WinGate Forums

[raminrad]

We are using wingate v6 on a server machine (windows 2003 server) , clients can access ordinary web pages unless it requires certificates or any type of authentication.

The problem is still there for other applications which require authentications such as yahoo messenger,… .

Firewall setting is set to allowed any ports (TCP/UDP) and all the services has guest,users , domain access turned on!

I can monitor the NAT: activity and ports on the screen but every thing seems to die after 1-2 sec for these type of applications.

Below is what I have picked up from NAT debug file :

23:16:44 192.168.1.2 Guest 0000000107 Requested: NAT: TCP Connection to 212.100.250.227:7000
12/04/09 23:16:48 192.168.1.2 Guest 0000000107 Traffic 88 434 434 88 4s
12/04/09 23:16:48 192.168.1.2 Guest 0000000107 Terminated exit code 42
12/04/09 23:16:48 192.168.1.2 Guest 0000000000 Created:
12/04/09 23:16:48 192.168.1.2 Guest 0000000108 Requested: NAT: TCP Connection to 83.138.136.91:7000
12/04/09 23:16:50 WinGate NAT Debug: NAT message code FFE0B407, context 57 TCP checksum failed
12/04/09 23:16:50 WinGate NAT Debug: NAT message code FFE0B407, context 57 TCP checksum failed
12/04/09 23:16:53 192.168.1.2 Guest 0000000108 Traffic 342 486 486 342 5s
12/04/09 23:16:53 192.168.1.2 Guest 0000000108 Terminated exit code 42

for yahoo messenger:

12/04/09 23:23:10 192.168.1.2 Guest 0000000000 Created:
12/04/09 23:23:10 192.168.1.2 Guest 0000000154 Requested: NAT: TCP Connection to 212.100.250.216:7000
12/04/09 23:23:10 192.168.1.2 Guest 0000000154 Traffic 40 48 48 40 0s
12/04/09 23:23:10 192.168.1.2 Guest 0000000154 Terminated exit code 42
12/04/09 23:23:11 192.168.1.2 Guest 0000000000 Created:
12/04/09 23:23:11 192.168.1.2 Guest 0000000155 Requested: NAT: TCP Connection to 212.100.250.216:7000
12/04/09 23:23:11 192.168.1.2 Guest 0000000155 Traffic 40 48 48 40 0s
12/04/09 23:23:11 192.168.1.2 Guest 0000000155 Terminated exit code 42
12/04/09 23:23:12 192.168.1.2 Guest 0000000000 Created:
12/04/09 23:23:12 192.168.1.2 Guest 0000000156 Requested: NAT: TCP Connection to 212.100.250.216:7000
12/04/09 23:23:12 192.168.1.2 Guest 0000000156 Traffic 40 48 48 40 0s
12/04/09 23:23:12 192.168.1.2 Guest 0000000156 Terminated exit code 42
12/04/09 23:23:12 192.168.1.2 Guest 0000000000 Created:
12/04/09 23:23:12 192.168.1.2 Guest 0000000157 Requested: NAT: TCP Connection to 212.100.250.228:7000
12/04/09 23:23:14 WinGate NAT Debug: NAT message code FFE0B407, context 57 TCP checksum failed
12/04/09 23:23:14 WinGate NAT Debug: NAT message code FFE0B407, context 57 TCP checksum failed

I have tried so far to disable TCP checksum in windows TCPip service settings and try optionss in Wingate Extended Networking Advanced option but it doesn’t seem to work.

Please help me out on this.

Best Regards

[adrien]

Hi

The exit code 42 means that the ENS driver notified the engine that the connection was terminated.

This normally happens (for TCP), if one party closes the connection (e.g. client or server). So we'll need to figure out who is closing and why.

I think the best option to track this down would be to submit a support ticket (http://support.qbik.com), and they'll most likely ask you to do a packet capture for traffic to/from port 7000. If you're using 6.6.4 it has a packet capturing facility built-in.

Regards

Adrien

[andy-ru]

I Have absolutely the same problem!
NAT does not work through TCP and UDP protocols, however it works with ICMP.
At the same time internet connection works using WWW proxy.

Please help!

[adrien]

Hi

That sounds like you have some other firewall installed and running on that system. Do you have the Windows firewall enabled?

Regards

Adrien

[andy-ru]

Hi,
Windows firewall is disabled.
however checkpoint secure remote was installed. It has own NAT service and may be it conflicts with wingate.
When I uninstalled checkpoint it becomes working.
Now the problem is how to use wingate together with checkpoint software...

[adrien]

Hi

which OS is this on? We'll need to check with checkpoint secure remote client software.

Sometimes depending on how the other software hooks into the network stack, it's not really possible to get products to interoperate, since they fundamentally are both trying to do a similar thing they mess each other up. For NAT, we receive packets, re-write bits of the packet and send it on. If a firewall or VPN client relies on seeing packets coming through a certain path, they can then block them. I'm picking that the checkpoint software is blocking WinGate NAT packets. It may be easier to raise this as a support ticket with checkpoint since they prevent WInGate from working.

Regards

Adrien

[andy-ru]

Hi
I'm using win server 2003.
One more thing. It's most probably not related to NAT problem, but...
For example i'm totally not available to connect to mail.yandex.ru through the Wingate neither using by WWWProxy or NAT. It looks very strange for me. I can connect to yandex.ru, but can not connect to mail.yandex.ru. I know that site is up and running because i can connect to it from the server where wingate is installed (when no proxy specified). When I specify proxy or try connect from another workstation (again, either using by proxy or not) i'm getting

Socket Error

Connection to Remote Host timed out

And again back to NAT problems.
I've uninstalled checkpoint software from the server and NAT works fine from the first point of view. However i see a lot of messages like this in NAT log:
03/09/10 11:23:19 192.168.1.1 Guest 0000444534 Terminated exit code 42
03/09/10 11:23:19 192.168.1.1 Guest 0000444532 Traffic 344 57 57 344 34s
03/09/10 11:23:19 192.168.1.1 Guest 0000444532 Terminated exit code 42
03/09/10 11:23:19 192.168.1.1 Guest 0000444535 Traffic 403 64 64 403 34s
03/09/10 11:23:19 192.168.1.1 Guest 0000444535 Terminated exit code 42
03/09/10 11:23:19 192.168.1.1 Guest 0000444533 Traffic 345 58 58 345 34s
03/09/10 11:23:19 192.168.1.1 Guest 0000444533 Terminated exit code 42
03/09/10 11:23:24 192.168.2.22 Guest 0000000000 Created:
03/09/10 11:23:24 192.168.2.22 Guest 0000444549 Requested: NAT: UDP 192.168.2.22:20308 <-> 128.227.240.56:443
03/09/10 11:23:24 192.168.2.22 Guest 0000000000 Created:
03/09/10 11:23:24 192.168.2.22 Guest 0000444550 Requested: NAT: UDP 192.168.2.22:20308 <-> 125.233.144.34:443
03/09/10 11:23:24 192.168.1.1 Guest 0000444536 Traffic 223 57 57 223 39s
03/09/10 11:23:24 192.168.1.1 Guest 0000444536 Terminated exit code 42
03/09/10 11:23:24 192.168.2.22 Guest 0000444547 Traffic 3585 11063 11063 3585 8s
03/09/10 11:23:24 192.168.2.22 Guest 0000444547 Terminated exit code 42
03/09/10 11:23:26 192.168.2.22 Guest 0000000000 Created:
03/09/10 11:23:26 192.168.2.22 Guest 0000444551 Requested: NAT: TCP Connection to 92.242.73.197:23095
03/09/10 11:23:31 192.168.1.1 Guest 0000000000 Created:
03/09/10 11:23:31 192.168.1.1 Guest 0000444553 Requested: NAT: UDP 192.168.1.1:44248 <-> 213.184.225.37:53
03/09/10 11:23:31 192.168.1.1 Guest 0000000000 Created:
03/09/10 11:23:31 192.168.1.1 Guest 0000444554 Requested: NAT: UDP 192.168.1.1:17542 <-> 213.184.225.37:53
03/09/10 11:23:49 93.125.83.217 Guest 0000444515 Traffic 0 1044 1044 0 122s
03/09/10 11:23:49 93.125.83.217 Guest 0000444515 Terminated exit code 42

exit code 42 is everywhere! No any firewalls or other network services installed.
What's wrong???

[adrien]

42 is normal exit code for NAT traffic, it just means the connection was closed normally by either end.

As for why you can't connect to that particular server. You might need to look at a packet capture. Do you have wireshark? You can capture packets using WinGate 6.6.4 in wireshark-compatible capture file format.

[andy-ru]

Hi
The problem was because of incorrect settings of IP addresses when public and local addresses are used at the same time.