<WG 6.1.4 Pro 6-user> Sorry if this is a little long but I want to provide enough information.
I'm currently using WG as a firewall and email server under Win2003 Server R2. This is a workgroup environment, no domain controller and no active directory. I have 5 fixed IP addresses on the internet of which one is configured to a NIC on the server. Also connected to the internet are two router / firewall appliances that handle internet and internal traffic on 192.168.<0 or 1>.xxx subnets for the other PCs in the building. One router (subnet 0) is connected to a gigabit switch that handles a portion of the internal net. All the internet traffic comes via a single fiber connection into a switch to which the Wingate PC and the routers are conected.
Wingate is the firewall for the server PC (Windows firewall is disabled) and Wingate handles email via SMTP, POP3, and IMAP. Wingate is not intended to handle internet traffic, NAT, etc for the other PCs in the building. The main purpose of the server with Wingate is to handle multiple concurrent external RDP sessions that serve up an accounting application to systems around the U.S. All of this works fine when the Wingate PC is only connected to the external internet (mail from/to internal PCs is routed out to the external internet address of the Wingate PC; also external laptops and PCs can access the mail this way).
Although I can route the internal internet traffic through the Wingate PC, I choose not to for overhead and maintenance reasons. It's just easier and simpler to let the dedicated routers / firewalls handle this, and I don't need the added Wingate authentication, logging, etc. capabilities in this area.
In Wingate, the DHCP, DNS, Winsock, and GDP system services are disabled, while POP3, IMAP, SMTP, and Remote Control (bound internally only) are enabled. On the User sevices side, only the Logfile service is enabled. Wingate is set to use the NT database, and authentication for SMTP and IMAP are handled thru named groups with NTLM. External access to SMTP is controlled via user assumption bound to the specific IP address range of an external server (through which mail is spam and virus filtered).
Some of the internal PCs also need to access the accounting S/W that's hosted on the server. This can be accomplished via RDP sessions that go out to the Wingate PC's internet address, but it's better to connect to the accounting database directly over the internal LAN. Also, an internal connection is handy for backups and accessing other internal files.
However, within a few hours or less after I enable an internally connected NIC on the Wingate server, which is recoginzed as internal by Wingate and gets assigned an internal IP at 192.168.0.108 plus a gateway and DNS servers at 192.168.0.1 by DHCP from one of the internet routers (not by Wingate, where DHCP and DNS are disabled), the external gateway on Wingate no longer responds to incoming requests off the internet, can't be pinged, and doesn't respond to tracert enquiries.
If I then disable the internal NIC on the Wingate PC and restart the Wingate engine, all is restored.
So, my question is how to correctly configure Wingate and associated NICs so that the Wingate PC sees the internet through the external NIC and also sees the internal network through the internal NIC.
Your suggestions / help are greatly appreciated.
-- John
Wingate with multiple NIC interfaces
Moderator: Qbik Staff
3 posts
• Page 1 of 1
Wingate with multiple NIC interfaces
by drjohn999 » Aug 11 06 9:25 am
- drjohn999
- Posts: 33
- Joined: Feb 09 04 11:38 am
by erwin » Aug 11 06 11:57 am
Hi John
After reading your scenario :
Since WinGate already has a NIC with public IP address (which will be marked for External usage by WinGate):
The internal NIC in WinGate doesnt need to have a Gateway or DNS address since that NIC would only be serving RDP from local IP addresses, (So doesnt need to use the Router gateway to find/resolve addresses outside this range, it can use the external NIC details).
You could try removing the Gateway and DNS setting for the internal NIC (or you might have to assign a static IP in the same range if the DHCP on the router wont let you remove GW and DNS).
Then make sure that the WinGate Usage for the internal NIC is set to Internal (which you had mentioned it was).
Hope this helps
Regards
Erwin
After reading your scenario :
Since WinGate already has a NIC with public IP address (which will be marked for External usage by WinGate):
The internal NIC in WinGate doesnt need to have a Gateway or DNS address since that NIC would only be serving RDP from local IP addresses, (So doesnt need to use the Router gateway to find/resolve addresses outside this range, it can use the external NIC details).
You could try removing the Gateway and DNS setting for the internal NIC (or you might have to assign a static IP in the same range if the DHCP on the router wont let you remove GW and DNS).
Then make sure that the WinGate Usage for the internal NIC is set to Internal (which you had mentioned it was).
Hope this helps
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by drjohn999 » Aug 12 06 4:40 am
Thanks, Erwin,
I had tried your suggestion earlier by omitting the gateway IP (as internal address of the router) from the NIC TCP/IP properties page, but that didn't work. I believe I also had used an IP that was outside the range of DHCP on the router, but still on the same subnet.
This time, I opened the "Advanced" settings on the internal Wingate NIC TCP/IP properties and entered a fixed internal IP, set the DNS server to the DNS IP of the router, and omitted the gateway. Step 2, I went over to the router and added the IP of the internal Wingate NIC to the fixed IP list, as attached to the NIC's MAC address, thereby removing it from DCHP.
This setup has now run continuously for 18 hrs with no glitches -- hopefully it will continue on.
BTW, the accounting app uses a TCP / port connection to access the database directly from the internal net, so using RDP internally isn't necessary...
Thanks,
John
I had tried your suggestion earlier by omitting the gateway IP (as internal address of the router) from the NIC TCP/IP properties page, but that didn't work. I believe I also had used an IP that was outside the range of DHCP on the router, but still on the same subnet.
This time, I opened the "Advanced" settings on the internal Wingate NIC TCP/IP properties and entered a fixed internal IP, set the DNS server to the DNS IP of the router, and omitted the gateway. Step 2, I went over to the router and added the IP of the internal Wingate NIC to the fixed IP list, as attached to the NIC's MAC address, thereby removing it from DCHP.
This setup has now run continuously for 18 hrs with no glitches -- hopefully it will continue on.
BTW, the accounting app uses a TCP / port connection to access the database directly from the internal net, so using RDP internally isn't necessary...
Thanks,
John
- drjohn999
- Posts: 33
- Joined: Feb 09 04 11:38 am
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 4 guests