I cannot get Wingate server to properly route requests from clients. You can see the requests being made on the Gatekeeper activity screen (machine shows up and you can see the NAT requests being made) but the client machine goes into limbo untill a timeout occurs.
=======================
The Wingate Server configuration is:
External NIC:IP:192.168.1.10; Subnet:255.255.255.0; Default Gateway:192.168.1.1; DNS Server:192.168.1.1
Internal NIC:IP:10.20.30.10; Subnet:255.255.255.0; Default Gateway:blank; DNS Server:blank
=======================
The typical client configuration is:
IP:10.20.30.xxx; Subnet:255.255.255.0; Default Gateway:10.20.30.10; DNS Server:10.20.30.10
I am guessing I have a problem with IP/Subnet combinations, but try as I might I have not been able to complete a connection to the internet on any client pc. A real bummer.
Wingate dead in the tropics
Moderator: Qbik Staff
18 posts
• Page 1 of 1
Wingate dead in the tropics
by rovirjm » Jan 06 07 4:35 pm
- rovirjm
- Posts: 13
- Joined: Dec 10 06 2:52 pm
by rovirjm » Jan 07 07 5:15 am
I think so. Here's the screenprint of the response to nslookup:
C:\Documents and Settings\Administrator>nslookup www.qbik.com
Server: gateway
Address: 10.20.30.10
Non-authoritative answer:
Name: steak.qbik.com
Address: 210.55.214.36
Aliases: www.qbik.com
C:\Documents and Settings\Administrator>
C:\Documents and Settings\Administrator>nslookup www.qbik.com
Server: gateway
Address: 10.20.30.10
Non-authoritative answer:
Name: steak.qbik.com
Address: 210.55.214.36
Aliases: www.qbik.com
C:\Documents and Settings\Administrator>
- rovirjm
- Posts: 13
- Joined: Dec 10 06 2:52 pm
by rovirjm » Jan 07 07 5:36 am
I think so. Here's the screenprint of the response to nslookup:
C:\Documents and Settings\Administrator>nslookup www.qbik.com
Server: gateway
Address: 10.20.30.10
Non-authoritative answer:
Name: steak.qbik.com
Address: 210.55.214.36
Aliases: www.qbik.com
C:\Documents and Settings\Administrator>
C:\Documents and Settings\Administrator>nslookup www.qbik.com
Server: gateway
Address: 10.20.30.10
Non-authoritative answer:
Name: steak.qbik.com
Address: 210.55.214.36
Aliases: www.qbik.com
C:\Documents and Settings\Administrator>
- rovirjm
- Posts: 13
- Joined: Dec 10 06 2:52 pm
by ekkas2 » Jan 07 07 7:31 am
u can try
tracert www.qbik.com from client
and ping www.qbik.com from client
Cause if that all works, then I can't see why internet doesn't want to work.
tracert www.qbik.com from client
and ping www.qbik.com from client
Cause if that all works, then I can't see why internet doesn't want to work.
- ekkas2
- Posts: 84
- Joined: Jun 06 05 7:04 am
by rovirjm » Jan 07 07 7:48 am
Both tracert and ping to www.qbik.com worked fine regardless of whether the proxy connection through port 80 is active or not.
- rovirjm
- Posts: 13
- Joined: Dec 10 06 2:52 pm
by adrien » Jan 07 07 10:05 am
Hi
If ping and tracert are working, then NAT must be working, since that uses NAT for ICMP.
If WWW isn't working through NAT, do you have connection intercepts turned on? There are only a couple of reasons I can think of.
1. Some MTU issue (if your DSL modem connects with PPPoE, there will be a reduced MTU, which can affect TCP and UDP traffic but doesn't normally affect ICMP). To test for a reduced MTU, go to the WinGate machine, and try pinging somewhere with larger packets and without fragmentation, e.g.
ping smtp.qbik.com -l 1472 -f
This is the normal max sized ping you can do to somewhere before a packet must be fragmented, the -f flag specifies that the "don't frag" field must be set in the IP header, which means that if a router encounters this packet and it's too big, instead of splitting it up and forwarding it, it must return an error packet. Ping picks up on these error packets and will report them to you.
2. Is the web browser on the WinGate machine configured to connect through a proxy? Or do you have any other software on the WinGate machine that may intercept web connections? E.g. content filtering software, some AV software etc.
If you're seeing the NAT sessions in WinGate as "NAT: TCP connection to xxxxxxxx:80" then intercepts aren't on, and WinGate thinks it's forwarding the packets. What does the result of "route print" (on the command line) look like? Just wondering if you have several default gateways set and WinGate's picking the wrong one.
Does the DSL modem appear to the system as a NIC, or as a dialup connection?
Adrien
If ping and tracert are working, then NAT must be working, since that uses NAT for ICMP.
If WWW isn't working through NAT, do you have connection intercepts turned on? There are only a couple of reasons I can think of.
1. Some MTU issue (if your DSL modem connects with PPPoE, there will be a reduced MTU, which can affect TCP and UDP traffic but doesn't normally affect ICMP). To test for a reduced MTU, go to the WinGate machine, and try pinging somewhere with larger packets and without fragmentation, e.g.
ping smtp.qbik.com -l 1472 -f
This is the normal max sized ping you can do to somewhere before a packet must be fragmented, the -f flag specifies that the "don't frag" field must be set in the IP header, which means that if a router encounters this packet and it's too big, instead of splitting it up and forwarding it, it must return an error packet. Ping picks up on these error packets and will report them to you.
2. Is the web browser on the WinGate machine configured to connect through a proxy? Or do you have any other software on the WinGate machine that may intercept web connections? E.g. content filtering software, some AV software etc.
If you're seeing the NAT sessions in WinGate as "NAT: TCP connection to xxxxxxxx:80" then intercepts aren't on, and WinGate thinks it's forwarding the packets. What does the result of "route print" (on the command line) look like? Just wondering if you have several default gateways set and WinGate's picking the wrong one.
Does the DSL modem appear to the system as a NIC, or as a dialup connection?
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by rovirjm » Jan 07 07 10:45 am
Adrien,
1. Here are the results of the ping test:
C:\Documents and Settings\Administrator>ping smtp.qbik.com -l 1472 -f
Pinging smtp.qbik.com [210.55.214.35] with 1472 bytes of data:
Reply from 210.55.214.35: bytes=1472 time=422ms TTL=106
Reply from 210.55.214.35: bytes=1472 time=422ms TTL=106
Reply from 210.55.214.35: bytes=1472 time=432ms TTL=106
Reply from 210.55.214.35: bytes=1472 time=435ms TTL=106
Ping statistics for 210.55.214.35:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 422ms, Maximum = 435ms, Average = 427ms
C:\Documents and Settings\Administrator>
2. There is nothing besides Wingate on the Wingate server. I had removed all AV, filtering, etc. Reformated the pc and installed only Wingate on it.
3. Results of route print:
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 04 76 4d 99 a7 ...... 3Com 10/100 Mini PCI Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.20.30.10 10.20.30.111 1
10.20.30.0 255.255.255.0 10.20.30.111 10.20.30.111 1
10.20.30.111 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.20.30.111 10.20.30.111 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.20.30.111 10.20.30.111 1
255.255.255.255 255.255.255.255 10.20.30.111 10.20.30.111 1
Default Gateway: 10.20.30.10
===========================================================================
Persistent Routes:
None
4. The DSL modem appears as a NIC connection
5. Alternate gateways are set to whatever default Wingate sets them upon installation.
1. Here are the results of the ping test:
C:\Documents and Settings\Administrator>ping smtp.qbik.com -l 1472 -f
Pinging smtp.qbik.com [210.55.214.35] with 1472 bytes of data:
Reply from 210.55.214.35: bytes=1472 time=422ms TTL=106
Reply from 210.55.214.35: bytes=1472 time=422ms TTL=106
Reply from 210.55.214.35: bytes=1472 time=432ms TTL=106
Reply from 210.55.214.35: bytes=1472 time=435ms TTL=106
Ping statistics for 210.55.214.35:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 422ms, Maximum = 435ms, Average = 427ms
C:\Documents and Settings\Administrator>
2. There is nothing besides Wingate on the Wingate server. I had removed all AV, filtering, etc. Reformated the pc and installed only Wingate on it.
3. Results of route print:
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 04 76 4d 99 a7 ...... 3Com 10/100 Mini PCI Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.20.30.10 10.20.30.111 1
10.20.30.0 255.255.255.0 10.20.30.111 10.20.30.111 1
10.20.30.111 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.20.30.111 10.20.30.111 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.20.30.111 10.20.30.111 1
255.255.255.255 255.255.255.255 10.20.30.111 10.20.30.111 1
Default Gateway: 10.20.30.10
===========================================================================
Persistent Routes:
None
4. The DSL modem appears as a NIC connection
5. Alternate gateways are set to whatever default Wingate sets them upon installation.
- rovirjm
- Posts: 13
- Joined: Dec 10 06 2:52 pm
by rovirjm » Jan 07 07 2:25 pm
Adrien,
If I put 192.168.1.1 as the default gateway then clients would bypass Wingate which is listening on the NIC connected on 10.20.30.10, no?
I tried it anyway (set client NIC default gateway 192.168.1.1, DNS server 192.168.1.1) and it did not work. It did not even show up on the Wingate activity screen.
If I put 192.168.1.1 as the default gateway then clients would bypass Wingate which is listening on the NIC connected on 10.20.30.10, no?
I tried it anyway (set client NIC default gateway 192.168.1.1, DNS server 192.168.1.1) and it did not work. It did not even show up on the Wingate activity screen.
- rovirjm
- Posts: 13
- Joined: Dec 10 06 2:52 pm
by rovirjm » Jan 08 07 1:10 am
The print route was for the client, here's the one from the Wingate machine:
C:\Documents and Settings\rovirjm.GATEWAY>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 ec 58 5b 5f ...... SiS 900 PCI Fast Ethernet Adapter - Packet Sched
uler Miniport
0x3 ...00 01 03 2b b8 47 ...... 3Com EtherLink XL 10/100 PCI For Complete PC Man
agement NIC (3C905C-TX) #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 20
10.20.30.0 255.255.255.0 10.20.30.10 10.20.30.10 20
10.20.30.10 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.20.30.10 10.20.30.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 20
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 20
224.0.0.0 240.0.0.0 10.20.30.10 10.20.30.10 20
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 20
255.255.255.255 255.255.255.255 10.20.30.10 10.20.30.10 1
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\rovirjm.GATEWAY>
C:\Documents and Settings\rovirjm.GATEWAY>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 ec 58 5b 5f ...... SiS 900 PCI Fast Ethernet Adapter - Packet Sched
uler Miniport
0x3 ...00 01 03 2b b8 47 ...... 3Com EtherLink XL 10/100 PCI For Complete PC Man
agement NIC (3C905C-TX) #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 20
10.20.30.0 255.255.255.0 10.20.30.10 10.20.30.10 20
10.20.30.10 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.20.30.10 10.20.30.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 20
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 20
224.0.0.0 240.0.0.0 10.20.30.10 10.20.30.10 20
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 20
255.255.255.255 255.255.255.255 10.20.30.10 10.20.30.10 1
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\rovirjm.GATEWAY>
- rovirjm
- Posts: 13
- Joined: Dec 10 06 2:52 pm
18 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 4 guests