Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New internet gateway issue

Status
Not open for further replies.
pcs800

pcs800

IS-IT--Management
Apr 9, 2002
339
US
Ok, this is a long one. Can't figure it out so far.
The company I work for has a network of about 160 pc's.
They all connect to a rack of switches and get internet access
from a redhat linux box that is used as a proxy server.
It's address is 192.168.1.1 port 8080
We recently purchased a hardware firewall that will also act as the new internet
gateway, it's address is 192.168.1.2
We go to each pc, disable the proxy settings, set the pc's ip to a static one, enter
192.168.1.2 as the gateway and add a dns server address.
In most cases, this works fine. The pc gets it's internet access from the new gateway.
But with about 20 of the pc's, it does not work. Most are 98se machines, but a couple XP pro machines do it too.
And what's even weirder is that on the machines that don't take the settings, I can't even ping the 192.168.1.2 address.
Now here are my thoughts, the guy that built this network (he is no longer here) has some pc's logging into a domain, and others just plain workgroups.
So this network has both, which as far as I know you should stick with one OR the other.
I don't know much about wins, but have a hunch that might play a part as well.
Any help at all is appreciated.

Eric VanLandingham
The Bargain Monkey
 
Sort by date Sort by votes
If you can't ping the IP address then I don't think it's WINS. Verify the IP address configuration on those PCs again. Do you notice any similairities with the ones that can't ping the gateway? Are they all in a domain or all in a workgroup?

Can you ping the other computers from those computers.

Steven S.
MCSA
A+, Network+, Server+, i-Net+
 
Upvote 0 Downvote
no similarities that i can see, thats what is so odd. i can ping other pc's and stuff, just not the .2
some domain, some workgroup.

Eric VanLandingham
The Bargain Monkey
 
Upvote 0 Downvote
Try pinging the .1 again if it's still online. Do you have a filter that may be preventing certain computers?

Steven S.
MCSA
A+, Network+, Server+, i-Net+
 
Upvote 0 Downvote
I can ping the .1 and any other address accept .2, no filter that i know of, and if there was then wouldn't it prevent any of them from seeing it?
It's just pc to switch to .2 box, nothing fancy.

Eric VanLandingham
The Bargain Monkey
 
Upvote 0 Downvote
Are all computers on the same subnet? Subnet mask and Default Gateway all configured correctly on those computers?

What's the message returned when trying to ping .2? Can you run a Tracert to .2?

Steven S.
MCSA
A+, Network+, Server+, i-Net+
 
Upvote 0 Downvote
all on same submet, mask and gateway. dns server same also. timed out is ping reply, traceroute stops at switch.

Eric VanLandingham
The Bargain Monkey
 
Upvote 0 Downvote
Hmm... Tracert should not stop at the switch. Since the computer connects to a hub and then the firewall also connects to the hub it should hit the firewall on the 2nd hop.

Steven S.
MCSA
A+, Network+, Server+, i-Net+
 
Upvote 0 Downvote
Do you have routers anywhere in your network? Does your have VLAN support?

Steven S.
MCSA
A+, Network+, Server+, i-Net+
 
Upvote 0 Downvote
did the ipconfig /all, nothing different. Yes there are routers, but don't know about vlan. What would that mean?

Eric VanLandingham
The Bargain Monkey
 
Upvote 0 Downvote
VLAN stands for Virtual Local Area Network. It allows you to segment networks into logically separate subnets using a special switch. You can then implement filters on theses VLANs to control traffic. Maybe the switch is blocking access to the .2 address from specific ports. Try plugging a working computer into a port of a non-working computer.

Can you give us the IP Configuration of the .2 firewall and one from a comptuer that works and one from a computer that does not work?

Steven S.
MCSA
A+, Network+, Server+, i-Net+
 
Upvote 0 Downvote
There are not virtual subnets here, everyone is 192.168.1.something
I think i have pinned down a cause for some of the pc's, which is a block of addresses set aside by the firewall for vpn clients. After I take care of that, if there are still issues I will post again here. Thanks.

Eric VanLandingham
The Bargain Monkey
 
Upvote 0 Downvote
Check your switches for ACL's that prevent those addresses from reaching the areas you want them to; they could be limited. And also check your new firewall for rules that prevent those addresses from getting responses or internet access.

bob

I know what I know and that's all I know. What I don't know I'll find out.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dl12345
  • Locked
  • Question
IPV6 related issue on bind 9.16.1 on Ubuntu 20.04
Replies
1
Views
6K
dl12345
dl12345
KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
5K
KenMeans
KenMeans
uzee001
  • Locked
  • Question
Weird DNS resolution issue from a particular location only
Replies
0
Views
58
uzee001
uzee001
Harime
  • Locked
  • Question
Issue creating subdomains with Bind 1
Replies
4
Views
86
Harime
Harime
faisalka
  • Locked
  • Question
DNS/AD Issue
Replies
0
Views
41
faisalka
faisalka

Part and Inventory Search

Sponsor

Back
Top