I'm trying the latest version of wingate 5.2.2(trial).
I have a big trouble with its firewall.
It doesn't stealth any ports!
I'm sure about that, because i've tested my connection with ShieldsUP! (www.grc.com) and all ports results closed but ports 135,445,1025,1720 are open!!! (the most dangerous!)
Even if i configure Wingate Firewall to close any TCP/UPD packets directed to those ports, they remain opened!
I have a dialup connection with a USB ADSL modem and two nics connected to a PC and to an Wireless Access Point respectively.
All works fine, routing between different nics and networks, nat, vpn, proxyes but firewall is not doing his job! Why?
The pc connected to the internet, isn't able to use wingate proxy even inf i setup internet explorer roperties to do that.
Windows update on internet connected computer hangs as soon as it have to download the patches! It waits endlessly something....what i don't know.
All the others computer are able to download updates smootly. :-(
I've set my dialup connection not trusted and visible from the internet, is that right?
Lan connection are trusted and not visible from internet.
Can you help me? Any suggestions?
Thanks, Alessandro
Firewall doesn't Work! HELP!!
Moderator: Qbik Staff
13 posts
• Page 1 of 1
Firewall doesn't Work! HELP!!
by Arandy » Feb 17 04 1:33 am
- Arandy
- Posts: 6
- Joined: Feb 17 04 1:09 am
Re: Firewall doesn't Work! HELP!!
by Pascal » Feb 17 04 7:22 am
Arandy wrote:I'm sure about that, because i've tested my connection with ShieldsUP! (www.grc.com) and all ports results closed but ports 135,445,1025,1720 are open!!! (the most dangerous!)
Is the IP address reported in ShieldsUP! the same IP address you see when you run ipconfig /all from a command prompt ?
Arandy wrote:The pc connected to the internet, isn't able to use wingate proxy even inf i setup internet explorer roperties to do that.
Did you set it up to point to 127.0.0.1 on port 80 ?
Arandy wrote:I've set my dialup connection not trusted and visible from the internet, is that right? Lan connection are trusted and not visible from internet.
That sounds about right. Just to get a better idea of the setup - does the dial-up connection show up as a dialer profile in WinGate ?
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
Re: Firewall doesn't Work! HELP!!
by Arandy » Feb 17 04 9:16 am
Pascal wrote:Is the IP address reported in ShieldsUP! the same IP address you see when you run ipconfig /all from a command prompt ?
ShieldsUP! shows correctly my ip address. And it is the same as dialup properties and "ipconfig /all".
Pascal wrote:Did you set it up to point to 127.0.0.1 on port 80 ?
Host is 127.0.0.1 but port is 3128. In wingate i've set www-proxy service to listen on port 3128. Should i change it to 80?
Pascal wrote:That sounds about right. Just to get a better idea of the setup - does the dial-up connection show up as a dialer profile in WinGate ?
Yes, it is. And as soon as a request arrive to wingate, it dials succesfully the internet and everything works (like eMule).
- Arandy
- Posts: 6
- Joined: Feb 17 04 1:09 am
by Arandy » Feb 18 04 8:11 am
Well, i've found a strange thing.
All firewall settings were made like this:
Disable network name broadcast to the internet YES
Allow users to ping this machine locally YES
Allow users to ping this machine from Internet NO
Discard Spoofed Packets YES
*Connections fron internet:
some rules...
Default action DENY
* Lan connections to WingatePC
no rules...
Default Action ALLOW
* Lan connection to Internet
no rules...
Default Action ALLOW
ShieldsUP! scanning result in close ports and some open port and in ping replyes from the WingatePC to Internet.
Today, i've made this changes:
---> Allow users to ping this machine locally NO <---
* Lan connections to WingatePC
ALLOW 808 TCP - Wingate Remote Administration
ALLOW 3389 TCP - Remote Desktop
ALLOW 4662 TCP - Emule
ALLOW 4672 UDP - Emule
---> Default Action DENY <---
And guess the results???
ShieldsUP! Gives me an excelelnt result in Stealthing all ports!!!
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests)"
Well, problems seems to be solved....but....no.
I've tried to access Shared Resources to WingatePC and i can't!
Firewall rejects all attempt to access using port 137 138 139 and 445
I thought it was good. And to do the trick i've added that rule:
* Lan connections to WingatePC
ALLOW 808 TCP - Wingate Remote Administration
ALLOW 3389 TCP - Remote Desktop
ALLOW 4662 TCP - Emule
ALLOW 4672 UDP - Emule
ALLOW 137-139 TCP - NetBios
ALLOW 445 TCP - Microsoft-DS
Default Action DENY
Now ShieldsUP! shows that port 139 became CLOSED and 445 OPEN,
so they are visible from internet, but i still can't access to WingatePC.
Is there a bug in firewall module?
Greetings!!
Alessandro
All firewall settings were made like this:
Disable network name broadcast to the internet YES
Allow users to ping this machine locally YES
Allow users to ping this machine from Internet NO
Discard Spoofed Packets YES
*Connections fron internet:
some rules...
Default action DENY
* Lan connections to WingatePC
no rules...
Default Action ALLOW
* Lan connection to Internet
no rules...
Default Action ALLOW
ShieldsUP! scanning result in close ports and some open port and in ping replyes from the WingatePC to Internet.
Today, i've made this changes:
---> Allow users to ping this machine locally NO <---
* Lan connections to WingatePC
ALLOW 808 TCP - Wingate Remote Administration
ALLOW 3389 TCP - Remote Desktop
ALLOW 4662 TCP - Emule
ALLOW 4672 UDP - Emule
---> Default Action DENY <---
And guess the results???
ShieldsUP! Gives me an excelelnt result in Stealthing all ports!!!
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests)"
Well, problems seems to be solved....but....no.
I've tried to access Shared Resources to WingatePC and i can't!
Firewall rejects all attempt to access using port 137 138 139 and 445
I thought it was good. And to do the trick i've added that rule:
* Lan connections to WingatePC
ALLOW 808 TCP - Wingate Remote Administration
ALLOW 3389 TCP - Remote Desktop
ALLOW 4662 TCP - Emule
ALLOW 4672 UDP - Emule
ALLOW 137-139 TCP - NetBios
ALLOW 445 TCP - Microsoft-DS
Default Action DENY
Now ShieldsUP! shows that port 139 became CLOSED and 445 OPEN,
so they are visible from internet, but i still can't access to WingatePC.
Is there a bug in firewall module?
Greetings!!
Alessandro
- Arandy
- Posts: 6
- Joined: Feb 17 04 1:09 am
by Pascal » Feb 18 04 8:15 am
If you look in GateKeeper -> Advanced Options, what are the settings for your various interfaces ?
The ADSL modem should be "Public/Untrusted" and the internal NIC should be "Private/Trusted".
What are the IP addresses assigned to the two interfaces ?
The ADSL modem should be "Public/Untrusted" and the internal NIC should be "Private/Trusted".
What are the IP addresses assigned to the two interfaces ?
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by Arandy » Feb 18 04 9:57 am
Pascal wrote:If you look in GateKeeper -> Advanced Options, what are the settings for your various interfaces ?
The ADSL modem should be "Public/Untrusted" and the internal NIC should be "Private/Trusted".
What are the IP addresses assigned to the two interfaces ?
the interfaces detected are:
ADSL dialup Public/Untrusted (Alcatel Speedtouch ADSL MODEM)
192.168.1.1 Private/Trusted (connected to a Wireless Access Point)
192.168.0.1 Private/Trusted (Connected to a single PC 192.168.0.2)
127.0.0.1 Private/Trusted (localhost ... i guess)
note that properties of interface 127.0.0.1 cannot be changed!!!
Any suggestions?
Alessandro
- Arandy
- Posts: 6
- Joined: Feb 17 04 1:09 am
by Arandy » Feb 18 04 12:29 pm
genie wrote:Can you send us your routing table?
Network Mask Gateway
0.0.0.0 255.255.255.0 192.168.1.1
0.0.0.0 0.0.0.0 82.49.119.116
0.0.0.0 0.0.0.0 192.168.0.1
0.0.0.0 0.0.0.0 192.168.1.1
82.49.119.116 255.255.255.255 127.0.0.1
82.255.255.255 255.255.255.255 82.49.119.116
127.0.0.1 255.0.0.0 127.0.0.1
192.168.0.0 255.255.255.0 192.168.0.1
192.168.0.1 255.255.255.255 127.0.0.1
192.168.0.255 255.255.255.255 192.168.0.1
192.168.1.0 255.255.255.0 192.168.1.1
192.168.1.1 255.255.255.255 127.0.0.1
192.168.1.255 255.255.255.255 192.168.1.1
192.168.100.1 255.255.255.255 82.49.119.116
224.0.0.0 240.0.0.0 192.168.0.1
224.0.0.0 240.0.0.0 192.168.1.1
224.0.0.0 240.0.0.0 82.49.119.116
255.255.255.255 255.255.255.255 192.168.0.1
255.255.255.255 255.255.255.255 192.168.1.1
255.255.255.255 255.255.255.255 82.49.119.116
Relay UDP Broadcast pachets YES
Indicate UDP Traffic <1024 YES
Enable support for multiple default routes YES
192.168.100.1 is the server address assigned from my ISP and shown in my dial-up connection properties.
Command "route print" reports the same routing table but shows a default gateway in 192.168.1.1. (???)
Command "ipconfig /all" reports that default gateway ip is the same of dialup connection. (Dialup IP=Default Gateway IP).
Hope this help.
Ciao!
Alessandro
- Arandy
- Posts: 6
- Joined: Feb 17 04 1:09 am
by Pascal » Feb 18 04 12:44 pm
genie wrote:Aye. You have multiple gateways - what IP address did GRC report when you started ShieldsUP!?
Had a quick chat to Genie. He suggested that you remove the default gateway entries from your internal network cards (192.168.0.1 and 192.168.1.1) and then retry the test.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by Arandy » Feb 18 04 10:18 pm
Pascal wrote:genie wrote:Aye. You have multiple gateways - what IP address did GRC report when you started ShieldsUP!?
Had a quick chat to Genie. He suggested that you remove the default gateway entries from your internal network cards (192.168.0.1 and 192.168.1.1) and then retry the test.
For Genie: ip address shown by grc.com is always correct: 82.49.xx.xx.
(i have a dynamic ip address)
Ok, i've removed default gateway entries from my internal network cards but if i set:
* Lan connection to WingatePC
no rules
Default action ALLOW
and
* Connections from internet
...rules...
Default action DENY
situation return as the origin: all ports are still visible from the internet and port 135,139,445,1025 are still open, and computer replies to ping echo requests.
So i have to block all traffic to wingatePC to get full protection.
Ciao!
P.S. thanks a lot for support!
- Arandy
- Posts: 6
- Joined: Feb 17 04 1:09 am
13 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests