's NIC in the registry and reboot.

[kgoodknecht]

>Do you have the Extended Networking driver installed?

Yes!

>>How have you got the WinGate server's DNS set up?

There is no upstream server, there is only dial up connection! I have set up DNS server to recieve request from my network and I have turned firewall off and I enabled dial up for DNS request!

>>What do you see on the activity screen in GateKeeper when a client makes a NAT connection?

When I am pinging I see DNS lookup request from client machine but when I am using my browser I see nothing!!!

>>Can you turn on debug logging in the WWW proxy and turn on TRs and try to surf from a client, then post a snippet of the log here so we can see what is happening?

I can but I am not trying to surf using WWW proxy but only using DNS server so I asked if that is even possible with Wingate?

Can you ping by name and have it resolve? e.g. ping -a www.yahoo.com

If you can but you can't browse using NAT, you may have an MTU problem. Try this:
ping -f 1472 -f www.yahoo.com (1472 is the MTU if the NIC is set to 1500)
If the ping times out or you get "Packet needs to be fragmented..." reduce the 1472 MTU value until you get your ping returned. Then add 28 to that value and set that as the MTU on your machine's NIC in the registry and reboot.

Oops, typo, it should be ping -l 1472 -f www.yahoo.com

[adrien]

Check the firewall tab for firewall hits.

If your internal machines are showing up in there, check your adapter usage. Go to the Network pane in GateKeeper, and make sure the usage (internal vs external etc) of your adapters is correct.

Adrien

[voodoofox]

Can you ping by name and have it resolve? e.g. ping -a www.yahoo.com

If you can but you can't browse using NAT, you may have an MTU problem. Try this:
ping -f 1472 -f www.yahoo.com (1472 is the MTU if the NIC is set to 1500)
If the ping times out or you get "Packet needs to be fragmented..." reduce the 1472 MTU value until you get your ping returned. Then add 28 to that value and set that as the MTU on your machine's NIC in the registry and reboot.

I've tried this and I can ping and resolve on 1472, but I can not browse. On 1477 I can't resolve but I don't know where to change NIC in registry in 1504 (if I even have to).

[kgoodknecht]

Can you ping by name and have it resolve? e.g. ping -a www.yahoo.com

If you can but you can't browse using NAT, you may have an MTU problem. Try this:
ping -f 1472 -f www.yahoo.com (1472 is the MTU if the NIC is set to 1500)
If the ping times out or you get "Packet needs to be fragmented..." reduce the 1472 MTU value until you get your ping returned. Then add 28 to that value and set that as the MTU on your machine's NIC in the registry and reboot.

I've tried this and I can ping and resolve on 1472, but I can not browse. On 1477 I can't resolve but I don't know where to change NIC in registry in 1504 (if I even have to).

If you can ping by name it is not a DNS issue. If you can ping with 1472 bytes with the -f switch then it is not an MTU issue. You can't set the MTU to 1504, 1500 is the max for ethernet, when using ping to find your MTU you have to subtract 28 bytes for the ping header, hence that is why ping uses a 1472 byte maximum packet size. (1472+28=1500)