DHCP/IP/Network problem

[Kai]

morning guys.

my network setup:

gateway PC with Kerio Wingate Personal Firewall 5.1.10 on it, handling Internet Connection Sharing and DHCP.

three PCs connected to this gateway machine.

so, here's what happened:

i've been playing City of Heroes for about two weeks now, with no problems whatsoever. Been getting proper DHCP IP allocations - the works.

until last night. for some reason everything just stopped working on two of the three PCs. So I enabled ICS (that solved the IP address problem last time) - this got my Browsing working again, but Yahoo, Kazaa and CoH didn't want to connect. I switched ICS off and enabled DHCP in Kerio again - Yahoo and Kazaa worked again, but CoH doesn't want to connect. It connects to the update server, sees that there's an update, but when it comes to downloading it - nothing...

i didn't change anything on Kerio...

now, what i want to know is whether there is any software out there that can take care of the DHCP requests, seen as Kerio doesn't do that so well. i.e when i do a /release and /renew, it just comes back with the same IP, isn't it supposed to change? What happens sometimes as well, is that some machines would be able to connect to the net, and others won't.

smoothwall isn't an option for me, as I don't have the ethernet cable, and i prefer to stick to windows - as I know how to use that.

any ideas/suggestions/tips?

<hr noshade size="1"><font size="1"><i><center><font color="red">i haven't lost my mind, it's backed up on disk somewhere...</font id="red">
tower82.randburg.jhb|13% signal|256k package</center></i></font id="size1">

 

[flashvc]

Oooooooh...How's city of heroes ?
Been eyeballing it, but don't wanna pay if it's gonna be ***

--

 

[groenie]

Most DHCP servers will try to give you the same IP address when you renew if it is still available. I don't think thats a problem.
Can you log the packets being sent/dropped by kerio? Maybe it's dropping packets. Does kerio do stateful inspection?
Are you sure you have unique ports for Kazaa & others on every PC and you're forwarding to packets correctly from kerio in the NAT policy? My guess would be that you set up port forwarding using ip addresses and now they have changed. The wrong PC's are now receiving the forwarded packets.

Tell me if you need more detail on this. Unfortunately I don't know kerio, but I base this on iptables, firewall-1 and WinXP firewall which I work with a lot.

One thing to be careful of is to have two DHCP servers running on the same network. Most PC on the network seems to have trouble recovering from that.

 

[Kai]

hi Groenie. yep. you're spot on there. A friend told me that the Kerio manual has a HUGE warning that you should NOT switch on ICS after you've installed Kerio - i did that last night.

the previous version of kerio, 5.1.8, could run side by side with ICS. This one, evidently, can't.

The reason why I used to have ICS on, is because the DHCP functionality in Kerio 5.1.8 didn't work. So I used to let ICS take care of the the DHCP requests.

And last night, after my one machine stopped connecting, I switched ICS on again - big mistake...

so, i'll have to either reinstall Kerio, and if all else fails, reformat my gateway machine.

As for all the questions you asked - nothing changed, i didn't change the NAT settings or anything. My machine just lost connectivity for some odd reason - and I did the rest

when you say "most PCs seem to have trouble recovering" from multiple DHCP servers - is that rectifiable? I've found that once a network connection latches onto an IP address, it's a b!tch to get it to let go of it - is there a way to tell it to "let go, you sonnofabitch!" Also, what settings to have to change on my DHCP server to tell it to dish out new IP addresses every time a client does a /release and /renew?

Flash - City of Heroes is AWESOME! it's SO much fun! i have a few friends that play it on MyWi and before last night, i've had NO problems playing it! Definately worth a play!

<hr noshade size="1"><font size="1"><i><center><font color="red">i haven't lost my mind, it's backed up on disk somewhere...</font id="red">
tower82.randburg.jhb|13% signal|256k package</center></i></font id="size1">

 

[gripen]

Firstly, I have used Kerio DHCP without any issues. The thing is (probably) that you must set the DHCP server to supply a default gateway and domain/workgroup.

I know for a fact that in Kerio, you can customise the DHCP quite nicely. To solve your problems, change your DHCP scope to exclude the addresses you dont want to use. Or narrow the scope then do a release-renew then broaden it again and repeat the RnR cycle. That *should* refresh the IP pool.

I have seen that kerio will attempt to assign the same IP (in future) to a particular MAC address once assigned. So you pretty much have to set the adapter (in other PC) to a static IP (then reset to dynamic) OR change its MAC address OR remove that specific IP address from the range(scope).

Furthermore, make sure you arent reserving that IP address for a particular MAC address. It will skip over it if so. Just check your Scope/Lease/Reserve settings under DHCP server in kerio.

Since ICS is basically a (very) primitive DHCP server, running it with the Kerio DHCP is kinda a problem. Disable Kerio DHCP and then run ICS and it should be ok.

Im not sure about this BUT we also had a similar issue as you did in that one PC suddenly didnt want to get on the network (even though it got an IP address just fine from kerio) and wasnt even pingable in or out. However, another PC on the LAN worked just fine (Win98) so... I figured it must be the problematic PC and NOT kerio. The solution was to refresh and rescope my kerio DHCP (ie. remove the set mac+IP for the troubled host) and then change the MAC for the trouble PC. Then we just did a RnR on the broken PC. It picked up its normal 192.168.0.3 address and from then everything is/was fine.

I am using KWF 5.1.10 at the moment.

Kai, hopefully the above is useful otherwise, you know how to get hold of me.

One last thing, be careful with this <blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">gateway PC with Kerio Wingate Personal Firewall 5.1.10 <hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">
This couls cause mass confusion since there is a Wingate. Rather make sure you say Winroute (I know you know that but just be careful [] )

Good luck!