WinGate Forums

[shb]

Hello all,
I've been using Wingate as proxy server and NAT gateway for approx 4 years (and *overall* think its easily the best available for windows platform). Thanks guys :)

However, I'm in a spot of bother at the moment :( ... I did say "overall".

The wingate server (5.0.10) is running on a Win-me machine. Every now and again (like at least a couple times a day) the wingate server hangs up and needs power-off-reboot. I've been invetigating it for a couple of weeks so I can report the problem better. Now I'm at that point..

It seems the wingate server is OVERRUN by requests (dozens and dozens of them) requesting "http://the-servername/wpad.dat". These are coming from an XP machine that is idle !

It blows InterQuest out of the water and before the machine hangs it has basically consumed all memory/system-resources so I can't even get a screen-shot.

I don't even know what the first step is to address this problem. Someone please help...

I did a google search on wpad.dat and apparently it is something to do with "Web Proxy Auto Discovery".... Still no clearer to me what is happening.

regards, SHB

[shb]

Amazing...

While I was typing it happened again, and I managed to squeeze out a screen-shot from the wingate server b4 the reboot.. The pc on 192.168.0.3 (sjs) is the XP machine. You can seen the NAT connection there, that was me accessing this forum. And the pc 192.168.0.1 (co3012131-a) is the Wingate server.



Hope this helps... they say a picture is worth 1000 words, regards SHB

[labull]

Any chance the offending computer has a virus?

[shb]

Anything is possible...

I assume by "the offending machine" you mean sjs. It is protected by Nortons AV (signature file 19-Nov-2003). A full system scan reports it to be clean. <--- though personally I'm never 100% confident.

Also running SpyBot 1.2 to detect/remove spyware/adware, and it also reports the machine to be clean.

regards, SHB

p.s. overnight I upgraded the WinGate server pc to latest ver (ie. 5.1).

[tim]

Anything is possible...
I assume by "the offending machine" you mean sjs. It is protected by Nortons AV (signature file 19-Nov-2003). A full system scan reports it to be clean. <--- though personally I'm never 100% confident.
Also running SpyBot 1.2 to detect/remove spyware/adware, and it also reports the machine to be clean.

I dont know why XP would do this, but I suggest banning that IP from accessing the file with WWW policies till you find out what is happening.

Can you confirm there actually is traffic appearing at the network card? This will tell us that is is in dees the XP machine rather than GateKeeper of WinGate stuck in a loop.

Thanks

Tim

[shb]

I dont know why XP would do this, but I suggest banning that IP from accessing the file with WWW policies till you find out what is happening.

Please tell me how to do this. I wasn't aware that I had a "file with WWW policies". Neither of those machine has a file called WPAD.DAT, and also I pretty much never use IE explicitly. My browser of choice is FireBird.

Perhaps grasping at straws, I figured that IE may have been firing itself into action (given its integration into XP) so I launched it to check the settings in Internet-Options->LAN-Settings. I can confirm that "automatically detect settings" is/was NOT checked. Which is as it should be.

I got no idea now to tell if there is any network activity. When it happens I can't do anything on the WinGate server and no other PC's can access the net as the WinGate server is badly hung.

regards, SHB

[kalvos]

I wasn't aware that I had a "file with WWW policies". Neither of those machine has a file called WPAD.DAT, and also I pretty much never use IE explicitly.

This note might help:
http://www.microsoft.com/TechNet/prodte ... 13sser.asp

[shb]

Kalvos, thanks for input. I read that link... but I'm not sure what exactly in it you thought might help ? Amongst other things, that link seems to be mostly about setting up a WPAD.DAT and setting up browser-auto-config.

Maybe I wasn't clear about this: I haven't set up any "automatic configuration" for any browser on that LAN. And I don't intend to setup any auto-config for the browsers there. I do not want any browser on that LAN setup that way.

In fact, the browsers on that XP machine are not setup to go via a proxy server. Yet the offending communication is actually addressing the wingate server as a proxy-server (!!!). On that pc, both Firebird and IE are setup to access the internet via NAT. However other pc's are setup to only access the net via proxy server (i.e. they are not authorised to use NAT).

Personally I'm not convinced that the problem is "browser" related. My guess is that it is related to the wingate server being the DHCP server for the network.

regards, SHB

[shb]

Hey, it hasn't happened since I upgraded to 5.1 :) (fingers are crossed).

Also, what is the significance of the word "OPTIONS" in the screenshot above ? Normally that position in the string contains "GET". Does anyone know ?

[adrien]

we made a couple of changes to DNS which may have affected this (i.e fixed it).

The way IE does auto config is by doing a DNS lookup for the name WPAD. If it gets a response, it connects to the IP returned and sends a request for a proxyconfig .dat file.

WinGate DNS server sees lookups for WPAD and replies with its own IP, so any IE on your LAN using WinGate as a DNS server, will then connect to WinGate and request the file. Normally this file is then generated on the fly by WinGate.

As for InterQuick... well. I have to say I'm surprised it even still works on WinGate 5.1!!! Maybe it didn't like the request... and that OPTIONS word is indeed odd, I don't know of any HTTP command of that name....

Adrien