Win2k box network problem

Discussion in 'NZ Computing' started by Peter Huebner, Feb 10, 2005.

  1. Been asked to get internet connection sharing going on a win2000 box.
    It's networked to a Win98 box, tcp/ip, file sharing, ping etc works just
    fine.

    ICS on the Win2k box was already enabled.

    However, it didn't work for the 98 box.

    Now, the Win2k box has Sygate Personal Firewall set up on it. Policies
    are set to allow the '98 box access on all ports and protocols.

    The firewall shows a spike on incoming traffic when I try to connect
    from the other machine, but the other machine reports that connection
    was refused.
    This is also the case when I disconnect the win2k box from the internet
    and set the firewall to allow ALL traffic.

    After lots of further fiddling I have been able to establish that, with
    the proxomitron running on the win2k box, I can connect to it locally on
    127.0.0.1:8080 but not on the NIC interface 192.168.0.1:8080 which
    should work just fine, for obvious reasons. But it doesn't - I get a
    'connection refused' error message, again.

    I conclude that there is prob'ly some security policy in Win2k that must
    be doing this. But I am not familiar with the system policy on this
    platform ... so rather than break something I thought I'd come here for
    advice.

    Anyone?

    -P.
    Peter Huebner, Feb 10, 2005
    #1
    1. Advertising

  2. Peter Huebner

    froggy Guest

    On Thu, 10 Feb 2005 16:48:50 +1300, Peter Huebner wrote:

    > Been asked to get internet connection sharing going on a win2000 box.
    > It's networked to a Win98 box, tcp/ip, file sharing, ping etc works just
    > fine.
    >
    > ICS on the Win2k box was already enabled.
    >
    > However, it didn't work for the 98 box.
    >
    > Now, the Win2k box has Sygate Personal Firewall set up on it. Policies
    > are set to allow the '98 box access on all ports and protocols.
    >
    > The firewall shows a spike on incoming traffic when I try to connect
    > from the other machine, but the other machine reports that connection
    > was refused.
    > This is also the case when I disconnect the win2k box from the internet
    > and set the firewall to allow ALL traffic.
    >
    > After lots of further fiddling I have been able to establish that, with
    > the proxomitron running on the win2k box, I can connect to it locally on
    > 127.0.0.1:8080 but not on the NIC interface 192.168.0.1:8080 which
    > should work just fine, for obvious reasons. But it doesn't - I get a
    > 'connection refused' error message, again.
    >
    > I conclude that there is prob'ly some security policy in Win2k that must
    > be doing this. But I am not familiar with the system policy on this
    > platform ... so rather than break something I thought I'd come here for
    > advice.
    >
    > Anyone?
    >
    > -P.


    if I had to guess (and I am ) I would say ..
    firewall firewall firewall
    is it possible to take the machines of the interweb .. shutdown the
    firewall altogether.. and _then_ ping each other?
    one other thing to be wary of is NIC's being assigned 169.*.*.*
    I forget why they nics get reassigned the new ip but they do occasionally
    on windows ( no doubt someone will be able to offer the reason why)
    something to do with dhcp
    but I digress...
    get the machines off the internet.. shutdown the firewall... and see if
    that makes the difference
    HTH

    --

    Hardware, n.: The parts of a computer system that can be kicked
    froggy, Feb 10, 2005
    #2
    1. Advertising

  3. In article <>,
    says...

    > if I had to guess (and I am ) I would say ..
    > firewall firewall firewall
    > is it possible to take the machines of the interweb .. shutdown the
    > firewall altogether.. and _then_ ping each other?


    pings just fine, firewall on and off.

    > one other thing to be wary of is NIC's being assigned 169.*.*.*


    I just found out about this on Helmig's website. That could have s.th.
    to do with it. But why can I still ping 192.168.0.1 if the IP of that
    NIC has been surrepticiously changed by Win2k? Doesn't make sense.
    WEll, I'll be going back there on Sunday so that is the most promising
    line of enquiry so far.


    > I forget why they nics get reassigned the new ip but they do occasionally
    > on windows ( no doubt someone will be able to offer the reason why)
    > something to do with dhcp
    > but I digress...


    Not at all. In fact, according to Helmig, it sometimes changes the NIC
    IP to the 169 range, but other times to the 192 range. Go figure.

    I also know that the XP ICSserver wants the clients to get an IP via
    DHCP rather than use a fixed one or it will spit the dummy. But that
    does NOT affect other applications (in this case Proxomitron as an
    example, or WinGate) from accepting connections on the port that they
    are listening to.
    Unlike in my current dilemma, where Proxomitron does NOT receive the
    incoming connection on port 8080 which has been received and passed on
    by the firewall. Firewall _also_ reports that Proxon is listening on
    8080. Only reason it doesn't get the packets is that either it's been
    remapped to a different IP from the request or ?something? is
    intercepting the packets.

    > get the machines off the internet.. shutdown the firewall... and see if
    > that makes the difference
    > HTH


    That's more or less what I did, and it didn't.

    cheers, -P.
    Peter Huebner, Feb 10, 2005
    #3
  4. Peter Huebner

    froggy Guest

    On Thu, 10 Feb 2005 17:19:13 +1300, Peter Huebner wrote:

    > In article <>,
    > says...
    >
    >> if I had to guess (and I am ) I would say ..
    >> firewall firewall firewall
    >> is it possible to take the machines of the interweb .. shutdown the
    >> firewall altogether.. and _then_ ping each other?

    >
    > pings just fine, firewall on and off.
    >
    >> one other thing to be wary of is NIC's being assigned 169.*.*.*

    >
    > I just found out about this on Helmig's website. That could have s.th.
    > to do with it. But why can I still ping 192.168.0.1 if the IP of that
    > NIC has been surrepticiously changed by Win2k? Doesn't make sense.
    > WEll, I'll be going back there on Sunday so that is the most promising
    > line of enquiry so far.
    >
    >
    >> I forget why they nics get reassigned the new ip but they do occasionally
    >> on windows ( no doubt someone will be able to offer the reason why)
    >> something to do with dhcp
    >> but I digress...

    >
    > Not at all. In fact, according to Helmig, it sometimes changes the NIC
    > IP to the 169 range, but other times to the 192 range. Go figure.
    >
    > I also know that the XP ICSserver wants the clients to get an IP via
    > DHCP rather than use a fixed one or it will spit the dummy. But that
    > does NOT affect other applications (in this case Proxomitron as an
    > example, or WinGate) from accepting connections on the port that they
    > are listening to.
    > Unlike in my current dilemma, where Proxomitron does NOT receive the
    > incoming connection on port 8080 which has been received and passed on
    > by the firewall. Firewall _also_ reports that Proxon is listening on
    > 8080. Only reason it doesn't get the packets is that either it's been
    > remapped to a different IP from the request or ?something? is
    > intercepting the packets.
    >
    >> get the machines off the internet.. shutdown the firewall... and see if
    >> that makes the difference
    >> HTH

    >
    > That's more or less what I did, and it didn't.
    >
    > cheers, -P.


    the next thing to do imo is get a packet sniffer and watch if the packets
    are being received.. and sent on
    although at this point I must say I've never used proximatron or Sygates
    firewall (squid and iptables are close though :p)
    a free packet sniffer is NetworkActiv PIAFCTM 1.5
    http://www.networkactiv.com/PIAFCTM.html

    again.. HTH ( and doesnt send you on a wild goose chase)

    --

    Hardware, n.: The parts of a computer system that can be kicked
    froggy, Feb 10, 2005
    #4
  5. Peter Huebner

    Bart Guest

    "Peter Huebner" <> wrote in message
    news:...
    > Been asked to get internet connection sharing going on a win2000 box.
    > It's networked to a Win98 box, tcp/ip, file sharing, ping etc works just
    > fine.
    >
    > ICS on the Win2k box was already enabled.
    >
    > However, it didn't work for the 98 box.
    >
    > Now, the Win2k box has Sygate Personal Firewall set up on it. Policies
    > are set to allow the '98 box access on all ports and protocols.
    >
    > The firewall shows a spike on incoming traffic when I try to connect
    > from the other machine, but the other machine reports that connection
    > was refused.
    > This is also the case when I disconnect the win2k box from the internet
    > and set the firewall to allow ALL traffic.
    >
    > After lots of further fiddling I have been able to establish that, with
    > the proxomitron running on the win2k box, I can connect to it locally on
    > 127.0.0.1:8080 but not on the NIC interface 192.168.0.1:8080 which
    > should work just fine, for obvious reasons. But it doesn't - I get a
    > 'connection refused' error message, again.
    >
    > I conclude that there is prob'ly some security policy in Win2k that must
    > be doing this. But I am not familiar with the system policy on this
    > platform ... so rather than break something I thought I'd come here for
    > advice.
    >
    > Anyone?
    >
    > -P.


    Check to see if there is not another conection to the 2k box (right click my
    computer then disconnect network drive.). windows doesn't like more than one
    connection from one IP under different user names? i did one a while back
    almost similar to this, what a nightmare, bloody personal firewalls. Any way
    had to uninstall firewall to allow ports to reopen. I would establist the
    connection between machines for filesharing before even attemting to connect
    the ics.
    Bart, Feb 10, 2005
    #5
  6. Bart wrote:
    > windows doesn't like more than one
    > connection from one IP under different user names?


    well shit, dont tell the world of admins using Active Directory and
    run-as, otherwise all their win2k systems will stop working.
    Dave - Dave.net.nz, Feb 10, 2005
    #6
  7. In article <>,
    says...
    >
    > the next thing to do imo is get a packet sniffer and watch if the packets
    > are being received.. and sent on
    > although at this point I must say I've never used proximatron or Sygates
    > firewall (squid and iptables are close though :p)
    > a free packet sniffer is NetworkActiv PIAFCTM 1.5
    > http://www.networkactiv.com/PIAFCTM.html
    >
    > again.. HTH ( and doesnt send you on a wild goose chase)


    In the end it turned out Win2k was playing silly buggers by remapping IP
    numbers. How the heck it got to remap 192.168.0.1 to 192.168.7.203 is
    completely beyond me.

    I ended up disabling Microsoft ICS, rebooting, resetting the IP of the
    NIC, rebooting and installing Wingate. Works perfectly now.

    Should've done that in the first place :-\

    -Peter
    Peter Huebner, Feb 13, 2005
    #7
  8. Peter Huebner

    Adder Guest

    In article <> in
    nz.comp on Sun, 13 Feb 2005 20:46:21 +1300, Peter Huebner
    <> says...
    > In article <>,
    > says...
    > >
    > > the next thing to do imo is get a packet sniffer and watch if the packets
    > > are being received.. and sent on
    > > although at this point I must say I've never used proximatron or Sygates
    > > firewall (squid and iptables are close though :p)
    > > a free packet sniffer is NetworkActiv PIAFCTM 1.5
    > > http://www.networkactiv.com/PIAFCTM.html
    > >
    > > again.. HTH ( and doesnt send you on a wild goose chase)

    >
    > In the end it turned out Win2k was playing silly buggers by remapping IP
    > numbers. How the heck it got to remap 192.168.0.1 to 192.168.7.203 is
    > completely beyond me.
    >
    > I ended up disabling Microsoft ICS, rebooting, resetting the IP of the
    > NIC, rebooting and installing Wingate. Works perfectly now.
    >
    > Should've done that in the first place :-\


    how secure is wingate, used to be a well known hole
    Adder, Feb 13, 2005
    #8
  9. In article <>,
    says...
    >
    > how secure is wingate, used to be a well known hole
    >
    >


    Utterly secure, if you know what you're doing. Just make sure the
    bindings are correct, and don't enable remote control for any interface
    bar localhost or else be very very specific.
    In combination with Sygate firewall I very much doubt you'd get in from
    the outside (trojans are another matter, but that doesn't have anything
    to do with this question).

    -P.
    Peter Huebner, Feb 13, 2005
    #9
  10. Peter Huebner

    AD. Guest

    On Mon, 14 Feb 2005 00:25:08 +1300, Adder wrote:

    > how secure is wingate, used to be a well known hole


    Wingate itself wasn't really the problem. It was people who didn't
    understand what they were doing configuring it badly.

    Most any proxy server can be misconfigured in the same way. Wingate was
    at the time a popular option for those that didn't know what they
    were doing.

    --
    Cheers
    Anton
    AD., Feb 13, 2005
    #10
  11. Peter Huebner

    froggy Guest

    On Sun, 13 Feb 2005 20:46:21 +1300, Peter Huebner wrote:

    > In article <>,
    > says...
    >>
    >> the next thing to do imo is get a packet sniffer and watch if the packets
    >> are being received.. and sent on
    >> although at this point I must say I've never used proximatron or Sygates
    >> firewall (squid and iptables are close though :p)
    >> a free packet sniffer is NetworkActiv PIAFCTM 1.5
    >> http://www.networkactiv.com/PIAFCTM.html
    >>
    >> again.. HTH ( and doesnt send you on a wild goose chase)

    >
    > In the end it turned out Win2k was playing silly buggers by remapping IP
    > numbers. How the heck it got to remap 192.168.0.1 to 192.168.7.203 is
    > completely beyond me.
    >
    > I ended up disabling Microsoft ICS, rebooting, resetting the IP of the
    > NIC, rebooting and installing Wingate. Works perfectly now.
    >
    > Should've done that in the first place :-\
    >
    > -Peter


    heh.. good to see I was way off (if my averages get to high I have to
    start charging :p)

    --

    Hardware, n.: The parts of a computer system that can be kicked
    froggy, Feb 13, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tommy Halnet

    w2k box cannot browse w98 box with netbeui

    Tommy Halnet, Jan 2, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    424
    Tommy Halnet
    Jan 2, 2004
  2. VRao

    How to delete list box(text box)

    VRao, Jan 24, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    2,673
    Sultan
    Jan 24, 2004
  3. =?ISO-8859-1?Q?Collector=BBNZ?=

    Win2K Network Problem

    =?ISO-8859-1?Q?Collector=BBNZ?=, Jul 19, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    1,794
    The Muffin Man
    Jul 20, 2005
  4. X Box VS X Box 360

    , Nov 26, 2006, in forum: Computer Support
    Replies:
    3
    Views:
    453
  5. thing
    Replies:
    3
    Views:
    691
    thing
    Aug 15, 2004
Loading...

Share This Page