We installed Wingate 6 and the firewall was automatically treating the internal NIC as an Internet adapter and external NIC as a LAN adapter. Changing NICs' addresses didn't help.
We had to uninstall version 6 and install 5.2.3 which works fine.
Any suggestions?
Wingate 6 confuses network adapters
Moderator: Qbik Staff
7 posts
• Page 1 of 1
Wingate 6 confuses network adapters
by Janusz430 » Aug 07 04 8:14 am
- Janusz430
- Posts: 5
- Joined: Aug 07 04 8:03 am
Re: Wingate 6 confuses network adapters
by kgoodknecht » Aug 07 04 3:02 pm
Janusz430 wrote:We installed Wingate 6 and the firewall was automatically treating the internal NIC as an Internet adapter and external NIC as a LAN adapter. Changing NICs' addresses didn't help.
We had to uninstall version 6 and install 5.2.3 which works fine.
Any suggestions?
In gatekeeper on the Network tab in the lower pane the Network connections are displayed, double click the connection icons on the General tab, you can select whether it an internal or external interface.
The question is why does it think the internal interface is an external interface, do you have a gateway defined on both adapters?
Only the external interface should have a gateway.
Best regards,
Kevin Goodknecht [Microsoft MVP]
See me in the Microsoft Public DNS newsgroups
Kevin Goodknecht [Microsoft MVP]
See me in the Microsoft Public DNS newsgroups
- kgoodknecht
- Senior Member
- Posts: 161
- Joined: Nov 24 03 1:31 pm
- Location: Wichita Falls, TX
by adrien » Aug 07 04 8:16 pm
Hi
WinGate uses the following tests to determine what sort of adapter something is.
1. If the adapter has a default gateway, it is deemed to be external.
2. If the adapter has any public IP address, it is deemed to be external.
otherwise it is deemed to be internal.
Public IP addresses are all IP addresses that are not private addresses. Private addresses are in the following 3 ranges:
192.168.0.0 - 192.168.255.255
172.16.0.0 - 172.31.255.255
10.0.0.0 - 10.255.255.255
Adrien
WinGate uses the following tests to determine what sort of adapter something is.
1. If the adapter has a default gateway, it is deemed to be external.
2. If the adapter has any public IP address, it is deemed to be external.
otherwise it is deemed to be internal.
Public IP addresses are all IP addresses that are not private addresses. Private addresses are in the following 3 ranges:
192.168.0.0 - 192.168.255.255
172.16.0.0 - 172.31.255.255
10.0.0.0 - 10.255.255.255
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by Janusz430 » Aug 10 04 2:52 am
To my responders.
The problem was located only in the firewall part of Wingate. The Gatekeeper showed the correct assignment of all NICs. Changing the IP address on the NIC from public to private would cause the change in NIC assignment from external to internal just fine.
Only the firewall treated any internal NIC as unsafe and external NIC as safe one.
Janusz
The problem was located only in the firewall part of Wingate. The Gatekeeper showed the correct assignment of all NICs. Changing the IP address on the NIC from public to private would cause the change in NIC assignment from external to internal just fine.
Only the firewall treated any internal NIC as unsafe and external NIC as safe one.
Janusz
- Janusz430
- Posts: 5
- Joined: Aug 07 04 8:03 am
by adrien » Aug 10 04 4:15 am
OK, how do the firewall hits show up?
Do they show up as reason: "Port range", or something else... like "spoof attempt"?
If a packet is received on an interface marked as external, and it has a private source IP address, it is deemed spoofed if the interface IP is not also private.
Adrien
Do they show up as reason: "Port range", or something else... like "spoof attempt"?
If a packet is received on an interface marked as external, and it has a private source IP address, it is deemed spoofed if the interface IP is not also private.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by adrien » Aug 10 04 5:47 am
What sort of network adapters are you using. Are they both the same make and model?
That is very odd. Normally it will only open a hole in "Connections from the Internet" if the adapter you are binding to is marked as external, OR if you have a policy which binds to "Any Adapter".
Adrien
That is very odd. Normally it will only open a hole in "Connections from the Internet" if the adapter you are binding to is marked as external, OR if you have a policy which binds to "Any Adapter".
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 7 guests