Cannot Ping/Tracert to WinGate 2000 Server

WinGate Proxy Server and other Qbik products

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
Fred English
  • Fred English
  • Posts: 9
  • Joined: Aug 11 04 9:06 am
  • Location: Charlotte, NC

Cannot Ping/Tracert to WinGate 2000 Server

Aug 11 04 9:13 am

Hello -

I've been running WinGate 3.0.0.1 on a Win2000 Pro server for several years - works fine, does the job.

The issue is that I cannot 'ping or tracert' *to* the server from any node on the local LAN. Yet I can telnet to it from any node and immediately get the 'Wingate' prompt. Internet access by any node works fine.

The server itself can originate pings, etc to other local nodes. I have (knowingly) done nothing to restrict ICMP traffic into this server.

Is Wingate possibly blocking this traffic? I've stopped the WinGate engine and still can't ping the server.

If not a WinGate-caused problem, does anyone have any suggestions on what else could be blocking this inbound ICMP traffic?

Thanks for any help.
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Aug 11 04 11:31 am

Make sure that in ENS properties, page Firewall, checkbox "Allow users to ping this machine locally" is checked.
Fred English
  • Fred English
  • Posts: 9
  • Joined: Aug 11 04 9:06 am
  • Location: Charlotte, NC

Aug 11 04 4:39 pm

genie wrote:Make sure that in ENS properties, page Firewall, checkbox "Allow users to ping this machine locally" is checked.


Genie -

I think I mistated in my original posting by calling it a 'server'. The OS is Win2000 Pro 'client', not server. I wrongly used the term 'server' in a generic sense.

I'm guessing that the 'ENS' you refer to is part of the '2000 Pro Server' OS since I couldn't find anything in my OS re such, and this WinGate has no firewall capability. However, you got me thinking, and following a hunch I disabled my Norton Internet Security and, By Golly Bingo, the pings worked! Hmmph!

Soooo, checked the NIS Personal Firewall options, and under WorkGroup Networking found my *old* IPaddress class listed in the 'Trusted' column. I had changed my LAN class address some time ago to not conflict with some remote VPN sites I contact and didn't remember to make the class address change in here. Arrrrgh.

But now I'm wondering how/why the other LAN nodes were able to get to and through Wingate and to the Internet. Why didn't NIS block that access also (albeit I reckon I'm glad it didn't)?

???????
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Aug 11 04 4:42 pm

Probably because Wingate driver was registered first - it handles all the through-traffic without letting the system know about it (including all the firewalls that are installed there).
Fred English
  • Fred English
  • Posts: 9
  • Joined: Aug 11 04 9:06 am
  • Location: Charlotte, NC

Aug 11 04 4:55 pm

Ah, so. Does WinGate just 'look at' the ICMP traffic and let it pass thru to the system, or does it actually intercept ICMP traffic also but then just hand it off to the system?
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Aug 11 04 4:57 pm

Wingate follows the security rules set by the engine - if the engine' rule says "Do not allow ICMP traffic through", then the driver drops ICMP packets.
Fred English
  • Fred English
  • Posts: 9
  • Joined: Aug 11 04 9:06 am
  • Location: Charlotte, NC

Aug 11 04 5:11 pm

Ok. I didn't make any changes in the System Policy so the default must be for 'Everyone' to have unrestriced rights.

However, in lookin thru the System Policy setup, I didn't see an option such as you mentioned. Does Ver 3.0.0.1 have such?
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Aug 11 04 5:12 pm

Oh, my appologies - I did not realize you were runnin v3 - no, v3 did not have this ability!
Fred English
  • Fred English
  • Posts: 9
  • Joined: Aug 11 04 9:06 am
  • Location: Charlotte, NC

Aug 11 04 5:15 pm

Not a problem. Interesting. So, if I had tried to set any configurable options in NIS to restrict certain access to the Internet, such would be in vain?
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Aug 11 04 5:17 pm

Unless your clients use proxies.
Fred English
  • Fred English
  • Posts: 9
  • Joined: Aug 11 04 9:06 am
  • Location: Charlotte, NC

Aug 11 04 5:28 pm

Huh?
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Aug 11 04 5:31 pm

If you have your clients setup in a way that the only chance for them to get outside is to use Wingate proxies (like, HTTP proxy, for one), then you can control their access.
Fred English
  • Fred English
  • Posts: 9
  • Joined: Aug 11 04 9:06 am
  • Location: Charlotte, NC

Aug 11 04 5:39 pm

Mmmm, ok. I don't have the WinGate 'Client' swre loaded on any of the backyard nodes. Seems I remember having some kind of problem when I tried that so took it off and just used the MS IE config to use a proxie for Inet access.

I'm not needing to restrict any access anyway (fortunately), but you are confirming that NIS is totally bypassed (for outbound traffic) in this operation, right?
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Aug 11 04 5:41 pm

No, not in this version.
Fred English
  • Fred English
  • Posts: 9
  • Joined: Aug 11 04 9:06 am
  • Location: Charlotte, NC

Aug 11 04 5:49 pm

So, then, if I did create some restrictions in NIS (in the WinGate machine)they would be 'effective'?
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Aug 11 04 6:03 pm

Aye - provided you have only one layer of control. Otherwise different layers/firewalls start competing.
Fred English
  • Fred English
  • Posts: 9
  • Joined: Aug 11 04 9:06 am
  • Location: Charlotte, NC

Aug 11 04 6:16 pm

Understood. I appreciate the help, and the 'trigger' to go check my NIS and fix this little problem.

Good day.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index