Can ping LAN but cant ping Internet!!! 3

[MBorges]

Hello,

I am using a hub to connect to a NT4 server (internet server) that is connected to a unix firewall machine that connects to a DSL modem.

On one of the computers (windows 98 SE) I can ping the gateway, the router, and the other networked computers but when I try to ping outside the LAN there is no success. I can browse the internet in IE and receive mail in Outlook express fine. But ping and tracert don't work. And programs like mIRC, mozila browser, and a few other programs are unable to connect.

This worked at one time but now it isn't. I have reinstalled the current drivers for the network card as well as reinstalled the DSL software, and even reinstalled windows 98 several times.

Any help would be greatly appreciated.

Thanks in advanced,

Manuel

 

[svermill]

Are you running DHCP or are the machines statically configured? I was thinking you might have a bad DNS server entry, but you said you could browse using IE, so that isn't it. But perhaps something along those lines. Personal firewall also comes to mind. I couldn't find it on my W2k box, but I seem to recall that some MS OSes allowed you to set a function that wouldn't allow ICMP from outside the directly attached subnet. I don't have a Win98 box anymore, so I can't say for sure. Check IP filtering options under advanced TCP/IP settings.

 

[pentode]

Is your mail coming from your local server? If you can't ping, I don't think the machine is seeing anything outside of your LAN.

But make sure you are pinging something that will respond. Some servers will not respond to a ping request. Try pinging your local ISP server.


Make sure you have TCP/IP protocol associated with your network card. Windows-based LANs can work without TCP/IP running.

 

[MBorges]

First of all i'd like to thank you for your quick replies... i've been sick in bed since friday so i havent been able to come here... so hre's my answer to your questions.

DHCP is thru WINS.
Don't have DNS Server configured... but some computers on the network are able to resolve url, and others arent... and none are able to ping though.
We have both proxy and firewall here... but the proxy is set to aloow both in and out ICMP. The firewall is not blocking either.
I don't have anything related to IP filtering in the TCP/IP settings.

Yes we have an exchange server, that receives the emails from the ISP box.
I can ping all computers on the network, that includes the servers... both the mail server, the file server and the internet server. I can also ping the unix firewall box.

I tried to ping the mail box we have on the ISP, and it is suposed to allow it... i can ping it from home.

The only protocol i have installed is TCP/IP defined as default and associated to the network card.

Hope this help you understand my situation a little better.

Again i thank the info you already provided... hope to hear from you soon.

Best regards,

Manuel

 

[pentode]

What happens when you try to ping? Does it just time out, or does it give an error saying it can't resolve the name?

You might try pinging using a known IP address, instead of a name.

 

[jjk3]

Could it be NAT? Do you know if your site is using Network Address Translation?

It could be something like this, the firewall only NATs connections from your Proxy server. Protocols that are configured to use the proxy work fine (mostly HTTP, but POP3 and FTP are also common), but systems which do not use the proxy do not work.

The firewall can allow all the protocols, but when the traffic gets to the Internet it could be using "illegal" addresses and the traffic gets discarded.

ICMP is something that isn't proxied much and can be confusing to firewall correctly. If you are NATing, using a proxy and a firewall, I wouldn't be surprised if something is not configured correctly. To get to the bottom of it you may need to use a network sniffer.

Do the systems that can't access the Web (HTTP) always not work or do they work sometimes?

Joe
---------------------------------------
Joe Keegan - Joe@jjk3.com
SANS GSEC & GCFW
CCSE, CCNA, CCSA & Sun Certified

 

[MBorges]

Well well well... still trying to solve this thing.
Even though your help has been of great use and i've been learning a lot too.

So... regarding pentode questions:
Its funny that some computers are able to resolve the url giving the the IP, using either ping or tracert, but thne gives me unreachable host... and a few other computers are not even able to resolve giving me immediatly an unknown host.
Also ping directly the IP gives the exact same errors in both kinds of computers.
And is really funny since all computers are win98se and configured the exact same way, same hardware, etc etc etc...

Well regarding jjk3 answer... well that seems to be a very valuable information... but most things you said i still don't understand... am going now to search "prof google" for some info on that, i'll get back here later with info... if you could give me some tips regarding the sniffer would be great.

Again guys thanks for this amazing help your giving me.

Manuel

 

[svermill]

I personally would focus my attention on the firewall machine and the DSL router. You might even need to make sure your ISP isn't blocking your ICMP traffic, but I'm not aware of any that do. As for sniffers, I use Ethereal (

http://www.ethreal.com).

It's free and very handy. This might help you localize where things are getting killed. But you already said you could ping everything internal. So that means either your outgoing ICMP Echo Requests are getting killed at the DSL router (or beyond) or that your ICMP Echo Replies are getting killed somewhere. If none show up at the DSL router, you can assume the problem to be one with your ISP or beyond. If they are showing up at your router, something internal is getting you into trouble.