WinGate Forums

[alyork]

Like many others, I'm converting my clients from Winproxy to Wingate. Today I set up another server and got some odd stuff. Like a machine called AMontpellier. I've done few internet searches and am still mystified as to what is going on. Can anyone help.

Here is an excerpt from the History and a screen shot of the activity.

Start time Computer User IP Application Action Duration Bytes in Bytes out
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
12-Jun 19:35:08 AMontpellier-257-1-1 90.0.0.10 N/A http://updates.f-prot.com/cgi-bin/check-updates 0 0 0
12-Jun 19:35:08 AMontpellier-257-1-1 90.0.0.10 N/A http://updates.f-prot.com/cgi-bin/check-updates 1 221 327
12-Jun 19:34:49 AMontpellier-257-1-1 90.0.0.10 N/A POP3: maybe at 209.197.74.39:110 1 41 58
12-Jun 19:34:48 AMontpellier-257-1-1 90.0.0.10 N/A POP3: sharonf at 209.197.74.39:110 1 41 58
12-Jun 19:34:47 AMontpellier-257-1-1 90.0.0.10 N/A POP3: account at 209.197.74.39:110 0 40 58
12-Jun 19:34:46 AMontpellier-257-1-1 90.0.0.10 N/A POP3: al at 209.197.74.39:110 1 56 3653
12-Jun 19:34:45 AMontpellier-257-1-1 90.0.0.10 N/A POP3: al at 209.197.108.201:110 0 38 58

AMontpellier.jpg (43.88 KiB) Viewed 9019 times

Thanks - Al

[labull]

Is there a chance you have your Proxy and POP services accepting connection from the external NIC?

[alyork]

Its possible. What should I be looking for and how do I fix it? Thanks

[labull]

For each service - Properties - Bindings -

Make sure in the Binding Policy box you only have internal adapters checked.

[alyork]

Ah. Thanks. Now have only the loopback and lan adapter checked for everything. Will see what happens.

[labull]

Let us know how it goes.

And welcome to WinGate. There are lots of nice folks here. Don't be afraid to ask any questions.

Looks like you got here just in time for the next big release. We're all looking forward to all the cool stuff it will do.

[labull]

I just did some more checking. If your internal network is numbered 90.0.0.x those could be the Public names that DNS is resolving to for your internal IP addresses.

[alyork]

Thanks for your efforts.

Anything is possible. The problem has not gone away. Have stopped and started the Gatekeeper.

Winproxy recommends using 90.0.01 as the server LAN address. This is the 2nd Winproxy to Wingate conversion I've done. The first one doesn't have the AMontpellier popping up. The second part of the id ado.wanadoo.fr has some internet hits but I didn't find them very useful.

- Al

[logan]

Using a public IP range for a private network is usually considered a bad practice, so I am very surprised that WinProxy would suggest using that IP range. Maybe they meant to suggest 10.0.0.1 as that this is an allocated private IP range.

Allocated IP ranges for private networks:

192.168.x.x
172.16.x.x -> 172.32.x.x
10.x.x.x

[alyork]

Hmm, yes. Winproxy has suggesting using 90.0.0.1 as the internal adapter address for years. More recently has also suggested other ranges too.

However, it still doesn't explain what a machine showing up as AMontpellier-257-1-113-121.w90-0.abo.wanadoo.fr is?

Am wondering if we have nasty trojen or something hinding inside the network. So far our scans haven't found anything.

- Al

[labull]

Al,

It looks like WinGate is resolving the your local addresses to public addresses:

V:\>tracert 90.0.0.1

Tracing route to AMontpellier-257-1-113-1.w90-0.abo.wanadoo.fr [90.0.0.1]
over a maximum of 30 hops:

Doesn't look like anything nastier than that.

[alyork]

Thanks.

It sure does doesn't it.

I have another Wingate network set up the same way and the TRACERT 90.0.0.1 points back to its own server which is what I would expect.

The big difference between the 2 networks is that the one pointing to an external DNS is running Windows Server 2000 and the other that points correctly is Server 3000.

Wonder what is causing Wingate to resolve the private address to the public address?

- Al.

[logan]

This isn't out of the ordinary or strange at all. WinGate has a few methods of discovering client computer names. If one method fails, it can try another. It seems in your case, the first two methods failed to produce a result, so WinGate tried the third. A reverse DNS lookup.

1. DHCP client. If the IP was issued by WinGate's DHCP server, then we use the recorded computer name against the client IP
2. Lookup in our table of known computername::IP's. This table is populated by:
a) periodic network enumeration if enabled
b) spying on UDP/137 broadcasts (node registrations etc).
3. Reverse DNS lookup.

On a network that uses a private IP range, a reverse DNS lookup would only return a result if the DNS server being queried was an ADDNS server that contained DNS records for the private IP's of the local network. If the DNS server being queried was not an ADDNS server, it would not return a hostname.

Since you are using a public IP range, the reverse DNS lookup is producing a hostname but for the server from the internet that owns that IP, not your local computer.

To prevent the reverse DNS lookup from returning the internet hostname, you will need to make sure one of the first two methods can return a computer name first. Those being DHCP or NetBIOS.

[alyork]

OK I converted the network to address range 10.x.x.x and the problem went away.

Thank you everyone for your insights and information.

And thank you very much to the internet commitee that decided to remove the 90.x.x.x address range from the private address pool.

- Al