Please help to set up network properly. All (almost) is working, but still not correctly. Network is slow in looking up printers, I suspect DNS is cross-referencing or something.
We have Win2003 file server(10.0.0.1) & Wingate/MDaemon server (XP pro) (10.0.0.2) Wingate machine has 2 NICs with ADSL on second NIC. 2003server is the DHCP server.
Question1: How should I set up DHCP/DNS on 10.0.0.1 and on 10.0.0.2 (please include all details like Network setup & Wingate setup)
Question2: Users need to be authenticated as it's a 50 user network and only 6 have Internet access. Authentication is working now, but then some other programs cannot see internet (does not authenticate). (Maybe something to do with Q1/DNS?)
I would prefer to have them use ENS/NAT so that firewall can work but at the moment I just got them started using proxy and/or WGIC. I'm not a network expert, so please explain like to a 12year old ;-)...
Please help
Ekkas
Wingate 6, DNS, 2003 server, authentication & MDaemon
Moderator: Qbik Staff
4 posts
• Page 1 of 1
Wingate 6, DNS, 2003 server, authentication & MDaemon
by Ekkas » Sep 06 04 11:38 pm
- Ekkas
- Posts: 30
- Joined: Jan 07 04 12:37 pm
by erwin » Sep 07 04 9:31 am
Hi Ekkas
In answer to your first question about DHCP
It is not essential that you use the DHCP service in WinGate for your LAN although it does make it easier to configure client machines for access to the Internet via NAT, as the WinGate DHCP server can assign an IP address as well as a gateway address (which is required for NAT).
However if DHCP is running on the Win2003 it may be simpler to keep the sevice on this machine.
But in order for clients to use NAT through WinGate, in this situation
you will need to:
A)On the DHCP configuration on the 2003 server, set both the Gateway option, and the DNS option (What Gateway/DNS address the Dhcp assigns to the clients) to the LAN Ip 10.0.02 of the WinGate Server.
B)Disable the DHCP service in WinGate.
On the 2003 server it obviously will have its static IP address set (10.0.0.1) and unless the actual server needs to access the Internet, itself, it does not requires a DNS entry in its network properties (If it does then set its Gateway/DNS to the WinGate LAN IP.)
As long as ENS is installed and enabled WinGate will have the protection of the firewall, regardless of what connection method clients are using
How are you authenticating your users via system or service policies?
If users are made to authenticate via a policy set on a service (say WWW proxy service) then essentially only Http application/protocol connections from the clients will be forced to authenticate. You may need to review what type of apps are being used and what type of service in WinGate will use, or set authentication policy to be used system wide. (Set in the system policies config).
Hope this helps
Regards
Erwin
In answer to your first question about DHCP
It is not essential that you use the DHCP service in WinGate for your LAN although it does make it easier to configure client machines for access to the Internet via NAT, as the WinGate DHCP server can assign an IP address as well as a gateway address (which is required for NAT).
However if DHCP is running on the Win2003 it may be simpler to keep the sevice on this machine.
But in order for clients to use NAT through WinGate, in this situation
you will need to:
A)On the DHCP configuration on the 2003 server, set both the Gateway option, and the DNS option (What Gateway/DNS address the Dhcp assigns to the clients) to the LAN Ip 10.0.02 of the WinGate Server.
B)Disable the DHCP service in WinGate.
On the 2003 server it obviously will have its static IP address set (10.0.0.1) and unless the actual server needs to access the Internet, itself, it does not requires a DNS entry in its network properties (If it does then set its Gateway/DNS to the WinGate LAN IP.)
As long as ENS is installed and enabled WinGate will have the protection of the firewall, regardless of what connection method clients are using
How are you authenticating your users via system or service policies?
If users are made to authenticate via a policy set on a service (say WWW proxy service) then essentially only Http application/protocol connections from the clients will be forced to authenticate. You may need to review what type of apps are being used and what type of service in WinGate will use, or set authentication policy to be used system wide. (Set in the system policies config).
Hope this helps
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
DNS?
by Ekkas » Sep 08 04 12:17 am
Thanks for your reply.
A few issues though:
1) Should I disable DNS server on Win2003server?
2) Should I enable DNS to 10.0.0.2 on Win2003 DHCP settings (and gateway to 10.0.0.2) and if so, will network function o.k. if Wingate server is off?
3) Will all 50 users be able to use Wingate as a DNS server even though we have a 6 user license?
4) About the authentication... should I remove all policies from services and add system wide authentication. What about DNS, should I make DNS to ignore authntication? (As I tried it before but then it kept on giving authentication failed for each PC on the network under system-messages and printing and sharing didn't want to work)
Thanks
Ekkas
A few issues though:
1) Should I disable DNS server on Win2003server?
2) Should I enable DNS to 10.0.0.2 on Win2003 DHCP settings (and gateway to 10.0.0.2) and if so, will network function o.k. if Wingate server is off?
3) Will all 50 users be able to use Wingate as a DNS server even though we have a 6 user license?
4) About the authentication... should I remove all policies from services and add system wide authentication. What about DNS, should I make DNS to ignore authntication? (As I tried it before but then it kept on giving authentication failed for each PC on the network under system-messages and printing and sharing didn't want to work)
Thanks
Ekkas
- Ekkas
- Posts: 30
- Joined: Jan 07 04 12:37 pm
by erwin » Sep 08 04 10:56 am
Hi there
Are you running DNS server on the Win2003 machine?
and if so how is this configured?
I take it your network is a workgroup rather then a fully configured domain or Active Directory?
(As DNS server is required in Active Directory and this would be a totally different scenario.)
What I referred in my first post to, was that if the Win2003 server is acting as a file/DHCP server (NOT a DNS server) then it doesnt require a DNS entry in its network properties unless it is going to access the Internet through WinGate like other LAN machines.
Very broadly, DNS is required to translate Host(Internet names/urls) into IP addresses) and so is only required by client machines when they are accessing the Internet, so its not required for Local Network addresses
The Gateway address is required when workstation needs to send data to an IP address range outside of what the LAN is configured (e.g WKstn needs to send data to address 241.23.56.12 which is not the same as the Ip range used on the LAN .192.168.1.* so it needs to be sent to a designated Ip address on the LAN (Gateway) that can forward the info out of the network.
So as you can see local traffic/dhcp function should not be affected if the WinGate server is off.
Yes and No.
Simple DNS requests on their own do not take up a licence, but the reason why it will not work reliably this way, is that the reason these clients are using the DNS component in the first place is generally when accessing the Internet (as explained above) so this connection would probably exceed the licence count.
Firstly, the policies used in WinGate should not affect file and printer sharing so there may be other network issues happening there that you will need to check.
You shouldnt need to set a policy on DNS lookups as this is a fundemental part of the Internet access process.
If you want to give everybody access to the Internet regardless of what application they are using /or what they are trying to access then a system wide policy should be fine.(Set in the System policies). Under the "Users can access these services" policy make sure Everybody is listed with Unrestricted rights. (Default setting)
Then make sure there are no policies set on any of the services and you should have no problems with any clients access the Internet through WinGate.
Info on using polices and authentication is in the WinGate helpfile under
WinGate Security model chapter.
Regards
Erwin
1) Should I disable DNS server on Win2003server?
Are you running DNS server on the Win2003 machine?
and if so how is this configured?
I take it your network is a workgroup rather then a fully configured domain or Active Directory?
(As DNS server is required in Active Directory and this would be a totally different scenario.)
What I referred in my first post to, was that if the Win2003 server is acting as a file/DHCP server (NOT a DNS server) then it doesnt require a DNS entry in its network properties unless it is going to access the Internet through WinGate like other LAN machines.
2) Should I enable DNS to 10.0.0.2 on Win2003 DHCP settings (and gateway to 10.0.0.2) and if so, will network function o.k. if Wingate server is off?
Very broadly, DNS is required to translate Host(Internet names/urls) into IP addresses) and so is only required by client machines when they are accessing the Internet, so its not required for Local Network addresses
The Gateway address is required when workstation needs to send data to an IP address range outside of what the LAN is configured (e.g WKstn needs to send data to address 241.23.56.12 which is not the same as the Ip range used on the LAN .192.168.1.* so it needs to be sent to a designated Ip address on the LAN (Gateway) that can forward the info out of the network.
So as you can see local traffic/dhcp function should not be affected if the WinGate server is off.
3) Will all 50 users be able to use Wingate as a DNS server even though we have a 6 user license?
Yes and No.
Simple DNS requests on their own do not take up a licence, but the reason why it will not work reliably this way, is that the reason these clients are using the DNS component in the first place is generally when accessing the Internet (as explained above) so this connection would probably exceed the licence count.
4) About the authentication... should I remove all policies from services and add system wide authentication. What about DNS, should I make DNS to ignore authntication? (As I tried it before but then it kept on giving authentication failed for each PC on the network under system-messages and printing and sharing didn't want to work)
Firstly, the policies used in WinGate should not affect file and printer sharing so there may be other network issues happening there that you will need to check.
You shouldnt need to set a policy on DNS lookups as this is a fundemental part of the Internet access process.
If you want to give everybody access to the Internet regardless of what application they are using /or what they are trying to access then a system wide policy should be fine.(Set in the System policies). Under the "Users can access these services" policy make sure Everybody is listed with Unrestricted rights. (Default setting)
Then make sure there are no policies set on any of the services and you should have no problems with any clients access the Internet through WinGate.
Info on using polices and authentication is in the WinGate helpfile under
WinGate Security model chapter.
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 5 guests