HughesNet Satellite → [DW4000] Secure sites

I just upgraded my system from 98SE to xp pro sp2,added a laptop with xp pro sp2.I am using the Linksys wrt54G router as an access point.I want to thank spinnaker and Frank for the advice on the change over.I just got it all together within the last couple days because of work schedule.So far host and client can access internet and email and host can access secure sites,but client cant get to secure sites.I went to Intuit site and had no trouble,soon as I try to go to my account page I get the page cant be displayed.Its an https page.I know its something I have or have not done,any hints on where to look?

Accessing secure sites has been an ongoing problem with Direcway users. Just search this forum for "Secure Sites" and you will see what I mean.

There are a number of things that you can try to see if they may allow you to log on to your account at the Intuit site from your laptop....

A. You said that you could get your email from your laptop which seems to indicate that ICS on the Host is working OK, but try disabling ICS on your Host's USB satellite adapter. Then reboot the Host and enable ICS again.

B. Some DW4000 users have said they can access secure sites by putting "https://*" (without the quotes) in the IE6 Proxy Settings exceptions list. I'm not sure why this works, because the Direcway proxy is not used to access secure sites.

C. Others have reported success when they set new DNS Server IP addresses in their NIC's TCP/IP Properties:

Hughes DNS IPs you can try:
66.82.4.8
66.82.4.12
198.77.116.8
198.77.116.12
There are more Hughes DNS servers that you can try. Maybe someone can add to the list.

Alternate DNS IPs you can try:
»Satellite Forum FAQ »Are there alternative DNS servers that I can use?

D. If the above does not work for you, then you should try disabling Norton 2003 on your laptop. If that doesn't work, uninstall it.

I am not familiar with any of your other topics, but do know from experience with my 4000 system that Norton Internet Security installed on either the host or client gives all sorts of problems. Disabling is not enough; needs to be uninstalled.

Since secure sites can be accessed okay from the host, have you tried turning off the built-in XP firewalls on both computers? If so, and still no secure site access, then the client network settings are suspect.

If you do not have 'Proxy Server' checked on the client, can you still browse the net?

I'm going to get back on it tomorrow,I'm worn out.Afraid I will make changes with out documenting them,its gotten to that point.I changed my sig line but wasn't clear,the nav2003 is on host,AVG is on client.I had to do the short cut addition in firewall for xp to allow the client to browse with proxy on and it worked.I was thinking maybe something else with xp firewall,or zone alarm was screwy,I lost my signal tonight,and when it returned,outlook express wont connect through the client and will on the host so it my be in the ICS.I'll get back on it tomorrow.

Temporarily disable any/all firewalls running on the Host PC and laptop Client. As Rusty says, if you have Zone Alarm or Norton Personal Firewall running on the PCs, it's best to uninstall them.

We're interested in nailing down what you can and cannot do from your laptop. I'll explain...

When you browse Proxy ON (HTTP: 192.168.0.1, port 83 or 85) from your Client, your browser is pointed to the HTTP Web acceleration proxy service on your Host PC. The browser on the laptop is using the proxy service to reach Web sites, not the ICS connection to the Host. This works for the HTTP protocol only.

When the Proxy is disabled, the browser on the laptop is using the ICS connection to reach regular (HTTP) Web sites. The laptop also uses ICS for other protocols to reach sites via FTP, to send/receive email (POP3/SMTP), to ping sites (ICMP), to TELNET to servers, and to browse to secure sites (HTTPS).

This would mean there's a problem with ICS if the laptop can't browse to regular Web sites with the Proxy disabled and you can't FTP to sites, ping sites, send/receive email, TELNET, or browse to secure sites. Usually if some protocols work on the laptop but others don't, we start looking for a firewall mis-behaving somewhere.

This sounded familiar and I have been trying to place it which is why I did not post sooner. This may not help at all but...about a year ago a friend of mine called me about his network. He is on DSL and has 2 comps connected through ICS. He had a simular issue of not being able to use other protocols beside http on the clients. After working on it for awhile and talking to him I finally figured it out. He had gotten a virus on the host a few weeks earlier which he had quickly removed. The problem was that the virus had somehow messed up the TCP/IP on the host. The strange part was it did not effect the host directly but only the clients via ICS transfers. I uninstalled TCP/IP and ICS, rebooted, re-installed TCP/IPand ICS and rebooted again. Everything worked fine.

Not saying that will fix your problem and I dont know if you have had any virus's recently but it may be worth a try on both the host and clients.

I'm going to check everything out again this evening.I had a good day yesterday with both of the machines except for the secure site issue with the client and like I say until the bad weather terminated my connection and I lost email on the client.I probably made a boo boo and couldn't remember what I did,and made it worse. Today is a new day

alashley,
I am pretty sure your problem is caused by an incorrect browser proxy setting.
In Internet Explorer, go to Tools/Internet Options/Connections/LAN Settings.
There should only be one check mark on that page, and the two blocks for 'address' and 'port' should be blank and greyed out.

If they are lit, go to the Advanced page and remove the checkmark beside 'Use the same proxy server for all protocols'.

In all cases, on that same Advanced page, you should only have address and port information entered on the top (HTTP) line.
For a client computer, that should be (address) 192.168.0.1 and (port) 85.
CM

I have the same problem, everything is good on the host, client browses fine, except no secure sites, I used to get secure sites with the client with IE but not with firefox, I have tried about everything I can think of, proxy on, proxy off, firewall on, firewall off, etc,etc. By the way the problem with not getting secure sites with IE only happened after I installed the .net framework from microsoft in order to use a bandwidth monitor.All my settings seem the same, I have norton internet security on the client and zone alarm on the host, I may unistall the norton one and see what happens, never had a problem with it though, and maybe unistall the netframework as well.

I know with out being there 192.168.0.1 ..port 83 is checked.Thats the way the FAQs instructions directed me to go. Cant say for sure about the rest,I saw so much yesterday. Do you use xp firewall? If so can you post a screen shot of the host and client xp firewall advanced page and show what is suppose to be checked on each?I know I checked some items on both before I documented,while I was still deranged.I added the direcway http entry to xp firewall on host to allow the client to browse with proxy on.

Alan

In his first reply to you, Spinnaker said you should disable the Norton firewall on your laptop. Now, you ask for information on the XP firewall. Which do you have running?On my host, I use the Norton firewall, so the XP application is disabled. My client does use the XP firewall but I cannot provide the screenshot you asked for.

My wife left today for a month in Spain, and that is her machine. While there is a 'backdoor' I could use to get into it, out of respect for her privacy, I will not.

However, no special 'configuration' has been done for the XP firewall on that computer. It was simply 'enabled' on her LAN NIC.

Since you can browse and email, I doubt that you have a firewall issue. If in doubt, disable it on both machines (and reboot them) to see if that makes a difference...but it probably won't.

One other thing you should be aware of...
Your client needs to have at least two DNS server addresses set up in Network Connections. If you can only 'do stuff' on the laptop with 'proxy on', it indicates that you don't have an 'alternate' DNS server available.

The 'primary' is typically the IP of your host computer (192.168.0.1) while the 'alternate' should typically be one of the standard Hughes servers. Spinnaker gave you a list of them in his first reply.

To configure DNS servers, open Network Connections; right-click the laptop's Local Area Connection and choose Properties. Double-click Internet Protocol TCP/IP, click Advanced, and click the DNS tab.

After creating the DNS servers in the box at the top, put a dot in 'Append primary...ect.' - place a check in 'Append parent...etc.' - and place a check in 'Register this connection's...etc,'.

Everything else should be blank.

After making changes, it never hurts to reboot...
CM

Good evening. Here's where I'm at: Zone Alarm and xp firewall are both off on the Host and Client: result, Email,send and receive:okay...proxy on and proxy off.(2). Secure site at intuit..okay..proxy on and off.
(3). Client; Zone alarm and xp firewall: on
secure site at intuit...okay,proxy on and off
email from client: okay; proxy on and off
(4) Host: xp firewall on:
secure site from client; okay .. proxy on and off
Email the same; from client:okay,proxy on and off
(5) Host: zone alarm on and cant access email or secure site. Can browse with proxy on but not with off.

Zone alarm is blocking me on the host. I have permission for( Laptop showing... 192.168.0.1 ) ( Lan nic 192.168.0.1 /255.255.255.0 )( satellite usb device... 10.80.17.xx / 255.255.255.0 ) for trusted sites. Does this look correct? Does the router need permission? I think I have already tried this yesterday and it was a no go. Every thing works perfect until I enable ZA on the host. Its the free version but I read where folks are using it and having no problem. I printed from the wireless laptop so that part is working also.

Alan

Alan....

The 4000 is a different 'beast'. In a sense it is functioning as a server (ICS), and your version of ZA does not support servers. That was my experience, anyway.

So just use the XP firewall.

IP address on the client is 192.168.0.3 and I have it set for permission,the linksys 192.168.0.254,has permission,the Lan nic has permission,the sat.usb has permission. I'm so close I can taste it . The combination hasn't been figured out yet?

Alan

Alan -

If you have Zone Alarm Free installed on your Host PC, you really should upgrade to Zone Alarm Pro and tell it that "This computer is an ICS/NAT gateway" and enter a "Local Address" of 192.168.0.1. Zone Alarm Free is fine for the laptop Client.

There is a way to get Zone Alarm Free to work on the ICS Gateway machine (your Host PC), but it's not recommended. Read the second paragraph from the bottom here --»www.zonelabs.com/store/c ··· &lang=en

If you don't want to upgrade to Zone Alarm Pro, uninstall Zone Alarm Free on the Host and use Windows Firewall.

Only run one firewall on each PC.

Hey Spinnaker

I'll up grade to ZA Pro. I'll leave the freebe on the client.

I appreciate the time you and CM and Rusty and the others have spent with me on this.Ya'll are certainly beneficial to the 2-way world.This stuff is certainly intimidating when you dont know and understand but isn't to bad once you fool with it a little. Thank you again and have a good 4th. We are doing some hog cooking today in LA.

Alan

Have a good 4th...

We used a "Texas Smoker" to smoke a beef brisket, a chicken, and some sausages yesterday in preparation for the 4th. As you probably know, it's a slow smoke process that takes all day, and you end up smelling just as tasty as the food..

I'm happy with the results so far.
Un tweaked,
42.7 MB file...4 min 58 sec
157KB/sec
From wireless laptop. I havent put DRTCP on here yet.Thats good,real good.

Alan

I haven't had Zone Alarm Pro loaded on any of my PCs for some time because I have a DW7000 system and use Zone Alarm Free....

Double-click the ZA icon in the System Tray.
Click Firewall -> Main, and click the "Advanced" button.
Put the check in "This computer is an ICS/NAT gateway", and click OK. See the picture above. The picture is from an older version of ZoneAlarm Security Suite, but it should give you the idea.

Make sure that your local subnet (192.168.0.0) has been added to the Trusted zone.

Thanks Spinnaker,the latest version has more stuff in the advanced section.I had not visited the advance tab,but its all there.Thank you