WinGate Forums

[kmrussell]

I've been working ALL day (over 12 hours) on this - trying to figure out why NAT wasn't working with my trial install of the new Wingate 6.1. I finally found out that the ENS driver seems to not be loading - because I can get the Web Proxy and other things to work (DNS), but I can NOT get the END (and NAT) to work (such as tracert and external ping from client).

These both work fine, of course, on the server. And even though there are DNS entries (lookups) and http (web proxy) entries in the History file, NO NAT entries will show up nor work. I even tried taking the qbikhkxp.sys out of the wingate\drivers directory and putting it in the winnt\system32\drivers directory .. and then renaming the old qbikhk2k.sys to qbikhkold.sys - and then renaming the qbikhkxp.sys to qbikhk2k.sys - and then rebooting. STILL no luck. I've even tried the 'chipset' compatibility switch. I even checked the Registry entries for the 'Enum' and 'Bootparameter' values. All look good.

I of course have the Internal and External set correctly. Here are my respective configs just in case:

Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link DFE-500TX PCI Fast Ethernet A
dapter (Rev D)
Physical Address. . . . . . . . . : 00-40-05-A0-03-77
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.15.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.15.1
DNS Servers . . . . . . . . . . . : 151.164.169.201
151.164.1.8

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink 10/100 PCI TX NIC (3C
905B-TX)
Physical Address. . . . . . . . . : 00-10-4B-34-40-86
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.10.230
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
Primary WINS Server . . . . . . . : 10.10.10.210
Secondary WINS Server . . . . . . : 10.10.10.200

and my routing table:

C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 10 4b 34 40 86 ...... 3Com EtherLink PCI
0x3 ...00 40 05 a0 03 77 ...... Intel DC21143 PCI Fast Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.15.1 10.10.15.2 1
10.10.10.0 255.255.255.0 10.10.10.230 10.10.10.230 1
10.10.10.230 255.255.255.255 127.0.0.1 127.0.0.1 1
10.10.15.0 255.255.255.0 10.10.15.2 10.10.15.2 1
10.10.15.2 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.10.10.230 10.10.10.230 1
10.255.255.255 255.255.255.255 10.10.15.2 10.10.15.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 224.0.0.0 10.10.10.230 10.10.10.230 1
224.0.0.0 224.0.0.0 10.10.15.2 10.10.15.2 1
255.255.255.255 255.255.255.255 10.10.10.230 10.10.10.230 1
Default Gateway: 10.10.15.1
===========================================================================
Persistent Routes:
None

The 10.10.10.230 is the Internal (LAN) and the 10.10.15.2 is the External (Internet-Cisco Router). I have the client setup to use 10.10.10.230 as the default gateway with 10.10.10.230 as the DNS.

Again, Web proxy works - but absolutely no NAT (with ENS).

I read where someone else had absolutely NO luck with Windows 2000 .. but finally switched to XP and it worked fine. Could that be the case here? Is there some incompatability with the new NAT driver (ENS) and 2000? Should I try the 6.0 version? Or what else could I look at? Not sure why it won't work. I really need it to - because this is for a client that if it meets their needs - will need a 25 to 50 user Pro license.

Thanks for help in advance.

Kevin

[genie]

Is the driver actually loaded? That is, if you double-click on ENS - what does the status line of ENS driver say?

[Marauder69FR]

Is the driver actually loaded? That is, if you double-click on ENS - what does the status line of ENS driver say?

I've got the same problem.

Everything was fine with Wingate 6.0.3 but since 6.1, NAT doesnt not work ! I must configure proxy settings on each WWW client.

[kmrussell]

genie,

It says it's loaded (Installed and active) - but I can verify that NO actual 'NAT request' entries even make it to the NAT log (although the initial debug messages trying to say the service started and security settings of NAT do) - and it seems that it might be disabling the firewall as well (isn't that part of the ENS?) - because on port scans to that IP (which I now made public on the router), it scans several open ports (25, 110, etc - service ports).

I may try the 6.0.3 version just to see if it will work correctly - but obviously, we'd really like to have the latest version if we're going to purchase. I really like the product other than that. Just give me any suggestions to try? Or I'll be glad to post you any kind of info. The NAT log seems to truncate (maybe hang?) ... because on Debug it will say like 'Service sta' (leaving off the rest) ... but oddly enough .. if you shut down the service, it will finish that line (if that makes sense ... like fully saying 'Service started'). So maybe it's hanging?

Just let me know what you need ... I'll even offer for you to connect remotely through VNC or Pcanywhere - because I spent a LOT of time trying to get this working - and would love to have it fixed. Pcanywhere is already set up and I can set up VNC in under 5 minutes. :)

Also, I have Symantec Corporate Antivirus on this server as well ... but I tried disabling not only it ... but EVERY unessential service on the server ... and rebooting ... and it still doesn't work correctly.

Here is a posting of the latest log entries to NAT below. Notice how it stops with 'return sta' (and not saying 'return status' ?)

Thanks,

Kevin

11/08/05 04:42:35 Debug: Attempted to open new driver "\\.\QBIKHOOK"
11/08/05 04:43:15 Debug: Driver detected OS version 5.0, build 2195, checked=0

11/08/05 04:43:15 Debug: Sent route table with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 0 with 2 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 1 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 2 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 3 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 4 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 5 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 6 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 7 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 8 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 9 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 0 with 2 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 1 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 2 with 12 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 3 with 4 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 4 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 5 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 6 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 7 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 8 with 0 entries, return status 0
11/08/05 04:43:15 Debug: Sent security table 9 with 0 entries, return status 0
11/08/05 04:43:15 Service started
11/08/05 04:43:15 Debug: Service started: Internet Gateway (yes) IP forwarding (yes) UDP Relay (yes)
11/08/05 04:43:28 Debug: Sent security table 4 with 1 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 4 with 2 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 0 with 2 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 1 with 0 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 2 with 12 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 3 with 5 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 4 with 2 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 5 with 0 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 6 with 0 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 7 with 0 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 8 with 0 entries, return status 0
11/08/05 04:43:28 Debug: Sent security table 9 with 0 entries, return sta

[genie]

Ok, thanks for the info - we'll check where the problem might arise

[adrien]

Also, if you were previously running 6.0.3 (or fresh install), make sure you check the adapter usage settings as per

http://forums.qbik.com/viewtopic.php?t=2834

Adrien

[kmrussell]

Also, if you were previously running 6.0.3 (or fresh install), make sure you check the adapter usage settings as per

http://forums.qbik.com/viewtopic.php?t=2834

Adrien

Adrien thanks, but as described above ... the settings for both adapters are set correctly (External for the Internet adapter - Internal for the LAN adapter).

I've tried now versions 6.1 .. 6.04 .. and now 6.03. All do the same thing. Is there something else, considering the info I've posted above, that you guys could think to try ? I'm kinda at a stand-still with getting this NAT to work - and Wingate to operate for us.

Thanks,

Kevin

[adrien]

Hi kevin

If the driver is shown as loaded, and NAT is enabled in the ENS config, as is the firewall, yet you don't see any firewall hits when you port scan (how do you do this? Does your external gateway pipe all incoming through to 10.10.10.2?) then I'm wondering about interference with some other driver. Sometimes disabling the software doesn't remove the interference (as happens with some versions of ZoneAlarm, where their network driver still loaded even when ZoneAlarm was uninstalled). I'll have to do some research on the Symantec Corporate AV. Does it have a firewall component?

I'm taking it that you don't ever see anything in the firewall tab?

there does seem to be a minor issue with your route table - looks like an MS bug, the subnet broadcast network addresses don't match your network masks. They should be 10.10.10.255, and 10.10.15.255. Since the 10.X.X.X address is a class A address, it looks like the OS is using a class A mask to determine broadcast addresses.

Might pay to renumber the external network to a class C network, such as 192.168.X.X.

Also make sure the windows firewall isn't on.

Would be happy to take a look with PCAnywhere.

Adrien

[kmrussell]

Hey adrien,

No, this version of the Symantec Corporate AV didn't have the firewall component in it .. and therefore only does AV functions. I had another small firewall product called 'Look n' Stop' installed - but totally removed it - and I had it disabled this whole time, even before that.

The thing is, it's getting TO the Wingate server - so I don't believe a 'firewall' or blocking issue is going on ... because I see the 'DNS' requests and WWW proxies go through just fine (in history). But you may have a VERY good point about the Class A versus Class C. I can't change the internal .. but I think what you're saying is .. that the EXTERNAL may be what's causing the problem. I will gladly change the EXTERNAL to 192.168.x.x and see what happens.

You are correct ... I never see ANYTHING in the firewall tab (further making me think the ENS driver isn't truely loaded or active).

Another reason that may be it as well (and maybe related) is that Wingate detected BOTH those interfaces as INTERNAL .. and I had to change the 'external' to EXTERNAL on it's list. Could it just be something strange in that fact?

Also, how would you like to get together on Pcanywhere? I'd love for you to take a look. We'd REALLY love to get this working - and think we're really going to enjoy it if we do. I have AIM (AOL Instant Messenger), MSN Messenger, Skype. I figure that way it would be cheapest to talk back and forth. I'll send you those three addresses in your PM. By the way, what's the time difference for you guys versus here in the US? I'm on Central Time here (GMT -0600). It's currently 1pm.

[UPDATE]: They have PM disabled on this board. Can you send me an email to kevinmrussell@[no spam]msn.com (remove the [no spam] :D ) with your email address? And I can provide you the info from there.

Looking forward to it.

Thanks,

Kevin

[kmrussell]

Adrien,

I updated the EXTERNAL interface to a class C address along with the router's IP as well - and rebooted the server. I even installed a 6.0.4 version I was trying and updated again to 6.1. NAT still does not work unfortunately. WWW proxy does still work as well as regular Internet from the server itself.

Here is the updated routing table:

C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 10 4b 34 40 86 ...... 3Com EtherLink PCI
0x3 ...00 40 05 a0 03 77 ...... Intel DC21143 PCI Fast Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 1
10.10.10.0 255.255.255.0 10.10.10.230 10.10.10.230 1
10.10.10.230 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.10.10.230 10.10.10.230 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 1
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 1
224.0.0.0 224.0.0.0 10.10.10.230 10.10.10.230 1
224.0.0.0 224.0.0.0 192.168.2.2 192.168.2.2 1
255.255.255.255 255.255.255.255 10.10.10.230 10.10.10.230 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

I'll wait to hear from you on connecting via Pcanywhere or for further instructions.

Thanks,

Kevin

[genie]

The reason for Wingate detecting interfaces as both internal being both IP addresses are from the private range - since it's the only clue for Wingate to determine interface roles, it sets them this way - just change the roles to reflect your network layout.

If the ENS properties report the the driver is loaded, then the driver is active but for some reason does not see your traffic. Can you send me the link of all firewalls and network-related software installed on your server?

[kmrussell]

genie, Ah ok .. I thought I remember reading that - that Wingate was changed to set the interfaces this way. Just thought it could have something to do with it. I do have them set correctly though of course.

The only even semi-network software I have installed is Symantec Corporate Antivirus ... and it doesn't have any firewall-type ability in it.

I'd have to disagree that the driver is actually loaded ... because if it were, I wouldn't be able to telnet directly to certain ports on the server - which I can now. Also, it's not actively blocking any ports on the Internet side (EXTERNAL) interface either.

ALSO, big Red-Flag of it not being loaded: I can actually RENAME the driver (qbikhk2k.sys) while it is SUPPOSED to be loaded. If it were actually loaded - and we all know how Windows is about drivers that are in-use - I shouldn't be able to rename it while it is 'in-use' (loaded) - without stopping Wingate first.

On another note, I have now done a big boo-boo - which is not Wingate's fault (directly at least). I removed TCP/IP ... but still had Pcanywhere dial-up access ... and wanted it to re-add TCP/IP - but upon reboot, my Pcanywhere apparently did not come back as planned. So I will now have to go on-site to pick up this computer and bring it back with me. :(

Sorry - I'll post back here when I have the computer back. I am thinking of just reloading Windows XP on it to see if that will work and be done with it. Someone else on the forums said they couldn't get it to work with Windows 2000 either ... but loading XP did the trick. Not sure why this would be a problem - but I'm about ready to try anything.

Thanks,

Kevin

[genie]

Hi, Kevin

Even if the driver is loaded you can still rename it - drivers are loaded, not mapped - that's why you can rename the driver but not a running executable. I am mostly wondering about other things installed on your machine - the reason is simple - if QBIK driver IS loaded, it intercepts all network traffic - UNLESS there is another something installed, that intercepts traffic before Wingate driver does.

[kmrussell]

Ah, that's interesting. I've never really seen a driver (considering it's a .SYS - and especially a .DLL file) that you could rename while in use - but apparently you can in this case. Wild.

Well, I have now picked up the computer physically on-site and brought it back with me. So tomorrow, I will be looking at something Adrien mentioned - and then hopefully we'll be able to get together on him connecting to the computer remotely .. and diagnosing from there. I'll keep updated findings posted on here.

Thanks for the attention thus far. Very much appreciated. Hopefully we'll figure out what's causing the problem soon.

Kevin

[adrien]

Hi Kevin

I have been reviewing the driver code, and am seeing where some changes may be causing what you are seeing - provided that your external adapter is seen by WinGate as internal (which if you have overridden the setting it shouldn't be).

There were changes made to the driver to stop it intercepting traffic it was going to route (rather than NAT). This cause transparent redirection to stop working for traffic going from an internal interface to another internal interface (even if it's the same interface).

This also may stop redirections from working on your port 80 redirected to port 8080.

Also you wouldn't see anything in the firewall if the interface was deemed internal, and you would scan as being open to a port scan.

If the config of that interface is definitely showing as external, and you still aren't seeing firewall hits to a port scan, try setting the default action for "LAN connections to WinGate PC" to "deny", and try the port scan again - if you then get firewall hits, you know that WinGate still thinks that interface is internal.

Adrien

[kmrussell]

Hey adrien,

I'm sorry - things were very hectic here at the end of this past week. I should have replied back on Friday to let you know this. As of Friday, after I broght the computer back home with me - I decided to just wipe and reload Windows 2000 from scratch on it. Once I did, I installed just Wingate on it (as the drivers for the NICs were automatically loaded). And THIS TIME, it worked (NAT and all!).

I'm still in the initial stages of testing though - because right now, the Windows install is at Service Pack 3 ... and I have to install SP4. Then, I'll need to install the Symantec Antivirus and make sure all Wingate (including NAT) is still working. Once I do, I'll post back and let you know the results.

I believe that box had quite a few different things loaded on it before - but I can confirm it had ALL things removed. It's possible though something was lingering around (like genie had mentioned with Zone Alarm - even after uninstall). The only things I can confirm had been installed before were: DirecPC (Satallelite Internet from long ago) that I believe included some kind of custom Wingate since I saw some entries related to that in the Registry, Sygate Firewall I believe, 'Look-n-stop' (small Freeware firewall), and I believe Wingate 4.x.

Again, I can confirm all were removed - and of course computer rebooted many times since then. I even went in and deleted ALL references to Wingate and etc. in the registry I could find.

I will say this though - your post about not seeing the 'Advanced' tab on the Network Interface properties in Wingate is the kicker - and is probably what you would want to tell people to look for. I can confirm the 'ADVANCED' tab was NOT there before (indicating the NAT driver wasn't fully loaded - or that Wingate was not fully integrating with the adapters) - and after the fresh Win2k install (SP3), I now see Advanced tabs on both adapters.

Again, not totally out of the woods yet - but much closer. Once I install the SP4 and the Symantec AV, I'll post back and let you know.

Thank you very much for your dedicated response to this problem. Hopefully looking for those 'Advanced' tabs will help in diagnosing someone else's problem in the future as well. Also genie, thank you for your support as well.

Crossing fingers and hoping the rest of the software installs don't break Wingate.

I'll post back after those installs are done.

Kevin

[kmrussell]

Well, I am happy to report that Wingate seems to be working like a champ now that I reinstalled Windows 2000 from scratch.

Not sure what the issue was - because all firewall-type software was removed ... but various firewalls had been installed in the past (not Zonealarm though): Sygate and Look-n-stop to name a couple. Plus, an older Wingate 4 and a special DirecPC version of Wingate I believe.

Again though, the key to look for - to see if Wingate is NOT interfacing with your network cards and interfacing - seems to be if the 'Advanced' tabs on the Properties of the Network Interfaces IN Wingate (Gateway) are not there (this should be the FOURTH tab in this properties window), then more than likely, Wingate is NOT interfacing with your network cards. This would have saved me a lot of time and effort had I known to look for this. Could you guys please add this to a sticky or in the FAQ so that others will know this - and not waste days like I did?

The only thing I couldn't get to fully work with NAT in my testing was the Launchcast streaming music service when opened THROUGH Yahoo Music Engine. If I went directly to Launchcast.com through Internet Explorer though, it worked fine. Very strange issue .. and I'd have to investigate more to figure out why this only worked part of the time .. and most of the time it failed.

Any rate, again - very happy so far. I've been evaluating Proxy Inspector and Internet Access Monitor reporting softwares - and I must say - they are both very impressive at the level of detail they can report from Wingate logs on user's internet access.

Thanks for all your effort Adrien and genie. It is very much appreciated and makes our decision to purchase even easier now that we know we'll have good support when we do.

Sincerely,

Kevin M. Russell
Computer Works
Fort Smith, Arkansas