Hi!
WinGate extended networking pass some programs like Counter-strike into Internet even if user disabled or not created.
GateKeepers System Messages writes "Authentication faild, requested NAT ..." BUT user have access to internet.
If i try to use web browser (IE) over NAT (extended networking) all is fine, disabled users or if user not created, have no access.
WWW proxy also ban users in such case properly.
Guest disabled. WinGate firewall in extended networking disabled.
In system policies "Everyone" is deleted. Auth - User may be assumed.
In extended networking default rights: are ignored.
Im using WG 6.1.1, Windows 2003 SP1.
Service Windows Firewall/Internet Connection Sharing (ICS) is disabled.
Is it possible that problem in routing?
Help please. Thank you.
extended networking pass some programs into Internet
Moderator: Qbik Staff
10 posts
• Page 1 of 1
extended networking pass some programs into Internet
by andevariel » Apr 28 06 10:16 pm
- andevariel
- Posts: 5
- Joined: Apr 28 06 9:53 pm
by Pascal » May 02 06 1:50 pm
What policies do you have in Extended Networking?
You can send me a copy of your Wingate registry (Export it through Advanced Options -> Save Registry OR through the Advanced Options tool).
Then I can have a quick look through the config for you.
You can send me a copy of your Wingate registry (Export it through Advanced Options -> Save Registry OR through the Advanced Options tool).
Then I can have a quick look through the config for you.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by andevariel » May 02 06 6:31 pm
Pascal wrote:What policies do you have in Extended Networking?
You can send me a copy of your Wingate registry (Export it through Advanced Options -> Save Registry OR through the Advanced Options tool).
Then I can have a quick look through the config for you.
I sent my config (reg file) via email
Thank you
- andevariel
- Posts: 5
- Joined: Apr 28 06 9:53 pm
by Pascal » May 03 06 3:50 pm
Policies look ok - can you give me one or two of the usernames (So I can check against the groups, etc.) who are experiencing this problem, please?
BTW. What ports is it using? Standard of 27015 UDP or different ports. Also - Counter Strike or Counter Strike Source?
BTW. What ports is it using? Standard of 27015 UDP or different ports. Also - Counter Strike or Counter Strike Source?
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by andevariel » May 03 06 10:47 pm
Pascal wrote:Policies look ok - can you give me one or two of the usernames (So I can check against the groups, etc.) who are experiencing this problem, please?
BTW. What ports is it using? Standard of 27015 UDP or different ports. Also - Counter Strike or Counter Strike Source?
The problem is all users have access even if thay disabled or not auth :-( Username "13", "goblin" group "CAGG" as example.
UDP ports 27010, 27015
Counter-strike 1.6 nosteam
If user exist but disabled i get message (GateKeeper -> system messages) like "Authentication failed, user 13 requesed NAT: UDP 192.168.0.13:1035 <-> 68.142.72.250:27010"
"Authentication failed, user 13 requesed NAT: UDP 192.168.0.13:1035 <-> 68.142.72.250:27015"
if user not exist i get
"Authentication failed, Guest requesed NAT: UDP 192.168.0.13:1035 <-> 68.142.72.250:27015" etc
But user have access to game servers
If user try to upgrade NOD32 as example, or use IE he has no access and i get message "Authentication failed, user 13 requesed"
- andevariel
- Posts: 5
- Joined: Apr 28 06 9:53 pm
by jamesc » May 09 06 1:26 am
I will have to dig out my old CS cd to see if I can test without steam.
Counterstrike servers can listen on any port the server admin sees fit; when I just checked via Steam, CS servers were using a range of ports from 20000 to 30000 approx.
We can block that via:
GateKeeper --> ENS --> Port Security --> "LAN Connections to the internet" (drop down list) --> Add
Put the range in as 20000 - 30000 and select UDP, and the Deny Checkbox.
**You may find other applications need those ports, so it needs careful consideration.
*** If you can explain the context of your environment "corporate / home user / soho user" and whether you are in a domain environment then we may be able to offer suggest an alternative for the meantime.
**** via policies we could chunk it up to 800ms, unacceptable to most players, but the die hards may camp to get their fix.
Let us know your feedback.
Counterstrike servers can listen on any port the server admin sees fit; when I just checked via Steam, CS servers were using a range of ports from 20000 to 30000 approx.
We can block that via:
GateKeeper --> ENS --> Port Security --> "LAN Connections to the internet" (drop down list) --> Add
Put the range in as 20000 - 30000 and select UDP, and the Deny Checkbox.
**You may find other applications need those ports, so it needs careful consideration.
*** If you can explain the context of your environment "corporate / home user / soho user" and whether you are in a domain environment then we may be able to offer suggest an alternative for the meantime.
**** via policies we could chunk it up to 800ms, unacceptable to most players, but the die hards may camp to get their fix.
Let us know your feedback.
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by andevariel » May 09 06 10:52 am
jamesc wrote:I will have to dig out my old CS cd to see if I can test without steam.
Counterstrike servers can listen on any port the server admin sees fit; when I just checked via Steam, CS servers were using a range of ports from 20000 to 30000 approx.
We can block that via:
GateKeeper --> ENS --> Port Security --> "LAN Connections to the internet" (drop down list) --> Add
Put the range in as 20000 - 30000 and select UDP, and the Deny Checkbox.
**You may find other applications need those ports, so it needs careful consideration.
*** If you can explain the context of your environment "corporate / home user / soho user" and whether you are in a domain environment then we may be able to offer suggest an alternative for the meantime.
**** via policies we could chunk it up to 800ms, unacceptable to most players, but the die hards may camp to get their fix.
Let us know your feedback.
Im blocking UDP with Outpost.
*** LAN 60 computers, 1 server with installed WinGate.
Some computers in network must have internet. WinGate using for share internet over network. Network without domain.
I have a question. Is it problem in my configuraton or something wrong with WinGate?
Thank you
- andevariel
- Posts: 5
- Joined: Apr 28 06 9:53 pm
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 2 guests