After suspecting that the firewall was not functioning on my trial install of WG 5.2.3 I tested it on Shields Up.
The failure that I cannot resolve is ports 1027 & 1029 remain open. Solicited TCP Packets: RECEIVED (FAILED)
Many more ports were open, so I subsequently uninstalled IIS and all the other related stuff.
Now WG is installed on a very naked WIN2K SP4 Server
Any comments would be most appreciated.
Fred
Firewall problem
Moderator: Qbik Staff
17 posts
• Page 1 of 1
by corpcomp » May 06 04 8:35 am
Thank you
Yes, had already read that topic.
Have setup Extended Networking for the following:
Enable Extended Network Driver
General Purpose Internet Sharing
High: Denies all connections from outside
Disable network name broadcasts to the internet
Discard spoofing packets
No entries in port security and default action is set to deny
Fred
Yes, had already read that topic.
Have setup Extended Networking for the following:
Enable Extended Network Driver
General Purpose Internet Sharing
High: Denies all connections from outside
Disable network name broadcasts to the internet
Discard spoofing packets
No entries in port security and default action is set to deny
Fred
- corpcomp
- Posts: 12
- Joined: Apr 28 04 10:32 pm
by adrien » May 06 04 11:34 am
Hi
What connection to the internet do you use? Is it a dialup or ADSL that uses dialup networking to connect?
If so, does this interface show up in WinGate as untrusted and external?
You may need to change these settings - go to Gatekeeper, log in, options->Advanced->Network interfaces.
If your external interface is not deemed by WinGate to be external (which should only happen if it has a private IP address) then the firewall rules would not be being applied....
Adrien
What connection to the internet do you use? Is it a dialup or ADSL that uses dialup networking to connect?
If so, does this interface show up in WinGate as untrusted and external?
You may need to change these settings - go to Gatekeeper, log in, options->Advanced->Network interfaces.
If your external interface is not deemed by WinGate to be external (which should only happen if it has a private IP address) then the firewall rules would not be being applied....
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by adrien » May 06 04 7:27 pm
hmmmm
If you dial to the Internet, then restart the WinGate engine (without breaking the dialup connection), then run the shieldsup test, what happens then? I'm just wondering if there is a timing or updating issue for updating the ENS driver with changes to the interfaces when you connect by dialup.
Adrien
If you dial to the Internet, then restart the WinGate engine (without breaking the dialup connection), then run the shieldsup test, what happens then? I'm just wondering if there is a timing or updating issue for updating the ENS driver with changes to the interfaces when you connect by dialup.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by corpcomp » May 06 04 9:28 pm
The same result happens.
I have been wondering if my WIN2KSP4 (stand alone) server is doing something untoward because there were lots more ports open untill I uninstalled the IIS server completely. However I don't know how or what to test on the server to see if something there is holding the ports open.
I have been wondering if my WIN2KSP4 (stand alone) server is doing something untoward because there were lots more ports open untill I uninstalled the IIS server completely. However I don't know how or what to test on the server to see if something there is holding the ports open.
- corpcomp
- Posts: 12
- Joined: Apr 28 04 10:32 pm
by Nev » May 07 04 10:19 pm
corpcomp wrote:The same result happens.
I have been wondering if my WIN2KSP4 (stand alone) server is doing something untoward because there were lots more ports open untill I uninstalled the IIS server completely. However I don't know how or what to test on the server to see if something there is holding the ports open.
Just a thought could it be Sasser/Wechia/MsBlaster pests or similar?
Admins could find this handy: http://www.microsoft.com/downloads/deta ... A42D14CC17
Good luck!
Nev > Inland Australia
- Nev
- WinGate Guru
- Posts: 861
- Joined: Sep 22 03 11:35 pm
- Location: Mudgee ~ NSW ~ Australia
by corpcomp » May 07 04 10:41 pm
Hi Nev
Have just been through that. A virus took this server down, it has just been through a total rebuild with all available patches from MS. Installed ServerProtect 5.5 on the system prior to any updates. Even downloaded the new pattern files on a different network to ensure no problems. ServerProtect hasn't picked anything up, and other checkers from Symantec & Grisoft detect nothing.
I have become quite convinced there is a problem serverside, and not with WG itself, after all, no one else seems to be having the same problems.
Only problem with that is I don't have sufficent knowledge on how to go about finding out just what is causing the problem. Only hope I can sort it out and demonstarte the system to my client before this trial key expires.
Have just been through that. A virus took this server down, it has just been through a total rebuild with all available patches from MS. Installed ServerProtect 5.5 on the system prior to any updates. Even downloaded the new pattern files on a different network to ensure no problems. ServerProtect hasn't picked anything up, and other checkers from Symantec & Grisoft detect nothing.
I have become quite convinced there is a problem serverside, and not with WG itself, after all, no one else seems to be having the same problems.
Only problem with that is I don't have sufficent knowledge on how to go about finding out just what is causing the problem. Only hope I can sort it out and demonstarte the system to my client before this trial key expires.
- corpcomp
- Posts: 12
- Joined: Apr 28 04 10:32 pm
by corpcomp » May 07 04 10:41 pm
Hi Nev
Have just been through that. A virus took this server down, it has just been through a total rebuild with all available patches from MS. Installed ServerProtect 5.5 on the system prior to any updates. Even downloaded the new pattern files on a different network to ensure no problems. ServerProtect hasn't picked anything up, and other checkers from Symantec & Grisoft detect nothing.
I have become quite convinced there is a problem serverside, and not with WG itself, after all, no one else seems to be having the same problems.
Only problem with that is I don't have sufficent knowledge on how to go about finding out just what is causing the problem. Only hope I can sort it out and demonstarte the system to my client before this trial key expires.
Have just been through that. A virus took this server down, it has just been through a total rebuild with all available patches from MS. Installed ServerProtect 5.5 on the system prior to any updates. Even downloaded the new pattern files on a different network to ensure no problems. ServerProtect hasn't picked anything up, and other checkers from Symantec & Grisoft detect nothing.
I have become quite convinced there is a problem serverside, and not with WG itself, after all, no one else seems to be having the same problems.
Only problem with that is I don't have sufficent knowledge on how to go about finding out just what is causing the problem. Only hope I can sort it out and demonstarte the system to my client before this trial key expires.
- corpcomp
- Posts: 12
- Joined: Apr 28 04 10:32 pm
by n0ticer » May 07 04 11:30 pm
corpcomp
may be this cud help...
http://www.snapfiles.com/get/activeports.html
I have been wondering if my WIN2KSP4 (stand alone) server is doing something untoward because there were lots more ports open untill I uninstalled the IIS server completely. However I don't know how or what to test on the server to see if something there is holding the ports open.
may be this cud help...
http://www.snapfiles.com/get/activeports.html
- n0ticer
- Senior Member
- Posts: 119
- Joined: Mar 26 04 5:43 pm
by corpcomp » May 08 04 9:04 am
Thanks for that Adrien
It seems that msdtc.exe is holding port 1027 open and MSTask.exe is holding port 1029 open.
Will investigate MS KB in an attempt to resolve.
I did note in the short amount of time (<5 minutes) it took me to find this information, netpatrol detected a number of Potential W32.Blaster.Worm attackes. WG showed nothing in the firewall, and ServerProtect shows nothing in the log.
Am looking into things conciderably further now.
It seems that msdtc.exe is holding port 1027 open and MSTask.exe is holding port 1029 open.
Will investigate MS KB in an attempt to resolve.
I did note in the short amount of time (<5 minutes) it took me to find this information, netpatrol detected a number of Potential W32.Blaster.Worm attackes. WG showed nothing in the firewall, and ServerProtect shows nothing in the log.
Am looking into things conciderably further now.
- corpcomp
- Posts: 12
- Joined: Apr 28 04 10:32 pm
by corpcomp » May 09 04 1:13 pm
Problem Solved
After some considerable investigation I found that I had misconfigured WG.
Here is what I had to do to get the system to pass all security tests I could throw at it.
Extended Networking|Port Security
Connections from the Internet: TCP & UDP Default action = Deny
LAN connections to WinGate PC: TCP & UDP Default action = Deny. Add a filter for port 53 UDP (DNS) to Allow Packet. If you don't add this filter WG won't go out to the internet to resolved DNS.
LAN connections to Internet: Default action = Allow with Cloaking. This may work without cloaking.
Extended Networking|Firewall
Uncheck Allow users to ping this machine localy. If left checked the ping is visible from the Internet. It shouldn't but it does.
I am sorry if this sounds wrong, but at the end of the day this server is now passing all security tests and entries now appear in the Firewall window.
Many thanks to those who have given their pointers and comments.
After some considerable investigation I found that I had misconfigured WG.
Here is what I had to do to get the system to pass all security tests I could throw at it.
Extended Networking|Port Security
Connections from the Internet: TCP & UDP Default action = Deny
LAN connections to WinGate PC: TCP & UDP Default action = Deny. Add a filter for port 53 UDP (DNS) to Allow Packet. If you don't add this filter WG won't go out to the internet to resolved DNS.
LAN connections to Internet: Default action = Allow with Cloaking. This may work without cloaking.
Extended Networking|Firewall
Uncheck Allow users to ping this machine localy. If left checked the ping is visible from the Internet. It shouldn't but it does.
I am sorry if this sounds wrong, but at the end of the day this server is now passing all security tests and entries now appear in the Firewall window.
Many thanks to those who have given their pointers and comments.
- corpcomp
- Posts: 12
- Joined: Apr 28 04 10:32 pm
by senquan » May 26 04 9:43 pm
hi all
The same problem . It seem that the Wingate can not distinguish internet connection from local.
My OS is xp pro. With PPPoE dial-up access.
And I'm sure that the dial-up interface has been set to Public:Yes and Trusted:No.
The same problem . It seem that the Wingate can not distinguish internet connection from local.
My OS is xp pro. With PPPoE dial-up access.
And I'm sure that the dial-up interface has been set to Public:Yes and Trusted:No.
- senquan
- Posts: 1
- Joined: May 26 04 8:40 pm
by corpcomp » May 27 04 9:23 am
It seems WinGate has undergone a number of changes since I first started using it some years ago (ver 3).
Regrettably I have now changed and am no longer using Wingate because it is so problematic.
Maybe Qbic will stop attempting to keep up with Microsoft and get down to the task of actually getting the product bug free instead of putting in new tricks.
At the end of the day they HAD a good product, and if they had stay with the good old adage “if it isn't broken don't fix it" they would still have a winner.
All dues to them though, they are giving it a good try. Just they now have a long ways to go.
Note to Qbik: You should have kept WinGate as it was, a firewall doesn’t need an email server, shouldn’t need a client, doesn’t need spam control. A firewall should be just that, “a firewall” Heck guys, use the KISS factor “Keep It Simple Stupid”.
Regrettably I have now changed and am no longer using Wingate because it is so problematic.
Maybe Qbic will stop attempting to keep up with Microsoft and get down to the task of actually getting the product bug free instead of putting in new tricks.
At the end of the day they HAD a good product, and if they had stay with the good old adage “if it isn't broken don't fix it" they would still have a winner.
All dues to them though, they are giving it a good try. Just they now have a long ways to go.
Note to Qbik: You should have kept WinGate as it was, a firewall doesn’t need an email server, shouldn’t need a client, doesn’t need spam control. A firewall should be just that, “a firewall” Heck guys, use the KISS factor “Keep It Simple Stupid”.
- corpcomp
- Posts: 12
- Joined: Apr 28 04 10:32 pm
DNS service problem
by juncool » Jun 08 04 6:59 pm
We installed wingate 5.23 on our internet gateway PC, but sometimes client PC can not access internet and browser prompt "DNS error",at these time we logged into gatekeeper and see many "DNS look up"message in activity window, and we test web browsing at gateway PC and there were no problems. could you please tell us how to solve this problem?
- juncool
- Posts: 2
- Joined: Mar 19 04 7:14 pm
17 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 4 guests