Cannot ping proxy server

[jgeary]

Help!!<br><br>I have a multi-homed computer running proxy 2.0 w/ SP1.&nbsp;&nbsp;Currently I have IP forwarding enabled and default gateways on both NICs.&nbsp;&nbsp;When I try to disable IP forwarding and remove the internal default gateway, clients from other offices (different subnet) cannot access that computer.&nbsp;&nbsp;They can see every other computer on the network except for the proxy server.&nbsp;&nbsp;It's like it disappears from the network.&nbsp;&nbsp;Anybody on the local subnet can see the proxy server.&nbsp;&nbsp;When I enable logging for the packet filtering and try to ping the proxy server from another office I get the following:&nbsp;&nbsp;<br>4/23/00, 22:50:29, 10.53.1.253, 10.54.1.1, ICMP, 0, 0, -, 0, 208.49.238.XXX, -, -,<br><br>The first address is the internal proxy server NIC, the second is a computer on a different subnet and the last is the external proxy server NIC.&nbsp;&nbsp;This problem still happens after I disable packet filtering too<br><br>Thanks<br>Joe Geary<br>

 

[Solo]

I have the same problem, what I did to get around the problem was install muitple NIC's on the proxy, four in fact one external three internal for all our subnet.<br><br>If there a better way I like to know.<br><br>Solo<br><br>

 

[RJGlasener]

You should have the default gateway of the proxy server&nbsp;&nbsp;pointing to the internet connection.&nbsp;&nbsp;Then you need to add a static route to your route table on the Proxy server pointing back to to your local subnet.&nbsp;&nbsp;<br><br>example local subnet 172.20.0.0 mask is 255.255.0.0 and the internal NIC address is 172.20.0.1<br>at the dos command prompt type in <br><br>route -p add 172.20.0.0 mask 255.255.0.0 172.20.0.1<br><br>The -p makes the route permanent.

 

[Zelandakh]

If you have the same subnet mask for your subnets (and you should), you can bind all 3 IP addresses to the same net card. Obviously, you will get speed implications as they are all sharing the 1 physical 10/100 port, but the upside is that it is easier to manage.

 

[Steve Bowman]

First clue<br>&quot;When I try to disable IP forwarding and remove the internal default gateway, clients from other offices (different subnet) cannot access that computer.&quot;<br><br>If a box is lets say 10.10.10.5/255.255.255.0<br>with no default gateway it can only send data out to the 10.10.10.xxx network now lets add a router (default gateway) remembering to talk to it we need to have it on the local net say 10.10.10.1/255.255.255.0 when the box has data destined fo anywhere other then the local net it sends the data to the router to let it deal with it.<br><br>in conclusion: if you are subnetting, for everyone to partisipate in a data conversation you need to use default gateways on every segment of the network and the routers need to have a routing table for the WAN if using RIP the routers will broadcast there presance to the other routers on the net work.<br><br>Of course you could put many nics in the box to correct the problem to a degree but that is not very efficiant use of the TCP/IP topology. <p>Steve Bowman<br><a href=mailto:steve.bowman@wayservices.com>steve.bowman@wayservices.com</a><br><a href= > </a><br>

 

[jgeary]

I haven't tried this yet, but I believe that I have to add a static route pointing to the proxy server on the router going out to the other subnets.&nbsp;&nbsp;Apparently that router does not support RIP.&nbsp;&nbsp;Does this sound right??

 

[Steve Bowman]

In a WAN configuration all routers (should) know about all routers either via RIP or by adding Static Routes to the routers. So yes you are on right track<br><br>Just to mention you would need to have a pretty old or very inexpensive router for it to not support at least RIP-1.<br><br>Check this out because this works best, RIP will broadcast all known routes to all the routers on the WAN leaving you with nothing to do but smile. <p>Steve Bowman<br><a href=mailto:steve.bowman@wayservices.com>steve.bowman@wayservices.com</a><br><a href= > </a><br>

 

[jgeary]

Yeah, this router is close to 10 years old and my company will not upgrade.&nbsp;&nbsp;I had a few other problems that were caused by that router

 

[Steve Bowman]

&quot;Minor Rant&quot; If a company can not or will not spend a few $$$ apx 600.00 to replace an aging outdated piece of hardware they (Company) do not deserve a network let alone the efforts of MIS, so far you most likley chewed up hours and heartach over this problem and the Company is already in the bucket close to the cost of the router <p>Steve Bowman<br><a href=mailto:steve.bowman@wayservices.com>steve.bowman@wayservices.com</a><br><a href= > </a><br>

 

[lshouse]

Since your other users are on separate subnets you need to have an internal router, then you can configure the other clients to use that router as their gateway, or you could use many nics in the proxy server ( makes for a slow connection), but you can only have 1 gateway on the proxy server or it will fail to send packets out of your network.

 

[adminit]

Hi!!

A similar problem we face here - we have a Cisco 2501 with RIP enable and connected to a NT Server with MS-Proxy and two NIC cards with IP forwarding enabled. One NIC for the live segment, the other to a non-routable ip (192.168.x.x) with Unix boxes on both the segments.

Telnet from the live to non-live works fine but from non-live to the live segment, it takes a heck of a lot of time - but finally happens. Ping gives proper stats but ftp and telnet are a problem!! What could be the reason?