Just upgraded our production WinGate machine from 5.0.x to 5.2.2
Everything seems ok except a couple of ENS options no longer work or work correctly.
The first one is a test port I setup to redirect. We've had occasion in the past where NAT would stop working. I setup a redirect port on 2500 as a TCP connection to the WinGate machine and told it to redirect to an IP address port #13 (shows date & time). My monitoring system then checks that it can open port 2500 on the WinGate machine and gets the date and time. Has always worked great and doesn't work when NAT dies for whatever reason.
Now at v5.2.2, no redirecting happens. I can open port 13 on the designated IP address from WinGate but WinGate does not redirect there. I deleted the port security entry and re-created it and it still doesn't work. Now that I check it, it doesn't work on the test machine either that I originally upgraded to 5.2.2 a while ago.
I tried other IP addresses and ports to redirect to. Tried different source (redirected) ports on the WinGate machine but still no luck.
Yes, I know I can create a TCP mapping service to do this but I specifically want a redirected port in ENS so that I can tell when ENS doesn't work. Unless someone can think of another sure-fire way to check that?? It's critical because our Exchange server uses NAT to send emails. If NAT is NOT then mail is stuck.
The connection attempts do not even show up in the WinGate NAT logs or on the System Logs or on the recent activity or on firewall logs.
WinGate 5.2.2 ENS "Redirect" option does not...
Moderator: Qbik Staff
4 posts
• Page 1 of 1
WinGate 5.2.2 ENS "Redirect" option does not...
by garaytm » Feb 20 04 3:42 am
- garaytm
- Posts: 9
- Joined: Feb 20 04 3:26 am
- Location: Lima, OH
by neil » Feb 20 04 12:05 pm
As your having a few probs with teh NAT, i'm suspicous that when you upgraded your server the driver didn't get changed over correctly. So you could try running the installer again.
The other thing that springs to mind is that maybe WinGate / the driver has got it's interfaces mixed up regarding whats public and private etc. Could you check in Gatekeeper under the Options - Advanced menu in the Network Interfaces tab that your settings are correct for all your adapters?
Regards
Neil
The other thing that springs to mind is that maybe WinGate / the driver has got it's interfaces mixed up regarding whats public and private etc. Could you check in Gatekeeper under the Options - Advanced menu in the Network Interfaces tab that your settings are correct for all your adapters?
Regards
Neil
- neil
- Qbik Staff
- Posts: 356
- Joined: Sep 03 03 2:42 pm
- Location: Auckland
by garaytm » Feb 21 04 3:40 am
Double-checked the Network Interfaces on both the production machine and the test machine (both are 5.2.2 and both will not do an ENS Port Redirection and both block all port 80 traffic including WWW Proxy when I try to just block port 80 on NAT). All NICs show correct assignments for public and trusted.
I re-installed 5.2.2 on the test machine and then re-created the redirected port. It worked that time. I noticed though that I cannot connect from the WinGate machine to that redirected port. Same IP to same IP, says it cannot open connection. However, it works fine from another machine.
When next I get the opportunity, I will re-run the install on the production machine and reboot and see if that fixes it.
Thanks!
I re-installed 5.2.2 on the test machine and then re-created the redirected port. It worked that time. I noticed though that I cannot connect from the WinGate machine to that redirected port. Same IP to same IP, says it cannot open connection. However, it works fine from another machine.
When next I get the opportunity, I will re-run the install on the production machine and reboot and see if that fixes it.
Thanks!
neil wrote:As your having a few probs with teh NAT, i'm suspicous that when you upgraded your server the driver didn't get changed over correctly. So you could try running the installer again.
The other thing that springs to mind is that maybe WinGate / the driver has got it's interfaces mixed up regarding whats public and private etc. Could you check in Gatekeeper under the Options - Advanced menu in the Network Interfaces tab that your settings are correct for all your adapters?
Regards
Neil
- garaytm
- Posts: 9
- Joined: Feb 20 04 3:26 am
- Location: Lima, OH
by garaytm » Feb 21 04 11:47 am
I re-installed WinGate v5.2.2 on the production server (twice, actually). Still didn't work.
Here is what I discovered:
The local NIC has several IP addresses on it:
192.168.0.5 and 192.168.1.200-192.168.1.210
The netmask is 255.255.254.0
The redirected ENS port is configured on port 2500 for any TCP connection to the WinGate machine. It is configured to redirect to 192.168.0.5 port 13 (date & time).
Tried telnetting to 192.168.0.5 port 2500 and nothing.
I started down the 192.168.1.2xx list and found it on 192.168.1.210
Somewhere it thinks that 192.168.1.210 is the only IP that is "the WinGate machine". How or where do I at least change that to 192.168.0.5?
The blocking of port 80 connections from the LAN to the Internet still does not work, it still blocks even the WWW Proxy. It does work on the test machine but the test machine only has 1 IP on the LAN NIC. I tried setting the outbound interface on the WWW Proxy to be an Internet IP and that didn't work. I tried binding the WWW Proxy to all the 192.168.1.2xx IP's but that didn't work either. I just can't figure out why it works on the test machine (I can block LAN connections to the Internet on port 80 and still use the WWW Proxy with client Internet Explorers) but it won't work on the production machine.
Here is what I discovered:
The local NIC has several IP addresses on it:
192.168.0.5 and 192.168.1.200-192.168.1.210
The netmask is 255.255.254.0
The redirected ENS port is configured on port 2500 for any TCP connection to the WinGate machine. It is configured to redirect to 192.168.0.5 port 13 (date & time).
Tried telnetting to 192.168.0.5 port 2500 and nothing.
I started down the 192.168.1.2xx list and found it on 192.168.1.210
Somewhere it thinks that 192.168.1.210 is the only IP that is "the WinGate machine". How or where do I at least change that to 192.168.0.5?
The blocking of port 80 connections from the LAN to the Internet still does not work, it still blocks even the WWW Proxy. It does work on the test machine but the test machine only has 1 IP on the LAN NIC. I tried setting the outbound interface on the WWW Proxy to be an Internet IP and that didn't work. I tried binding the WWW Proxy to all the 192.168.1.2xx IP's but that didn't work either. I just can't figure out why it works on the test machine (I can block LAN connections to the Internet on port 80 and still use the WWW Proxy with client Internet Explorers) but it won't work on the production machine.
- garaytm
- Posts: 9
- Joined: Feb 20 04 3:26 am
- Location: Lima, OH
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 2 guests