I am trying to move my internet connection and the Wingate server (4.5.2) on it to a new PC in the local network. I use fixed IP addresses 192.168.0.x, and the setup worked fine when the internet connection and wingate server were on PC 192.168.0.1, using Wingate's Extended Networking and NAT for the internet connection. So I
- saved the registry settings of PC 192.168.0.1 in Gatekeeper, and another copy of the Local Machine/software/QBik tree with regedit
- took backups of all PCs (disk image),
- disconnected PC 192.168.0.1 from the network to avoid conflicts,
- changed the IP address of the new PC 192.168.0.3 to ...1
- checked the local network to be OK between PCs 192.168.0.2 and new ...1
- installed the internet connection software (ADSL dial-up) on new 192.168.0.1, and made it to work
- installed Wingate server on new ...1 (with the same license as on the old disconnected ...1 PC, as I am to uninstall Wingate server there)
- imported the saved Wingate register settings from the old to the new ...1
- restarted PCs 192.168.0.2 and the new ...1
Alas, the Wingate Firewall now blocks every connection attempt from the local network: internet access, file and printer sharing, even a ping from 192.168.0.2 to the new 192.168.0.1. If I disable the Wingate Firewall in Extended Networking properties (I do this only with the internet modem unplugged), the local network works all right. As soon as I re-enable the firewall, I lose the local network again.
Some details:
- I checked both the loopback on 127.0.0.1 and the LAN on 192.168.0.1 interfaces to be trusted and not public
- No other firewall (not even the Windows XP Firewall service) is running
- the messages appear in Gatekeepers Firewall view (e.g. "The Firewall has blocked a connection attempt made to 192.168.0.1:139 from 192.168.0.2:1040, protocol: TCP.")
- I restored the backups I made, and installed the internet connection and Wingate server on Pc 192.168.0.3 without changing the IP address, and get the same firewall problem before and after copying the wingate settings by hand from PC 192.168.0.1
The Big Question now: how can I make the PCs in the local network (IP 192.168.0.x) trusted, if the LAN interface is already marked as trusted
Wingate Firewall blocks local network
Moderator: Qbik Staff
5 posts
• Page 1 of 1
Wingate Firewall blocks local network
by geetsce » Aug 06 08 12:18 am
- geetsce
- Posts: 3
- Joined: Aug 06 08 12:00 am
Re: Wingate Firewall blocks local network
by adrien » Aug 06 08 12:04 pm
Hi
Which version are you installing in the new system? Is that still 4.5 (a very old version now). You can still use a version 4 key in WinGate 6, so I'd strongly recommend you upgrade.
Things to check. After adapter settings, you should check how the port security rules are configured.
Regards
Adrien
Which version are you installing in the new system? Is that still 4.5 (a very old version now). You can still use a version 4 key in WinGate 6, so I'd strongly recommend you upgrade.
Things to check. After adapter settings, you should check how the port security rules are configured.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Wingate Firewall blocks local network
by geetsce » Aug 07 08 12:07 pm
Thanks for your speedy reply Adrien.
For answering your last question first, , I did check the port security rules (under Extended Network Driver properties). They are the same on new and old PC
- Connections from Internet: TCP default deny, ports 113 and 1024-4096 allow, UDP default deny, ports 1024-4096 allow
- LAN connections to WinGate: PC TCP default Allow, UDP default Allow
- LAN connections to Internet: TCP default Allow, UDP default Allow
The Firewall security options are the same on both PCs as well:
checked Disable network name broadcast to the Internet,
checked Allow users to ping this machine locally
unchecked Allow users to ping this machine from the Internet
checked Discard spoofed packets
And the 3rd setting of importance, the Network Interfaces, is OK and the same as well
- 'my internet interface: public Yes, trusted No
- LAN interface 192.168.0.1: public No, trusted Yes
- loopback interface 127.0.0.1: public No, trusted Yes
As to your first remark, I do know about the new versions and old license key valid for them, but I assumed that copying settings from a working setup to rigourously the same setup on another machine (I keep a log of all installation options of the OS and of all programs) would be far easier than installing a whole new version. I remember how much work it was many years back to get Windows XP and WinGate (4.5) to live together, far from an out-of-the-box experience, and I hoped I could avoid the stress of finding the right settings again. I still hope that there is just a small bit of tinkering to be done, at least less work than upgrading.
For instance I just realized that the MAC addresses for the LAN interface should not be copied from one PC to the other, because it is integrated on the motherboard, not a plugin LAN card that I moved over.
Also I found that on the old PC for all the bindings to the LAN interface (not the loopback interface), the registry has
"InterfaceType"=dword:00000001
"InterfaceName"="192.168.0.1"
"InterfaceIP"="0.0.0.0"
and on the new PC (after importing the settings from the old one into the registry!), they are
"InterfaceType"=dword:00000001
"InterfaceName"="192.168.0.1"
"InterfaceIP"="192.168.0.1" <<<!!!!!!!!!!!!!!!! instead of zeroes
And a 3rd difference is that, thought I think I do not use DHCP because I have fixed IP addresses in my LAN, I have not disabled DHCP but left it at fully automatic, and the old PC has a DHCP lease for the 2nd PC in the network:
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\DHCP\Leases\192.168.0.2]
"IPAddress"="192.168.0.2"
"MACAddress"="000C6ED39394"
"ComputerName"=""
"ClientStatus"=dword:00000002
"ScopeID"=dword:00000000
"TimeStamp"=dword:4895ae6a
"LeaseDuration"=dword:004f1a00
and the new PC hasn't. Must be because of the 'automatic' setting, but it may be an important difference still.
At last, after a fresh install of Wingate, the two "CGIUserPassword" entries in the registry are encoded different for old and new PC. Maybe I should not overwrite them by importing the settigns of the old one.
These things I will experiment with before resorting to a new version that might exhibit the same problem.
For answering your last question first, , I did check the port security rules (under Extended Network Driver properties). They are the same on new and old PC
- Connections from Internet: TCP default deny, ports 113 and 1024-4096 allow, UDP default deny, ports 1024-4096 allow
- LAN connections to WinGate: PC TCP default Allow, UDP default Allow
- LAN connections to Internet: TCP default Allow, UDP default Allow
The Firewall security options are the same on both PCs as well:
checked Disable network name broadcast to the Internet,
checked Allow users to ping this machine locally
unchecked Allow users to ping this machine from the Internet
checked Discard spoofed packets
And the 3rd setting of importance, the Network Interfaces, is OK and the same as well
- 'my internet interface: public Yes, trusted No
- LAN interface 192.168.0.1: public No, trusted Yes
- loopback interface 127.0.0.1: public No, trusted Yes
As to your first remark, I do know about the new versions and old license key valid for them, but I assumed that copying settings from a working setup to rigourously the same setup on another machine (I keep a log of all installation options of the OS and of all programs) would be far easier than installing a whole new version. I remember how much work it was many years back to get Windows XP and WinGate (4.5) to live together, far from an out-of-the-box experience, and I hoped I could avoid the stress of finding the right settings again. I still hope that there is just a small bit of tinkering to be done, at least less work than upgrading.
For instance I just realized that the MAC addresses for the LAN interface should not be copied from one PC to the other, because it is integrated on the motherboard, not a plugin LAN card that I moved over.
Also I found that on the old PC for all the bindings to the LAN interface (not the loopback interface), the registry has
"InterfaceType"=dword:00000001
"InterfaceName"="192.168.0.1"
"InterfaceIP"="0.0.0.0"
and on the new PC (after importing the settings from the old one into the registry!), they are
"InterfaceType"=dword:00000001
"InterfaceName"="192.168.0.1"
"InterfaceIP"="192.168.0.1" <<<!!!!!!!!!!!!!!!! instead of zeroes
And a 3rd difference is that, thought I think I do not use DHCP because I have fixed IP addresses in my LAN, I have not disabled DHCP but left it at fully automatic, and the old PC has a DHCP lease for the 2nd PC in the network:
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\DHCP\Leases\192.168.0.2]
"IPAddress"="192.168.0.2"
"MACAddress"="000C6ED39394"
"ComputerName"=""
"ClientStatus"=dword:00000002
"ScopeID"=dword:00000000
"TimeStamp"=dword:4895ae6a
"LeaseDuration"=dword:004f1a00
and the new PC hasn't. Must be because of the 'automatic' setting, but it may be an important difference still.
At last, after a fresh install of Wingate, the two "CGIUserPassword" entries in the registry are encoded different for old and new PC. Maybe I should not overwrite them by importing the settigns of the old one.
These things I will experiment with before resorting to a new version that might exhibit the same problem.
- geetsce
- Posts: 3
- Joined: Aug 06 08 12:00 am
Re: Wingate Firewall blocks local network
by adrien » Aug 07 08 12:18 pm
Hi
There have been countless bugs fixed between 4.5 and 6.2.2, so you'll still be dealing with all of those.
The way interfaces are treated in WinGate 6 is quite different also. I'm pretty sure 90% of your settings are compatible with 6. The main changes are to do with interfaces and bindings.
Regards
Adrien
There have been countless bugs fixed between 4.5 and 6.2.2, so you'll still be dealing with all of those.
The way interfaces are treated in WinGate 6 is quite different also. I'm pretty sure 90% of your settings are compatible with 6. The main changes are to do with interfaces and bindings.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Wingate Firewall blocks local network
by geetsce » Aug 07 08 9:34 pm
My 'little bit of tinkering' didn't work out, so I'll have to try the new version indeed. If it doesn't work either, I'll see wether the firewall component gives more information as to why it's blocking out the local network, else I'll just switch the firewall off and install another program for that; do you have any suggestion for a simple but effective firewall that does not flood my screen with popups like Zonealarm does?
PS The solution with old Wingate 4.5 and the external firewall works fine. I'm only sorry that I missed the learning point: why did the wingate firewall treat the LAN connections to a trusted interface as external?
PS The solution with old Wingate 4.5 and the external firewall works fine. I'm only sorry that I missed the learning point: why did the wingate firewall treat the LAN connections to a trusted interface as external?
- geetsce
- Posts: 3
- Joined: Aug 06 08 12:00 am
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 13 guests