Server 2008 R2 gateway problem

[Jenx]

Hi, I've been using Wingate for a number of years on an XP box without problems but have just decided to upgrade to a 'proper' server.
My problem could well be OS related rather than Wingate related but I'm hoping someone here can shed some light on it. I have 2 NICs - 1 to the modem in bridge mode (9x.xx.xx.xx) and another NIC for the internal network (192.168.0.1)
With XP the server was able to connect to the internet fine using all ports and protected by the Wingate firewall but with the server 2008 box I cannot connect to the internet except via WIngate and then only on port 80 through the www server. Likewise client machines on the internal network can connect through port 80 but all other ports and protocols are blocked.

So, this can be simplified to: with the external card enabled I get full internet access on the server but as soon as I enable the 2nd internal card I lose it. I'm assuming Windows 2008 doesn't know to just use the external card as the gateway and is trying to route all traffic through the internal card.

Settings for the cards are as follows:

Exeternal (NIC 1): IP 9x.xx.xx.xx
Subnet mask: 255.255.255.252
Gateway 9x.xx.xx.xx

Internal (NIC 2): IP 192.168.0.1
Subnet mask: 255.255.255.0
No gateway or DNS servers are defined.

I have copied the settings over completely from the XP box to the 2008 box so I know the config of Wingate is OK.

Has anybody else had any problems with getting 2008 R2 (or WIndows 7 which assume would be the same) to use the correct gateway?

Many thanks and sorry for the rambling!!

Steve

[adrien]

Hi Steve

what sort of internet connection is it - mobile broadband?

Adrien

[Jenx]

It's an ADSL connection via a modem router set to bridge mode - this essentially acts as a pure modem.

Thanks,

Steve

[adrien]

does that adapter show having the Qbik NDIS driver attached to it? It shows as a dialup connection correct?

Windows 7 and 2008 R2 moved the goalposts for certain types of connection.

If the connection to the physical device is an ethernet one, is there another way you can run the ADSL connection? E.g. as a ADSL/NAT device that is just ethernet-connected?

[Jenx]

Thanks for your reply adrien, there are no dial up connections involved - just local area connections 1 and 2.
The first NIC is a Dlink Gbit NIC which links straight to the ADSL modem router via ethernet cable. Our static IP and gateway settings are then assigned to that NIC.
The qbik NDIS driver is installed and ticked for both NICs - I don't think these protocols were installed before on the XP box.
Because I have got our Modem/router in bridge mode, the NAT side is disabled as Wingate handles all that. I could set it back to router mode and use the router as the gateway but that would negate the need for WIngate and all the features I'm using it for.

It seems as soon as the 2nd NIC is enabled (local area connection 2) it kills the access and directs all traffic from that machine through Wingate. This in turn sends thousands of simultaneous lookups through Gatekeeper and crashes it out every few seconds.

Would it help if I removed the NDIS driver on both connections?

Thanks,

Steve

[adrien]

Hi

Don't remove that driver, NAT will stop working if you do.

I think there must be some network setup problem in your adapter settings or something. I wouldn't expect to see looping when enabling an adapter.

What was the nature of the looped requests? Were they DNS, NAT, HTTP?

Regards

Adrien

[Jenx]

Hi Adrien, they were DNS lookups which couldn't be fulfilled.
The strage thing is the settings on both adaptors are exactly the same as on XP so it must be Server 2008 deciding that once the 2nd NIC is enabled, it wants to route all traffic through it despite it having no gateway or DNS settings.
I'm not going to be on site until next week to have another go at it so have reverted back to the XP box for now. The problem I have is that the offices all use the gear so while I'm trying to get this working nobody can access the net or email.

The only difference I can see apart from the OS is the qbik NDIS driver (the XP install didn't have them) so maybe if I leave the internal one on but remove it from the external card?

Thanks for your help with this and sorry for the delay in replies - being 12 hours behind you makes it tricky!

Steve

[adrien]

Hi Steve

that driver is how WinGate sees packets on that interface, which is needed for:

* NAT & intercepting connections
* Firewalling
* VPN

If you don't need any of these functions available, by all means uncheck it, but the reason it shows on vista and onwards is because MS deprecated a mechanism we previously used to hook into the network stack.

I think it's a different issue. Do you run an MS DNS server on that computer? It sounds to me like you just have a DNS lookup loop. We resolved DNS looping issues in WinGate 7 (by probing servers first), if this is a new install, I'd recommend trying that version instead.

DNS looping occurs when a chain of DNS servers end up asking around in a loop for requests. E.g. the simplest case is where 2 DNS servers A and B are configured to ask each other (forwarder settings).

[Jenx]

Hmm that makes sense about the DNS. I haven't got a MS DNS server running I don't think. I'm not all that experienced with server 2008 which is probably the biggest problem here!
When I installed the OS I didn't add any features or roles so it's the most basic install - non DHCP or AD stuff at all. It's not set up as a domain controller either as we already have one.
I'll certainly give V7 a try. I was afraid that it might introduce more problems being a beta but If it works then it's a step forward!

Regards,

Steve

[adrien]

Hi Steve

If you already have a domain (is it an Active Directory) then you've probably got a DNS server on your LAN somewhere. I don't know if 2k8R2 by default installs the DNS server or not.

In general, WinGate 7 solves a number of problems from WinGate 6 relating to your network environment, for instance it:

* supports proper integration with Active Directory users and groups, even in a multi-domain forest
* supports integration with Active Directory DNS, and prevents DNS looping by probing servers for loops, and assigning usage types (and local domains) per server
* co-operates better with other software on the same computer - e.g. warns about port conflicts with web servers etc, and doesn't take over the port (thereby denying service to that other server)
* no longer by default installs DHCP server so if you're using DHCP in your LAN already, WinGate won't conflict with it (generally it's not a good idea to run multiple DHCP servers, unless they co-ordinate somehow).

Regards

Adrien

[adrien]

one thing to be aware of though... since you've been running 6 for some time, and had migrated settings off your old system...

WinGate 7 uses a completely different policy system, and does not migrate any of your policy settings. This basically turned out to be just impossible to do in code. We can help with migration of policy logic if required, but if you do rely on policy and it's not basic, then I'd recommend taking a look at WinGate 7 before you roll it out to production.

Regards

Adrien