extended networking pass some programs into Internet

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
andevariel

extended networking pass some programs into Internet

Apr 28 06 10:16 pm

Hi!
WinGate extended networking pass some programs like Counter-strike into Internet even if user disabled or not created.
GateKeepers System Messages writes "Authentication faild, requested NAT ..." BUT user have access to internet.
If i try to use web browser (IE) over NAT (extended networking) all is fine, disabled users or if user not created, have no access.
WWW proxy also ban users in such case properly.
Guest disabled. WinGate firewall in extended networking disabled.
In system policies "Everyone" is deleted. Auth - User may be assumed.
In extended networking default rights: are ignored.
Im using WG 6.1.1, Windows 2003 SP1.
Service Windows Firewall/Internet Connection Sharing (ICS) is disabled.
Is it possible that problem in routing?
Help please. Thank you.
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

May 02 06 1:50 pm

What policies do you have in Extended Networking?

You can send me a copy of your Wingate registry (Export it through Advanced Options -> Save Registry OR through the Advanced Options tool).

Then I can have a quick look through the config for you.
andevariel

May 02 06 6:31 pm

Pascal wrote:What policies do you have in Extended Networking?

You can send me a copy of your Wingate registry (Export it through Advanced Options -> Save Registry OR through the Advanced Options tool).

Then I can have a quick look through the config for you.

I sent my config (reg file) via email
Thank you
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

May 03 06 3:50 pm

Policies look ok - can you give me one or two of the usernames (So I can check against the groups, etc.) who are experiencing this problem, please?

BTW. What ports is it using? Standard of 27015 UDP or different ports. Also - Counter Strike or Counter Strike Source?
andevariel

May 03 06 10:47 pm

Pascal wrote:Policies look ok - can you give me one or two of the usernames (So I can check against the groups, etc.) who are experiencing this problem, please?

BTW. What ports is it using? Standard of 27015 UDP or different ports. Also - Counter Strike or Counter Strike Source?

The problem is all users have access even if thay disabled or not auth :-( Username "13", "goblin" group "CAGG" as example.
UDP ports 27010, 27015
Counter-strike 1.6 nosteam
If user exist but disabled i get message (GateKeeper -> system messages) like "Authentication failed, user 13 requesed NAT: UDP 192.168.0.13:1035 <-> 68.142.72.250:27010"
"Authentication failed, user 13 requesed NAT: UDP 192.168.0.13:1035 <-> 68.142.72.250:27015"
if user not exist i get
"Authentication failed, Guest requesed NAT: UDP 192.168.0.13:1035 <-> 68.142.72.250:27015" etc
But user have access to game servers
If user try to upgrade NOD32 as example, or use IE he has no access and i get message "Authentication failed, user 13 requesed"
jamesc
  • jamesc
  • Posts: 928
  • Joined: Apr 04 05 2:04 pm
  • Location: Auckland, New Zealand

May 05 06 12:05 am

Are you running CS via the Steam Platform?
jamesc
  • jamesc
  • Posts: 928
  • Joined: Apr 04 05 2:04 pm
  • Location: Auckland, New Zealand

May 05 06 12:11 am

My apoloogies; "no steam"
andevariel

May 05 06 12:12 am

jamesc wrote:Are you running CS via the Steam Platform?

No
jamesc
  • jamesc
  • Posts: 928
  • Joined: Apr 04 05 2:04 pm
  • Location: Auckland, New Zealand

May 09 06 1:26 am

I will have to dig out my old CS cd to see if I can test without steam.

Counterstrike servers can listen on any port the server admin sees fit; when I just checked via Steam, CS servers were using a range of ports from 20000 to 30000 approx.

We can block that via:

GateKeeper --> ENS --> Port Security --> "LAN Connections to the internet" (drop down list) --> Add

Put the range in as 20000 - 30000 and select UDP, and the Deny Checkbox.

**You may find other applications need those ports, so it needs careful consideration.

*** If you can explain the context of your environment "corporate / home user / soho user" and whether you are in a domain environment then we may be able to offer suggest an alternative for the meantime.

**** via policies we could chunk it up to 800ms, unacceptable to most players, but the die hards may camp to get their fix.


Let us know your feedback.
andevariel

May 09 06 10:52 am

jamesc wrote:I will have to dig out my old CS cd to see if I can test without steam.

Counterstrike servers can listen on any port the server admin sees fit; when I just checked via Steam, CS servers were using a range of ports from 20000 to 30000 approx.

We can block that via:

GateKeeper --> ENS --> Port Security --> "LAN Connections to the internet" (drop down list) --> Add

Put the range in as 20000 - 30000 and select UDP, and the Deny Checkbox.

**You may find other applications need those ports, so it needs careful consideration.

*** If you can explain the context of your environment "corporate / home user / soho user" and whether you are in a domain environment then we may be able to offer suggest an alternative for the meantime.

**** via policies we could chunk it up to 800ms, unacceptable to most players, but the die hards may camp to get their fix.


Let us know your feedback.


Im blocking UDP with Outpost.
*** LAN 60 computers, 1 server with installed WinGate.
Some computers in network must have internet. WinGate using for share internet over network. Network without domain.
I have a question. Is it problem in my configuraton or something wrong with WinGate?
Thank you
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index