Hi,
When users started complaining that they are not able to browse the internet, I immediately checked WG and found out that all IP Addresses were Blackholed (per firewall log view) and after that the server went to BSOD and reset.
jian
All clients IP Blackholed
Moderator: Qbik Staff
8 posts
• Page 1 of 1
by Pascal » Oct 14 04 9:33 am
Are you running NetPatrol's latest version? NetPatrol can blackhole IPs for WinGate without user intervention.
Secondly, when the computer BSODd, did you manage to catch the module that caused the problem? (And perhaps note down some of the addresses, etc.)
Secondly, when the computer BSODd, did you manage to catch the module that caused the problem? (And perhaps note down some of the addresses, etc.)
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by jiandc » Oct 14 04 5:31 pm
We are using WG 6.0.3 Build1005 on WinXP SP2 machine and XP Firewall is disabled.
We do not have Netpatrol.
I did not see the module displyed during BSOD since the PC immediately restarted.
What is the best OS for Wingate, I am planning to transfer it to Win2000 Server.
We do not have Netpatrol.
I did not see the module displyed during BSOD since the PC immediately restarted.
What is the best OS for Wingate, I am planning to transfer it to Win2000 Server.
- jiandc
- Posts: 85
- Joined: May 11 04 12:47 am
by adrien » Oct 16 04 9:13 pm
2000 Server is good, and so normally is XP, however SP2 creates some problems.
It is very unusual that the IP addresses of your clients could end up in WinGate's blackhole list by themselves. So when you edited the black-hole list in the Extended Networking properties, did they show in there as a single entry, or as individual entries?
If you added say 0.0.0.0 mask 0.0.0.0 to the black hole list for instance, this would black hole everything.
Adrien
It is very unusual that the IP addresses of your clients could end up in WinGate's blackhole list by themselves. So when you edited the black-hole list in the Extended Networking properties, did they show in there as a single entry, or as individual entries?
If you added say 0.0.0.0 mask 0.0.0.0 to the black hole list for instance, this would black hole everything.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by jiandc » Oct 17 04 2:47 am
There was nothing in the Blackhole list but all IPs tryimg to access the internet are reported in the Firewall tab as Blackholed.
Anyway, I already transfered WG to Win2003 Server and so far it has been working fine for 3days.
I just have a problem with Assumed users accessing WG (I have a separate posting for this).
Anyway, I already transfered WG to Win2003 Server and so far it has been working fine for 3days.
I just have a problem with Assumed users accessing WG (I have a separate posting for this).
- jiandc
- Posts: 85
- Joined: May 11 04 12:47 am
by adrien » Oct 17 04 10:58 am
Ok, that is a bit concerning. We made a couple of changes to the blackholing code in the driver a couple of versions back (to reduce vulnerability to certain types of attack). I'll take a look.
As for the assumed users issue, this was DHCP-related based on assumptions by machine name? Can you not set up your assumptions to work by IP? the machine name is an abstraction (lookup) based on the IP anyway, so the IP is more reliable. If you set up your DHCP server to give long leases, there shouldn't be any issue with addresses changing.
If people manually change their IP, they would get around it anyway.
Adrien
As for the assumed users issue, this was DHCP-related based on assumptions by machine name? Can you not set up your assumptions to work by IP? the machine name is an abstraction (lookup) based on the IP anyway, so the IP is more reliable. If you set up your DHCP server to give long leases, there shouldn't be any issue with addresses changing.
If people manually change their IP, they would get around it anyway.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
8 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 3 guests