Bug in Wingate NAT

[intell]

There's a bug regarding wingate's nat. At Policy / Extended Network Service I only allow traffic in 80, 443 and some other ports. I also allow ICMP.

My problem is with torrents. Wingate simple allow DHT to work, no matter I do, and connect every single request in any ports (examples: 31867, 19178, 63285, etc).

Besides that bug, NO connections from DHT are displayed in Wingate Management / Activity! Evey other connections are displayed fine, like ICMP, http request, other NAT requests. It's like DHT is bypassing anything.

Except for DHT, my rules are working like they are supppose to. Clients cannot even telnet a disallowed port.

Any tips?

[adrien]

hi

are you sure the DHT connections are even going through WinGate? If they aren't showing in activity, that implies they aren't going through WinGate at all.

Regards

Adrien

[intell]

Yes, they definitely are. That's the bug.

My wingate machine is the gateway for the entire network. If I turn ENS off, DHT connections (and any torrent) stop downloading. Always with nothing at all showing in Activity.

Can you test my setup? Block all ports at ENS, except 80 and 443... then connect a client and start a torrent (any torrent with many seeds from thepiratebay or another public site).

I really need to block torrents...

[adrien]

Hi

We've never had a report that connections going through WinGate that work, are not reported in the activity screen.

unless the torrent client is using UDP ports below 1024, that aren't reported by default.

Check on the routing tab in the Extended Networking dialog, and make sure you enable "Indicate UDP traffic (Port < 1024)".

Also, still in Extended networking, on the firewall tab under Logging, enable log UDP-related messages. and for ports > 1024.

Regards

Adrien de Croy