Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Counter Strike via Kerio WinRoute
  •  
Angel Tsankov

Messages: 21
Karma: 0
Send a private message to this user
I have 2 PC's: PC1 runs Kerio WinRoute Firewall and connects to the internet
through a gateway which runs on a machine, to which I do not have access.
PC2 does not have any access to the internet except via Kerio on PC1. How
can I play Counter Strike or other games online on PC2 in this situation?



  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
u have to enable nat at 1pc on internet interface, and set up proper rule in KWF to enable passtrough for pc2.

and u probebly have to increase maximum nat sessions in KWF settings file because there is lots of udp sessions with online games.

gl

/Wiper
  •  
Angel Tsankov

Messages: 21
Karma: 0
Send a private message to this user
OK, but how do I tell the CS (running on PC2) to use PC1, which in turn will
do the NAT?

----- Original Message -----
From: "wiper" <mrpcguy<at>hotmail.com>
To: <kwf<at>forum.kerio.com>
Sent: Sunday, August 08, 2004 9:02 PM
Subject: [kwf] Re: Counter Strike via Kerio WinRoute


>
> u have to enable nat at 1pc on internet interface, and set up proper rule
in KWF to enable passtrough for pc2.
>
> and u probebly have to increase maximum nat sessions in KWF settings file
because there is lots of udp sessions with online games.
>
> gl
>
> /Wiper
>
>
>



  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
not sure what u mean... what u need to do is to set up an Ip address at the same subnet that the pc1 (non internet interface) remains on. and then you route your traffic thru pc1's gateway from pc2. just point at pc1 as default gateway from pc2.
If u just wana communicate with Internet with pc2 this is the way to do it. i dont think u need to set up anything in CS

/wiper
  •  
Angel Tsankov

Messages: 21
Karma: 0
Send a private message to this user
OK. I see what you mean. So I've started NAT on PC1 and setup PC2 to use PC1
as the default gateway. But I still have problems.

When I execute tracert www.yahoo.com -d on PC2 I get this result:

Tracing route to www.yahoo.akadns.net [216.109.118.72]
over a maximum of 30 hops:

1 2 ms <1 ms <1 ms 10.0.52.207
2 1 ms 2 ms <1 ms 172.16.1.1
3 * * * Request timed out.
(other hops truncated to save space - they are the same as hop 3)

Here I see that PC2 (10.0.53.207) uses PC1 (10.0.52.207) as the gateway, but
unfortunately the packets (after being translated by PC2) are sent to
172.16.1.1 which then drops the packets. I think that PC1 should send the
packets to 10.0.52.202 instead, 'cause this is PC1's default gateway. Here
is the result I get from executing tracert www.yahoo.com -d on PC1:

Tracing route to www.yahoo.akadns.net [216.109.118.72]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.0.52.202
2 <1 ms 1 ms <1 ms 172.16.1.1
3 1 ms 1 ms 1 ms 217.9.231.120
(other hops truncated to save space - ping reaches target successfully)

Furthermore, after the unseccessful ping on PC2, I reexecute the same ping
and I get this result:

Tracing route to www.yahoo.akadns.net [216.109.118.70]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.0.52.202
2 1 ms 1 ms 1 ms 172.16.1.1
3 * * * Request timed out.

Here I see that PC2 does not use PC1 as the gateway (despite that PC1 is
still the default gateway for PC2), instead it directly sends the packets to
PC1's
default gateway (in fact an active route is setup for www.yahoo.com which
directs the packets to 10.0.52.202 instead). I noticed that this occurs
every time I clear the route
table on PC2 (by executing route -f) and reload the satic (persistent)
routes. (PC1's and PC2's routes can be seen in the attached files).
I think that PC2 starts using PC1' default gateway when the ping (from PC2)
reaches 172.16.1.1. If I cancel the ping just after PC2 gets the echos from
PC1 (hop 1), and then restart the ping (on PC2) it still uses PC1 as
gateway. But if I let the ping continue (and reach 172.16.1.1) then PC2
starts using 10.0.52.202 as the gateway for www.yahoo.com (because of the
aforementioned active route).

So:
1.Why is an active route setup to route packets to www.yahoo.com trhough
10.0.52.202 (PC1's gateway)?
2. Why does the ping (on PC2 after I have reloaded the static routes on PC2)
not pass through 10.0.52.202 after reaching PC1? Could any adjustments to
the routing tables fix this? If so, what? If not, what should be done
instead?

By the way, this is the relevant (NAT) traffic rule on PC1:
Source=10.0.53.207
Destination=Any
Service=Any
Translation=NAT (Default outgoing interface)
Action = permint
Valid on=Always

Interestingly enough, Internet Explorer manages to open www.yahoo.com (on
PC2) no matter when I try to load it...

  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
1. shouldent the trace go trough pc1??
2. check so it noy any rules that blocking icmp

i have to say that your post is abit hard to read, could u simplifie it abit? Wink

do you have multiple net in same hub or switch? do u use dhcp for that 10-net? and if you have only a few host use maximum c-net (between only 2 hosts, use 30 bits net)
  •  
Angel Tsankov

Messages: 21
Karma: 0
Send a private message to this user
Well, the problem is that I can load web pages in Internet Explorer on PC2,
but I stilll cannot play CS on PC2.



Previous Topic: Can Kerio VPN support IPSEC?
Next Topic: Strang error message
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 20:49:19 CET 2017

Total time taken to generate the page: 0.00430 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.