WinGate Forums

[neujron]

Hi to all especially Support team. We have 2 questions:

1. We would like to know how we can configure the PCAnywhere in Wingate server. We already got the knowledge base regarding this on your site but unfortunately we did not succeed on getting this to work. We are still using old version 4.4.0 on an NT4 box. Our supplier Cotton, Inc of USA requires us to open the ports (5631-TCP and 5632-UDP) for PCAnywhere for their connection in order to do remote configuration of our system which we bought from them. We followed every step described in the KBA but we are not sure what to put in the bindings tab, i.e., the connections for an IP. Are we going to use the legal IP (public) address or the internal IP of our Wingate server? Because we have 2 different IP, the one that is public and the other one our internal IP so everybody on the network can access the Internet thru Wingate. Same is true with the Interfaces tab, what IP should we use for the connection.

2. Same configuration problem for TCP Mapping. We got an HTML program from USDA that connects to a Central Database. They require us to open the port 8423 so that we can connect to their server. This time, we are the one that will connect to USDA server. Their host IP is 151.121.3.252. Everytime we connect, there's an error message "class e: IO (Host:151.121.3.252) No route to host: connect" or class e: IO (Host:151.121.3.252) Connection timed out: connect".

How are we going to configure our Wingate for these types of connection? Any help would be greatly appreciate, thanks in advance.

[neujron]

It seems nobody in the SUPPORT TEAM is interested on our problem, does the support don't want to reply to the one I post???

It's very frustrating that nobody from support noticed our concern. First time that we have encountered such support. Is it because we have only old version???

On other sites, their support is excellent even if you have older versions. You'll expect a response for anything you have, your concerns will surely be attended.

But eventhough, we hope we can get a reply from you guys...

Thanks.

[genie]

1. For PCAnywhere to work from the outside of you network you need to open the range that you already mentioned. Depedning on what machine you want external PCAnywhere to connect to you need to either "Allow" the range (connection to Wingate machine" or relay it to one of your external machines (do not forget to tick "Do no change source IP address checkbox".
2. Is 151.x.x.x you internal address range?

[neujron]

Thank you very much for the reply.

The ports 5631 and 5632 was defined and opened already as I have mentioned earlier. We followed every steps defined in the KBA and made every trials on the general, bindings, interfaces, mappings and policies tabs but we haven't been successful. This is for the PCAnywhere configuration.

Same with the port 8423 where we are the one to connect to their server, we can't get any connection. We tried using a PC home outside our netwok and we're successful on connecting to the host server.

151.x.x.x is not our internal address range. We use 192.X.X.X for the internal IP and 202.X.X.X is the range given by our ISP for our proxy server.

What do you mean allow the range and also relay it to one of our external machines? May you please elaborate further the procedure for this? The option ("Do no change source IP address checkbox") you mentioned, is it on the Wingate server?

Your help is greatly appreciated.

[Pascal]

A few thoughts on this. If you are running the PC Anywhere host on the WinGate Server, you should simply need to open the firewall holes as you've specified you've done. When you are looking at the firewall logs, can you see any hits coming from Cotton Inc. 's IP Address ?

If you are simply opening holes in the firewall, you should not need bindings / interfaces for it to work. If you are defining a mapping service, however, you will need to bind to the public IP.

Secondly, with your version 4.x license key you can upgrade to later versions of WinGate, which has significantly improved NAT / Firewall abilities. I'd recommend 6.0, released late last week but you can also use 5.2.3. If you do choose to go this route, remember to ensure you have a backup of your WinGate settings and your system setup. (Safety precaution)

[Pascal]

With regards to the TCP mapping - are you attempting this from a client computer behind the WinGate Server ? Or is this running from the WinGate Server itself ?

[neujron]

Hello Pascal,

The PCAnywhere was installed at another computer wherein the software for Cotton Inc was also installed not on the Wingate Server itself. There was never a hits for Cotton Inc on the log only the modifications and shutdown/startup lines.

So you're saying that no need for IP addresses for the bindings and interfaces tabs for it to work, if I don't need to define mapping service. Forgive my ignorance, I'm just a neophyte regarding firewalls but isn't it that TCP Mapping is a mapping service? How do I distinguished that I don't need mapping service from just opening the port? Does PCAnywhere work even when there's no mapping service?

For the TCP mapping (port 8423) we're doing it on a client computer behind the WinGate Server ? It's not running from the WinGate Server itself. What I mean is, we access it inside our network behind the Wingate server we're just opening the port on Wingate.

Regarding update of Wingate, I have seen it already but I'm reluctant to do this because it also says that not all services will be installed and it's not listed what are those services. It may mess up our current configuration and it may not work. Can you give me the list of services that will not be installed?

Thank you so much.

[Pascal]

That's why I queried - from your original post it was unclear if you're running it on the WinGate Server or on a client machine. As you are running it on a client machine, yes, you do need the TCP mapping. Is it possible for you to send me the settings, screen by screen, of the mappings you've got defined for this ? Is this on one client only ?

You will always get the same services that you had available in your previous version. If you move up to 5.2.3, you won't get the new mail server. If you move up to 6.0, you won't get the new mail server, bandwidth control, etc.

However, all the services you know from 4.4 will still be there. Check the forum post under announcements for a list of the features that are new to 6.0, also a previous post entitled "Licensing Questions" about a more detailed breakdown of the features.

[Pascal]

Hi,

Larry is using PC Anywhere for his network, he sent some tips in for you to try:

Create a tcp mapping -
General - give it a name, port 5631
- Check map to
- Enter IP address of server to be connect to and 5631 for port.

Binding is to WG external IP

Interface is WG internal IP

Policy - add everyone and ignore default
- user may be unknown

Repeat for a udp mapping using 5632 as the port.

That sounds like it should work just fine.

[neujron]

Hello,

I will try to get all the screen shots by the day, this may take a while.

Thanks for the suggestion of Larry but is seems we have done same thing, only thing is for the Interfaces tab for "Connections to be made out on the ff interface only" -> here we put same IP like in the Bindings tab, the external IP, Larry has their internal IP. We'll try this one.

For the upgrade, I think we can try it because we are not using SMTP and POP3 of Wingate, we're using different mail server software but they are installed on same machine. I'll check out later the "license questions" and see the services for the new version and what will not be installed.

For other TCP Mapping (8423), I have done simple setup just opening the hole and left the bindings and interface tabs as it is but I was not successful doing it. Experimented with bindings/interface, same result. I'll give you also the screen shots for these.

Thanks once again.

[Pascal]

No problem - you can email the screenshots to me (Email address is in my profile)

[neujron]

I'll be sending now the screen shots of PCAnywhere TCP and UDP Mapping services also the USDA TCP Mapping for port 8423. I have also the logs for the three maps for your reference.

Expect 12 screen shots for PCAnywhere TCP/UDP and USDA TCP mappings and the 3 log files.

Thank you.

[neujron]

Hello Pascal,

Just want to follow what are your findings on the screenshots I have sent you, are there any areas which we have to change in our current setup?

Thanks.

[Pascal]

I need help on this one - I've asked people who have PC Anywhere setup and running on their networks. Most of them are running version 6 though. As soon as I get more info back from them, I'll post back to you.

[neujron]

Thanks Pascal,

By the way, I want you to know that we have upgraded already last night our Wingate version from 4.4 to the latest (v6.0). At first, we can't connect to the internet until I found out that I have to open the port 80 on Extended Networking in Port Security Configuration and bind also our Internal IP address for WWW proxy server . Now it's okay, I just don't know for other services. 4 Issues here 1st, UDP Mapping service cannot be open or added to the ENS. I tried it 3 times but it won't. 2nd, why we have 2 icons on the task bar, 1 for Gatekeeper and 1 for Wingate VPN? 3rd, why do we have to open ports for our POP3 wherein we don't do it on the previous version, we're not bound before to the Wingate server. 4th, why is it that when we activate our key, it says it was successfuly activated but when you click on finish, it says on the list Not Activated and 1 more key was added and it is Activated? So far, those are the issues we have encountered, if ever there are still others expect that I'll post it soon.

If most of them are using ver 6.0, then you may ask them now for PCAnywhere.

Best regards.

[genie]

In ENS Port security panel there is combobox that selects a protocol to display - just switch to UDP and you will see the holes you have opened.

[Pascal]

Did you request a trial key, or choose to activate your version 4 key ?

[neujron]

Thanks genie, I didn't see that. It was added already because of the previous installation.

Pascal, during installation there was a message on the 1st paragraph that if we have already a key then no need to request, I'll just continue with the installation and clicked on next. When the installation is finished and I open the gatekeeper, a pop up message appears telling me to activate 1st, so that's what I did, our key was listed so I activate it and it says it was successful but when I clicked on Finish, there were 2 key already and our original key was listed as 'Not Activated'. Have I done something wrong? How can we activate our original license key now?

Thanks.

[Pascal]

What does the other key say ?

[neujron]

The other key was "Activated" and here are the complete details found below:

Wingate 4.x Pro 50 user license
License ID: 322793
Registered to: <"our company name">

Note This activation gives you the reduced features applicable to your version 4 key. To access the newer features you will need to purchase an upgrade.

For product support click here

- That was all that it says.

[neujron]

Hey Pascal/Support,

Any updates on PCAnywhere configuration and also for our port 8423 TCP Mapping? Have you found anything that may help us with our setup?

My boss is asking me already about the status and he keeps on bugging me about it. I told him that we are still working on it and I understand your part as a support and you're doing the best that you can but you must understand also our situation. I'm already on the hot seat since the issue came up. Also, top management is on it already because it is critical to our business what we are working with USDA.

Hope you have already solutions on our problems.

Best regards.

[adrien]

Hi

Since you only have one network card in that machine with 2 IP addresses you will need to use TCP and UDP mapping proxies for this setup, rather than ENS redirects.

I think you already have these created.

However, since your single network card is shown as External, then by default these TCP and UDP mapping proxies won't be bound to the external adapter.

To get these to create a binding on this adapter, go into each of the mapping proxies, click on bindings, and then add a policy where you bind to any adapter.

This will then also create holes as required in the firewall.

Note that since you only have one adapter on this machine with 2 IP addresses, and it is external, then it will be firewalled from your network. You may need to open some holes to allow your network computers to connect to shares etc on this machine. Since you couldn't open these holes and not also have them open for connections from the Internet, this would be a security risk.

This is why we normally suggest that people use more than one network adapter.

Adrien

[neujron]

Hi,

That explains why it's hard to configure our wingate machine. We can't even ping it locally eventhough the option in the firewall was checked already.

The setup was the original config since I took over the responsibility of our network system. Our wingate server was configured that way already and administered it thru self-study and testing.

Please help and guide me on what to do next on our PCAnywhere/TCP mapping. If you're recommending that we're going to install another adapter and it's better to have 2 adapters then I'll tell my Boss regarding your recommendation. But what will happen to our current setup, do I have to change anything if the other adapter was installed already?

Thanks.

[adrien]

Yep, the problem with your setup is that your single network adapter is trying to be both internal and external! Poor thing is getting a complex!

WinGate 5.x only treated adapters on an IP basis, so you could specify that an adapter with multiple IP addresses should have a split personality, but WinGate 6.0 works on a per-adapter basis (which is all the driver worked on before anyway - there used to be problems with the old way which is why we changed it).

So for your adapter trying to be both external and internal causes it some problems. I think even in version 5.x you would have had this firewall issue.

If you put in a separate adapter, then you can separate out the functionality, e.g. have one adapter as external, and one as internal. This makes life a lot easier for the WinGate machine, enables NAT to work, solves the firewall issue etc, and gives you more options for how to get your PCAnywhere working as well.

In terms of WinGate configuration, all you should need to do is install the other adapter, and give it the proper IP (take one off the other adapter).

WinGate should then automatically

a) determine the correct usage for both adapters
b) bind your services to the correct adapters based on your binding policies (so you shouldn't have to change anything here)
c) set up your firewall

Adrien

[neujron]

Thanks for the info Adrien,

Anyway, we will be soon upgrading our server maybe 3 or 4 weeks more to a Pentium 4 machine with 512 or maybe 1GB Memory and we'll be using Windows 2000 Server already not NT4. If ever, the machine will have its own network adapter attached to the board, what should be the adapter I will configure as external or internal? Is it the one already attached or the other that we will be adding, or it doesn't matter which is which?

For the meantime, I'll try first your earlier suggestion for binding to "ANY Adapter (any IP)".

Best regards.

[neujron]

Hello Adrien/Pascal,

As I have stated in my last post, I will try the setup you told me that I will bind to "ANY Adapter" because we have 2 IP for 1 adapter. However, we still can't connect from outside to the PC hosting the PC Anywhere which is inside our network.

Even when I put on the gateway "Use any available connection" or add another that will use "ANY Gateway" on "ANY IP Address" under the "Use specified connections in priority order" with Any Gateway as 1st option in the "Connection Scheme", still same problem.

What's our next step now? Do we need to install now the 2 Network adapter in the machine or we're going to wait 1st if you have some other suggestions/solution? The upgrade of our machine will take time, maybe 3-4 weeks.

Please help, thanks.

[neujron]

Hello Adrien/Pascal,

JUST WANT TO FOLLOW UP ABOUT PCANYWHERE.

I have a reply last time, what do you think we're going to do next?

Thanks.