WinGate Forums

[mchis]

OKay, I have a small net with one server (has WG 6.0.3 on Win2000AS on it) and three workstations (WinXP). I connect to the internet through dialup.

From the server everything works: webbrowsing, ping etc. From workstations however ping does not work (and other tools do not work as well, iTunes for example). DNS works okay, if I ping "addressname" it first resolves to the IP, but furthermore it gives "request timeout". Of course, pinging directly the IP leads to the same result. What to do?

Configuration details follow - I've included ipconfig/all and WinGateConfig.txt contents. Thanks a bunch!

Server:===========================

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : axsrv
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Realtek RTL8139:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139(A) PCI Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-C0-DF-10-0C-5D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :

PPP adapter Xnet Gold:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 213.233.87.221
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 213.233.87.221
DNS Servers . . . . . . . . . . . : 193.230.161.9
193.230.161.10
NetBIOS over Tcpip. . . . . . . . : Disabled

A workstation================================

Windows IP Configuration

Host Name . . . . . . . . . . . . : mike
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.213.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.54.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter Intel PRO1000 CT Network Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection
Physical Address. . . . . . . . . : 00-0C-F1-77-66-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1

WinGate Config:=====================

1.01 WINGATE CONFIGURATION REPORT
1.02 Wednesday, August 31, 2005, 14:39
1.03
1.04 ---------------------------------------------
1.05 WinGate Engine
1.06 ---------------------------------------------
1.07 WinGate 6.0.3 (Build 1005)
1.08 Operating System: Windows 2000 (NT 5.0)
1.09 Language: ENU
1.10 User database: WinGate
1.11 Num. users: 6
1.12
1.13
3.01 ---------------------------------------------
3.02 License details
3.03 ---------------------------------------------
3.04 License Key 1
3.05 Version: WinGate 6 Standard 3 concurrent users
3.06 Expiry: None
3.07
4.01 ---------------------------------------------
4.02 Dialer information
4.03 ---------------------------------------------
4.04 Dialer is disabled
4.05
5.01 ---------------------------------------------
5.02 Network Interfaces
5.03 ---------------------------------------------
5.04 Xnet Gold (Dialup) external
5.05 Realtek RTL8139 (Ethernet) internal
5.06 MS TCP Loopback interface (Loopback)
5.07
6.01 ---------------------------------------------
6.02 Services
6.03 ---------------------------------------------
6.04
6.05 System Policies
6.06 ---------------------------------------------
6.07 Default System Access Rights:
6.08 Everyone - Unrestricted rights
6.09 Default Start/Stop Rights:
6.10 Administrators - Unrestricted rights
6.11 Default Edit Rights:
6.12 Administrators - Unrestricted rights
6.13
6.14 WWW Proxy server (WWW Proxy server)
6.15 ---------------------------------------------
6.16 Session Timeout: 60
6.17 Port: 80
6.18 Startup: Automatic start/stop
6.19 Access Rights: Defaults: may be used instead
6.20 Everyone - Unrestricted rights
6.21 Start/Stop Rights: Defaults: may be used instead
6.22 Edit Rights: Defaults: may be used instead
6.23
6.24 DHCP Service (DHCP Service)
6.25 ---------------------------------------------
6.26 Session Timeout: 60
6.27 Port: 67
6.28 Startup: Disabled
6.29 Access Rights: Defaults: are ignored
6.30 Everyone - Unrestricted rights
6.31 Start/Stop Rights: Defaults: may be used instead
6.32 Edit Rights: Defaults: may be used instead
6.33
6.34 Winsock Redirector Service (Winsock Redirector Service)
6.35 ---------------------------------------------
6.36 Session Timeout: 600
6.37 Port: 2080
6.38 Startup: Automatic start/stop
6.39 Access Rights: Defaults: may be used instead
6.40 Everyone - Unrestricted rights
6.41 Start/Stop Rights: Defaults: may be used instead
6.42 Edit Rights: Defaults: may be used instead
6.43
6.44 SOCKS Proxy server (SOCKS Proxy server)
6.45 ---------------------------------------------
6.46 Session Timeout: 60
6.47 Port: 1080
6.48 Startup: Automatic start/stop
6.49 Access Rights: Defaults: may be used instead
6.50 Everyone - Unrestricted rights
6.51 Start/Stop Rights: Defaults: may be used instead
6.52 Edit Rights: Defaults: may be used instead
6.53
6.54 POP3 Server (POP3 Server)
6.55 ---------------------------------------------
6.56 Session Timeout: 120
6.57 Port: 110
6.58 Startup: Disabled

6.59 Access Rights: Defaults: may be used instead
6.60 Everyone - Unrestricted rights
6.61 Start/Stop Rights: Defaults: may be used instead
6.62 Edit Rights: Defaults: may be used instead
6.63
6.64 SMTP Server (SMTP Server)
6.65 ---------------------------------------------
6.66 Session Timeout: 300
6.67 Port: 25
6.68 Startup: Disabled
6.69 Access Rights: Defaults: may be used instead
6.70 Everyone - Unrestricted rights
6.71 Start/Stop Rights: Defaults: may be used instead
6.72 Edit Rights: Defaults: may be used instead
6.73
6.74 GDP Service (GDP Service)
6.75 ---------------------------------------------
6.76 Session Timeout: 60
6.77 Port: 368
6.78 Startup: Automatic start/stop
6.79 Access Rights: Defaults: may be used instead
6.80 Everyone - Unrestricted rights
6.81 Start/Stop Rights: Defaults: may be used instead
6.82 Edit Rights: Defaults: may be used instead
6.83
6.84 DNS Service (DNS Service)
6.85 ---------------------------------------------
6.86 Session Timeout: 60
6.87 Port: 53
6.88 Startup: Automatic start/stop
6.89 Access Rights: Defaults: may be used instead
6.90 Everyone - Unrestricted rights
6.91 Start/Stop Rights: Defaults: may be used instead
6.92 Edit Rights: Defaults: may be used instead
6.93
6.94 Remote Control Service (Remote Control Service)
6.95 ---------------------------------------------
6.96 Session Timeout: 60
6.97 Port: 808
6.98 Startup: Automatic start/stop
6.99 Access Rights: Defaults: may be used instead
6.100 Everyone - Unrestricted rights
6.101 Start/Stop Rights: Defaults: may be used instead
6.102 Edit Rights: Defaults: may be used instead
6.103
7.01 ---------------------------------------------
7.02 System Route Table
7.03 ---------------------------------------------
7.04 Current Route Table:
7.05 ---------------------------------------------
7.06 Network Mask Gateway Interface Metric
7.07 0.0.0.0 0.0.0.0 213.233.87.224 213.233.87.224 1
7.08 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
7.09 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 1
7.10 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1
7.11 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 1
7.12 213.233.87.224 255.255.255.255 127.0.0.1 127.0.0.1 1
7.13 213.233.87.255 255.255.255.255 213.233.87.224 213.233.87.224 1
7.14 217.10.204.58 255.255.255.255 213.233.87.224 213.233.87.224 1
7.15 224.0.0.0 224.0.0.0 192.168.0.1 192.168.0.1 1
7.16 224.0.0.0 224.0.0.0 213.233.87.224 213.233.87.224 1
7.17 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1
7.18
9.01 ---------------------------------------------
9.02 END OF CONFIGURATION REPORT

[mchis]

Forgot to specify: I'm not using ENS. I have ZoneAlarm configured, and apparently it has nothing to do with it (the problem persists even if I shut ZoneAlarm down).

[genie]

Hi,

If you are not using ENS then there will be no NATing of the client's traffic and, consequently, you will not be able to use any tool that relies on clear IP traffic, rather than proxy or mapping.

[mchis]

Thanks Genie. I registered WinGate because I like it, and really want to make it work.

So, I reinstalled WinGate after disabling ZoneAlarm, activated ENS at install time, restart and now I have ENS. But it still does not work. Disabled IP blackhole, added maximum rights ("LAN connections to Internet"+"Connections from DMZ to WinGate PC", TCP+UDP, ports 1-9999 allow. Still ping fails, iTunes fails. Any ideas?

Mike.

Hi,

If you are not using ENS then there will be no NATing of the client's traffic and, consequently, you will not be able to use any tool that relies on clear IP traffic, rather than proxy or mapping.

[genie]

Make sure that the adapters' roles are assigned correctly (page Networks in Gatekeeper - check internal/external settings for the adapters).

[jamesc]

Adding to Genies comments: to check how your adapters were detected, navigate to GateKeeper --> View menu --> Network.
The network adapter pointing towards the LAN should be marked as "Internal" and the network card / modem pointing towards the internet should be marked as "External", as shown in the image below.

[mchis]

Guys, already checked that, it's correct, dialup is external and lan card is internal... Just if it were that simple!

Adding to Genies comments: to check how your adapters were detected, navigate to GateKeeper --> View menu --> Network.
The network adapter pointing towards the LAN should be marked as "Internal" and the network card / modem pointing towards the internet should be marked as "External", as shown in the image below.

[genie]

Does Wingate start dialing when you try, say, pinging an external host from the client?

[jamesc]

Also: I just installed ZoneAlarm on a Win2k Box running WinGate 6.0.4. To allow NAT to be used, I had to set the following for the firewall:



And for the program control, I had to authorise the WinGate engine:



** Please note, this configuration was quickly done and there may be a better way to do it that is more aligned to your needs.

[genie]

I doubt this will work - ZA and Wingate would compete for the same system resource - networking - blocking each other effectively - there is no guarantee that with ZA installed Wingate will be functioning.

[mchis]

When ZA was running it has been definitely set up in the way James described. That was until this morning, when I disabled it (service stopped, everything pertaining to it not running) so in the current configuration only WG is running. Unfortunately I currently am at a loss, no idea what to do...

Mike.

I doubt this will work - ZA and Wingate would compete for the same system resource - networking - blocking each other effectively - there is no guarantee that with ZA installed Wingate will be functioning.

[genie]

Even if ZA is stopped, its driver prevents Wingate from functioninig properly.

[mchis]

Genie,

Uninstalled ZA, restarted server. WG is up and running, with ENS. Ping still does not work from WG clients, but there's an advance: in WG's histroy I can clearly see a DNS lookup (this appeared before as well) PLUS four NAT ICMP my_ip<->pinged_ip. However, still request timeout...

Even if ZA is stopped, its driver prevents Wingate from functioninig properly.

[genie]

Aye, meaning that Wingate finally sees the traffic - what kind of dialup is it - simple dialup? Has the connection to the outside been established?

[mchis]

Genie, of course the connection has been established. Simple dialup, one 56k modem.

Aye, meaning that Wingate finally sees the traffic - what kind of dialup is it - simple dialup? Has the connection to the outside been established?

[genie]

So, the connection is established and you saw the ping request - how about you try pinging, say, www.google.com (it is pingable 100%)? I just want to make sure that it's not the remote site that blocks ICMP traffic.

[mchis]

Actually google is my preferred one :-) I always try to have some backup, so I always try from the server as well - where ping www.google.com works flawlessly. But not from WG clients...

So, the connection is established and you saw the ping request - how about you try pinging, say, www.google.com (it is pingable 100%)? I just want to make sure that it's not the remote site that blocks ICMP traffic.

[genie]

Ok - if you ping google from the Wingate machine, it works fine. If you try pinging it from the client, Wingate does report ICMP connection but it fails - am I right here?

Next question - when you uninstalled ZA, did you make sure that it removed its driver as well? There was something on the forum about how to uninstall ZA driver completely - I am trying to find it now.

[mchis]

Genie, ping google works on client! Sorry, my mistake, after uninstalling I was trying ping www.cnn.com only... However, iTunes still refuses to connec to server from clients, while it works from server... It has no proxy settings to configure.

Actually google is my preferred one :-) I always try to have some backup, so I always try from the server as well - where ping www.google.com works flawlessly. But not from WG clients...

So, the connection is established and you saw the ping request - how about you try pinging, say, www.google.com (it is pingable 100%)? I just want to make sure that it's not the remote site that blocks ICMP traffic.

[genie]

Cool! Can you see TCP traffic through Wingate when iTunes is trying to connect?

[mchis]

Genie,

Something strange happens. When I initiate a connection in iTunes (access the "Music Store") I see nothing in WG history. Immediately before the message box with "failed connection etc" is displayed, a few (three) http accesses appear in WG history, two of them with bytes in / bytes out both nonzero. All three have some "apple" in the name so they're definitely associated with iTunes. On the server, it connects immediately!

Cool! Can you see TCP traffic through Wingate when iTunes is trying to connect?

[genie]

What if you set iTUnes to connect through Wingate proxy? Does it work then?

[mchis]

I may sound stupid, but I can't find a proxy setting in iTunes...

What if you set iTUnes to connect through Wingate proxy? Does it work then?

[genie]

As far as I understood iTunes uses IE proxy settings.

[mchis]

Hmm... So the problem has to be somewhere else. Thanks so far, I'll keep looking.