«

Been asked to get internet connection sharing going on a win2000 box.
It's networked to a Win98 box, tcp/ip, file sharing, ping etc works just
fine.

ICS on the Win2k box was already enabled.

However, it didn't work for the 98 box.

Now, the Win2k box has Sygate Personal Firewall set up on it. Policies
are set to allow the '98 box access on all ports and protocols.

The firewall shows a spike on incoming traffic when I try to connect
from the other machine, but the other machine reports that connection
was refused.
This is also the case when I disconnect the win2k box from the internet
and set the firewall to allow ALL traffic.

After lots of further fiddling I have been able to establish that, with
the proxomitron running on the win2k box, I can connect to it locally on
127.0.0.1:8080 but not on the NIC interface 192.168.0.1:8080 which
should work just fine, for obvious reasons. But it doesn't - I get a
'connection refused' error message, again.

I conclude that there is prob'ly some security policy in Win2k that must
be doing this. But I am not familiar with the system policy on this
platform ... so rather than break something I thought I'd come here for
advice.

Anyone?

-P.

On Thu, 10 Feb 2005 16:48:50 +1300, Peter Huebner wrote:

> Been asked to get internet connection sharing going on a win2000 box.
> It's networked to a Win98 box, tcp/ip, file sharing, ping etc works just
> fine.
>
> ICS on the Win2k box was already enabled.
>
> However, it didn't work for the 98 box.
>
> Now, the Win2k box has Sygate Personal Firewall set up on it. Policies
> are set to allow the '98 box access on all ports and protocols.
>
> The firewall shows a spike on incoming traffic when I try to connect
> from the other machine, but the other machine reports that connection
> was refused.
> This is also the case when I disconnect the win2k box from the internet
> and set the firewall to allow ALL traffic.
>
> After lots of further fiddling I have been able to establish that, with
> the proxomitron running on the win2k box, I can connect to it locally on
> 127.0.0.1:8080 but not on the NIC interface 192.168.0.1:8080 which
> should work just fine, for obvious reasons. But it doesn't - I get a
> 'connection refused' error message, again.
>
> I conclude that there is prob'ly some security policy in Win2k that must
> be doing this. But I am not familiar with the system policy on this
> platform ... so rather than break something I thought I'd come here for
> advice.
>
> Anyone?
>
> -P.

if I had to guess (and I am ) I would say ..
firewall firewall firewall
is it possible to take the machines of the interweb .. shutdown the
firewall altogether.. and _then_ ping each other?
one other thing to be wary of is NIC's being assigned 169.*.*.*
I forget why they nics get reassigned the new ip but they do occasionally
on windows ( no doubt someone will be able to offer the reason why)
something to do with dhcp
but I digress...
get the machines off the internet.. shutdown the firewall... and see if
that makes the difference
HTH

--

Hardware, n.: The parts of a computer system that can be kicked

In article <>,
says...

> if I had to guess (and I am ) I would say ..
> firewall firewall firewall
> is it possible to take the machines of the interweb .. shutdown the
> firewall altogether.. and _then_ ping each other?

pings just fine, firewall on and off.

> one other thing to be wary of is NIC's being assigned 169.*.*.*

I just found out about this on Helmig's website. That could have s.th.
to do with it. But why can I still ping 192.168.0.1 if the IP of that
NIC has been surrepticiously changed by Win2k? Doesn't make sense.
WEll, I'll be going back there on Sunday so that is the most promising
line of enquiry so far.


> I forget why they nics get reassigned the new ip but they do occasionally
> on windows ( no doubt someone will be able to offer the reason why)
> something to do with dhcp
> but I digress...

Not at all. In fact, according to Helmig, it sometimes changes the NIC
IP to the 169 range, but other times to the 192 range. Go figure.

I also know that the XP ICSserver wants the clients to get an IP via
DHCP rather than use a fixed one or it will spit the dummy. But that
does NOT affect other applications (in this case Proxomitron as an
example, or WinGate) from accepting connections on the port that they
are listening to.
Unlike in my current dilemma, where Proxomitron does NOT receive the
incoming connection on port 8080 which has been received and passed on
by the firewall. Firewall _also_ reports that Proxon is listening on
8080. Only reason it doesn't get the packets is that either it's been
remapped to a different IP from the request or ?something? is
intercepting the packets.

> get the machines off the internet.. shutdown the firewall... and see if
> that makes the difference
> HTH

That's more or less what I did, and it didn't.

cheers, -P.

On Thu, 10 Feb 2005 17:19:13 +1300, Peter Huebner wrote:

> In article <>,
> says...
>
>> if I had to guess (and I am ) I would say ..
>> firewall firewall firewall
>> is it possible to take the machines of the interweb .. shutdown the
>> firewall altogether.. and _then_ ping each other?
>
> pings just fine, firewall on and off.
>
>> one other thing to be wary of is NIC's being assigned 169.*.*.*
>
> I just found out about this on Helmig's website. That could have s.th.
> to do with it. But why can I still ping 192.168.0.1 if the IP of that
> NIC has been surrepticiously changed by Win2k? Doesn't make sense.
> WEll, I'll be going back there on Sunday so that is the most promising
> line of enquiry so far.
>
>
>> I forget why they nics get reassigned the new ip but they do occasionally
>> on windows ( no doubt someone will be able to offer the reason why)
>> something to do with dhcp
>> but I digress...
>
> Not at all. In fact, according to Helmig, it sometimes changes the NIC
> IP to the 169 range, but other times to the 192 range. Go figure.
>
> I also know that the XP ICSserver wants the clients to get an IP via
> DHCP rather than use a fixed one or it will spit the dummy. But that
> does NOT affect other applications (in this case Proxomitron as an
> example, or WinGate) from accepting connections on the port that they
> are listening to.
> Unlike in my current dilemma, where Proxomitron does NOT receive the
> incoming connection on port 8080 which has been received and passed on
> by the firewall. Firewall _also_ reports that Proxon is listening on
> 8080. Only reason it doesn't get the packets is that either it's been
> remapped to a different IP from the request or ?something? is
> intercepting the packets.
>
>> get the machines off the internet.. shutdown the firewall... and see if
>> that makes the difference
>> HTH
>
> That's more or less what I did, and it didn't.
>
> cheers, -P.

the next thing to do imo is get a packet sniffer and watch if the packets
are being received.. and sent on
although at this point I must say I've never used proximatron or Sygates
firewall (squid and iptables are close though )
a free packet sniffer is NetworkActiv PIAFCTM 1.5
http://www.networkactiv.com/PIAFCTM.html

again.. HTH ( and doesnt send you on a wild goose chase)

--

Hardware, n.: The parts of a computer system that can be kicked

"Peter Huebner" <> wrote in message
news: .co.nz...
> Been asked to get internet connection sharing going on a win2000 box.
> It's networked to a Win98 box, tcp/ip, file sharing, ping etc works just
> fine.
>
> ICS on the Win2k box was already enabled.
>
> However, it didn't work for the 98 box.
>
> Now, the Win2k box has Sygate Personal Firewall set up on it. Policies
> are set to allow the '98 box access on all ports and protocols.
>
> The firewall shows a spike on incoming traffic when I try to connect
> from the other machine, but the other machine reports that connection
> was refused.
> This is also the case when I disconnect the win2k box from the internet
> and set the firewall to allow ALL traffic.
>
> After lots of further fiddling I have been able to establish that, with
> the proxomitron running on the win2k box, I can connect to it locally on
> 127.0.0.1:8080 but not on the NIC interface 192.168.0.1:8080 which
> should work just fine, for obvious reasons. But it doesn't - I get a
> 'connection refused' error message, again.
>
> I conclude that there is prob'ly some security policy in Win2k that must
> be doing this. But I am not familiar with the system policy on this
> platform ... so rather than break something I thought I'd come here for
> advice.
>
> Anyone?
>
> -P.

Check to see if there is not another conection to the 2k box (right click my
computer then disconnect network drive.). windows doesn't like more than one
connection from one IP under different user names? i did one a while back
almost similar to this, what a nightmare, bloody personal firewalls. Any way
had to uninstall firewall to allow ports to reopen. I would establist the
connection between machines for filesharing before even attemting to connect
the ics.

Bart wrote:
> windows doesn't like more than one
> connection from one IP under different user names?

well ****, dont tell the world of admins using Active Directory and
run-as, otherwise all their win2k systems will stop working.

In article <>,
says...
>
> the next thing to do imo is get a packet sniffer and watch if the packets
> are being received.. and sent on
> although at this point I must say I've never used proximatron or Sygates
> firewall (squid and iptables are close though )
> a free packet sniffer is NetworkActiv PIAFCTM 1.5
> http://www.networkactiv.com/PIAFCTM.html
>
> again.. HTH ( and doesnt send you on a wild goose chase)

In the end it turned out Win2k was playing silly buggers by remapping IP
numbers. How the heck it got to remap 192.168.0.1 to 192.168.7.203 is
completely beyond me.

I ended up disabling Microsoft ICS, rebooting, resetting the IP of the
NIC, rebooting and installing Wingate. Works perfectly now.

Should've done that in the first place :-\

-Peter

In article <. nz> in
nz.comp on Sun, 13 Feb 2005 20:46:21 +1300, Peter Huebner
<> says...
> In article <>,
> says...
> >
> > the next thing to do imo is get a packet sniffer and watch if the packets
> > are being received.. and sent on
> > although at this point I must say I've never used proximatron or Sygates
> > firewall (squid and iptables are close though )
> > a free packet sniffer is NetworkActiv PIAFCTM 1.5
> > http://www.networkactiv.com/PIAFCTM.html
> >
> > again.. HTH ( and doesnt send you on a wild goose chase)
>
> In the end it turned out Win2k was playing silly buggers by remapping IP
> numbers. How the heck it got to remap 192.168.0.1 to 192.168.7.203 is
> completely beyond me.
>
> I ended up disabling Microsoft ICS, rebooting, resetting the IP of the
> NIC, rebooting and installing Wingate. Works perfectly now.
>
> Should've done that in the first place :-\

how secure is wingate, used to be a well known hole

In article < >,
says...
>
> how secure is wingate, used to be a well known hole
>
>

Utterly secure, if you know what you're doing. Just make sure the
bindings are correct, and don't enable remote control for any interface
bar localhost or else be very very specific.
In combination with Sygate firewall I very much doubt you'd get in from
the outside (trojans are another matter, but that doesn't have anything
to do with this question).

-P.

On Mon, 14 Feb 2005 00:25:08 +1300, Adder wrote:

> how secure is wingate, used to be a well known hole

Wingate itself wasn't really the problem. It was people who didn't
understand what they were doing configuring it badly.

Most any proxy server can be misconfigured in the same way. Wingate was
at the time a popular option for those that didn't know what they
were doing.

--
Cheers
Anton