WinGate Forums

[cipherfx]

@Pascal

Regarding the last topic you recommended me didn't work -- still client pc can't connect to the Internet.

Hope there's another way to resolve this issue.

[Pascal]

Have you tried to see if a proxy OR NAT connection works?

[cipherfx]

@Pascal


Not sure? --How?

Whenever IM from PC client use -- its NAT icon that shows in the activity pane, and, if PC client tries to access site i think its proxy cause the icon shows yellow/paper but disconnect or times out.

[Pascal]

No, client PC is WGIC, not proxy. To get proxy connetions you'll need to specify a proxy in IE.

[Pascal]

I'll write up a few test scenario/setups for you to try over the weekend, ready and fresh for you on Monday then.

[cipherfx]

THANKS!

Anyway i'll be out by monday so i'll check it on tuesday for the meantime i'll go back to Winproxy - kinda slow but just to keep customer happy.

I'll expect it by Tuesday - Philippine Time.

See ya

[Pascal]

Status so far:
We know that WGIC itself is operational because you can connect Trillian and a few other applications. We know that DNS is functional because without that no applications would be able to resolve any names. What we are seeing problems with are the connection to websites, so that would be port 80 related.

For these tests it would be easier if you can see the client and server's screens at the same time and work with them simultaneously.

First test case - Server verification
Depending on the OS on the Server it is possible that IIS might already be running and started on it. (It could potentially be another service that might already be using port 80). So, from a command prompt run the following:

netstat -ano | more

This will give you a list of all the ports in use, where they are connected to, what the status is and which process is using which port. Look for any entry which references TCP port 80, this could be from a 0.0.0.0 IP (Expected). If that is the case you're experiencing a port conflict. Open TaskManager and check the PID you can see in netstat to the one in TaskManager's Process Explorer to get an idea of which process it is. This might help narrow down where (if) the conflict exists.

Remove the conflict and then try again.

Second test case - NAT
First, on the WinGate Server make sure that your adapters are marked correctly. This is required for NAT. You can find the adapter settings in GateKeeper, on the "Networking" pane.

The network adapter / device that connects to the internet should be marked as "External", while the network adapter / device that connects you to your Local Area Network must be marked as "Internal". If either of these are not correct, double click the adapter to enter it's properties and override the adapter useage to the correct value. Note, the adapter settings determine what security actions apply to it - so always be sure that your external adapter is external as that determines which firewall rules are applied.

Then, on the "Services" tab in GateKeeper go into the "WWW Proxy Service" settings. Switch to the "Sessions" tab and untick the Intercept option. For now, we want pure NAT which is not being intercepted by the "WWW Proxy Service". Click "OK" once you've made those changes.

Find a machine you have NOT installed the WinGate Internet Client on. Check that this machine has a default gateway and DNS Server that points it through the WinGate server. You can do this by running the following command from a command line.

ipconfig /all

This will tell you what the TCP/IP properties of your adapters are. Find the one that connects the machine to the local area network and check the settings which looks like:

Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.60
DNS Servers . . . . . . . . . . . : 192.168.0.60

In this case, the Default Gateway and DNS Server of this machine is set to the internal IP of the WinGate Server (192.168.0.60). Yours should be set to the internal (Private side network card) IP of your WinGate server. That should be the case, but it's worth double checking that. Now, open your browser and check that the following are NOT true.

- It is not configured for proxy access. In Internet Explorer this is under the "Connections" page, under "LAN Settings"

- It is not configured to automatically detect proxy settings. In Internet Explorer it is on the same screen as the proxy settings.

Then we know that your machine is definately not using the WinGate Internet Client and we know that it is pointing at the WinGate server and that the WinGate server is properly aware of which adapters are to be used for which purposes.

In normal cases this means that WinGate will now NAT the traffic. More accurately, WinGate's Extended Networking Services will now NAT the traffic out to the Internet for you.

So, open a browser and check if you have access. You should see a session in GateKeeper on the "Activity" panel which indicates that traffic is flowing through. If you right-click on the session it should indicate on one of the menu items what session type it is and that should show clearly that it is NATted / handled by the WinGate driver. (As opposed to being handled by TCP Link or WWW Proxy Service, etc.)

If this works, you can go back into the "WWW Proxy Service" properties and turn Intercepts back on. Then, try it again.

Third test case - direct proxy connection
This is perhaps the easiest test case. Open your browser and go back to the proxy settings. In Internet Explorer this is on the "Connections" page in Properties. I'm going to base this example on Internet Explorer, as I'm unsure of which browser you use/prefer.

1. Click "Tools" in the menu bar

2. Select "Internet Options" from the menu.

3. Switch to the "Connections" tab.

4. Click the "LAN Settings" buttons.

5. Ensure that "Automatically detect proxy settings" is unticked.

6. Ensure that "Use automatic configuration script" is unticked.

7. Tick "Use a proxy server for your LAN".

8. In the "Address" field, enter the private IP address of your WinGate server. In my test case I would enter "192.168.0.60".

9. In the "Port" field, enter the port your WWW Proxy Service is listening on. In a default installation this will be port 80.

10. Click "OK".

11. You will return to the "Internet Options" main screen. Click "OK" again.

You should now be back on the main window of Internet Explorer. Try to surf to a web-site now and monitor the activity on the WinGate Server. In this case, if you right click on the session it should show "WWW Proxy Service".

If you are unable to establish a connection in this stage, it means WinGate is not listening on port 80 (Or something else has prevented WinGate from listening on port 80). In that case you need to (a) check the "Binding Policies" on the Bindings tab in the "WWW Proxy Service" to ensure that there is a policy that will force WinGate to listen on port 80 on the internal (Private) IP range and that (b) no other application is conflicting by also listening on port 80.

Summary:
That should give you a few detailed test cases to run through.

[cipherfx]

This is the result of netstat -ano | more, regarding port 80:

Proto Local Address Foreign Address State PID
TCP 10.0.0.1:80 0.0.0.0:0 LISTENING 1748

and on TastManager Process Explorer PID 1748 is being used by WinGate.exe

TCP 66.187.105.200:1096 208.172.48.253:80 SYN_SENT 1516
TCP 66.187.105.200:1097 207.46.249.56:80 SYN_SENT 1516

PID 1516 is used by svchost.exe -- a lot of services are dependent on this particular file I checked in services.msc like Automatic Updates [C:\WINDOWS\system32\svchost.exe -k netsvcs].-- from this point what next shall I do.

[Pascal]

If it's only Wingate that is fine (Others are outgoing, not listening). How about the other test scenarios outlined?

[cipherfx]

BY ACCIDENT

I tried to change the Proxy setting in IE as follows:

HTTP 10.0.0.1 port 9877

and now clients can or has internet connection, all clients can now surf and so with Yahoo Messenger chat room now works.

with WGIC installed.

Why is this so????????

I haven't tried yet all the test but i'll still going for it -- for curiosity and for others who have the same problem - let them try.

Anyway i'll email you the result of netstat -ano | more -- for further testing including the log files of WWW proxy server and DNS., late tonight [philiipine time GMT +8]

[Pascal]

You'll recall I've been asking you, what, probably about 6 times now to try proxy settings. The port number is strange though - did you change the port number in the WWW Proxy Service at all?

[cipherfx]

Yes, indeed, I remember you told me to try proxy settings but it is assumed that the port would be 80, I check a lot of times in WWW Proxy Server setting is 80 in the General Configuration and on the Bindings Configuration the Internal Adapter 10.0.0.1:80 and MS TCP Loopback interface 127.0.0.1:80 on the Sessions Configuration Transparency proxy it is tick with port 80.


None I can find in the Gatekeeper Settings that Port 9877 appears, except in the Server, Internet Explorer Connections Lan Settings which is using Proxy with 127.0.0.1:9877.

[Pascal]

That must be some other software then - unless you have a service defined in WinGate that listens on port 9877?

If you check the "netstat" results again, can you see which process matches port 9877?

[cipherfx]

No service defined in Wingate with port 9877.

In netstat Port 9877:

10.0.0.1:9877 is being use by AS_Agent.exe

[Pascal]

Which is the Starband's proxy service as this Google search seems to indicate.

Which might mean that you have to (a) use NAT/WGIC and intercept (Sessions tab in WinGate) and then (b) setup a cascade to the Starband's local proxy. (Connections page in the WWW Proxy Service and set the "Through Cascaded Proxy Server".

[cipherfx]

whew..

Slow down a bit firend.

Exactly how do I do that:

Here is the Starband IP

IP: 66.187.105.200
Gateway:172.20.254.254
DNS: 66.187.104.34
66.187.104.35

Internal IP

IP:10.0.0.1
Subnet Mask:255.255.255.0
Gatewat: Blank
DNS: Blank

[Pascal]

Follow the instructions a few posts ago to help you into the "NAT/WGIC + Intercept realm". That should give you a reasonable amount of step-by-step instructions.

Then, go into the WWW Proxy Service and switch to the "Connections" tab. There, select "Through Cascaded Proxy Server". In the ip-address enter 127.0.0.1 and in the port enter 9877.

Then click Ok and try it again.

[cipherfx]

I'l get back to in an hour.. just take lunch