Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can't Connect to Anyone on My Subnet!

Posted on 1999-07-14
22
Medium Priority
?
415 Views
Last Modified: 2013-12-23
I am using ADSL to connect to the internet.  I recently installed a network in a business and set them up with SDSL from the same ISP (same subnet as me, too).  

Here is the problem: I can't connect to the company network from my machine -- even though I can connect anywhere else.  A little troubleshooting has shown that I cannot connect to anyone on my subnet, except the internet gateway.

I've tried deleting and rebuilding routes, deleting and reinstalling TCP/IP...  What am I missing here?

Here are some tidbits -->

netstat -r:

  destination         router          netmask   refcnt   use  flags  snmp intrf
                                                                     metric
        default   209.221.206.1         0.0.0.0    2      497  UG       0  lan0
  209.221.206.0 209.221.206.142   255.255.255.0    0        0  U        0  lan0
  209.221.206.1 209.221.206.142 255.255.255.255    1        0  UH       0  lan0
209.221.206.126 209.221.206.142 255.255.255.255    0        3  UH       0  lan0
209.221.206.136 209.221.206.142 255.255.255.255    0        2  UH       0  lan0

The last two entries above are for two other machines on my subnet that I pinged before running netstat.

ifconfig lan0:
  lan0: flags=bc63<UP,BROADCAST,NOTRAILERS,RUNNING,BRIDGE,SNAP>
           inet 209.221.206.142 netmask xffffff00 broadcast 209.221.206.255


resolve2:

  domain qnet.com
  nameserver 204.107.78.3
  nameserver 204.107.78.2

0
Comment
Question by:mr_realtime
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 4
  • 4
  • +2
22 Comments
 
LVL 12

Expert Comment

by:Otta
ID: 1558761
I hope that your file is named 'RESOLV2' (omit the 'E').

Show the output from IFCONFIG and NETSTAT on the "other" computer.
Perhaps, it is receiving your IP-packets, but it is unable to send its responses to your computer??
0
 

Author Comment

by:mr_realtime
ID: 1558762
Yes -- it's RESOLV2 in the ETC directory.

It would be nontrivial to IFCONFIG and NETSTAT the other machine.  It's located miles away and it's a router.  The machine behind the router, however, allows me FTP logins from other locations, so I know it's working...
0
 

Expert Comment

by:msmanju
ID: 1558763
Try this
1. if inetver output  is > 5.3xxx
route delete 209.221.206.0 209.221.206.142  

route add -net 209.221.206 209.221.206.142 netmask 255.255.255.0

2. else
route delete 209.221.206.0 209.221.206.142  

route add 209.221.206.0 209.221.206.142 0

Manju
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 

Author Comment

by:mr_realtime
ID: 1558764
Manju,

Ok, here goes...

========================
[D:\]inetver
Inet Version: 4.00e

[D:\]route delete 209.221.206.0 209.221.206.142
Deleting route to network 209.221.206.0 (no netmask specified, default used)

[D:\]route add 209.221.206.0 209.221.206.142 0
Adding network 209.221.206.0, router 209.221.206.142 (no netmask specified, default used)

[D:\]netstat -r

  destination         router          netmask   refcnt   use  flags  snmp intrf
                                                                     metric
        default   209.221.206.1         0.0.0.0    2     1284  UG       0  lan0
  209.221.206.0 209.221.206.142   255.255.255.0    0        0  U        0  lan0
  209.221.206.1 209.221.206.142 255.255.255.255    1        0  UH       0  lan0
209.221.206.136 209.221.206.142 255.255.255.255    0        4  UH       0  lan0

========================

Nope, pings to my subnet still hang in the void.  I also note that it seems to ignore the netmask when adding the route back.
0
 

Expert Comment

by:msmanju
ID: 1558765
Hi
 Can you try this ?
  route add subnet 209.221.206.0 209.221.206.142 1 netmask 255.255.255.0
0
 

Author Comment

by:mr_realtime
ID: 1558766
Ok...

============================
[D:\]route delete 209.221.206.0 209.221.206.142
Deleting route to network 209.221.206.0 (no netmask specified, default used)

[D:\]route add subnet 209.221.206.0 209.221.206.142 1 netmask 255.255.255.0
Adding network 209.221.206.0, router 209.221.206.142 netmask 255.255.255.0.
===========================

Hhhmm... it took that ok, but the resulting netmask doesn't look the same...

===========================
[D:\]netstat -r

  destination         router          netmask   refcnt   use  flags  snmp intrf
                                                                     metric
        default   209.221.206.1         0.0.0.0    2     4609  UG       0  lan0
  209.221.206.0 209.221.206.142   255.255.255.0    1        0  UG       0  lan0
209.221.206.136 209.221.206.142 255.255.255.255    0        4  UH       0  lan0
209.221.206.142 209.221.206.142 255.255.255.255    1        0  UH       0  lan0
=========================

The result is a dead stack.  I ran ...mptn\bin\setup.cmd to restore "normal" (no connections to my own subnet) operation.

setup.cmd:

route -fh
arp -f
ifconfig lan0 209.221.206.142 netmask 255.255.255.0
REM ifconfig lan1
REM ifconfig lan2
REM ifconfig lan3
REM ifconfig lan4
REM ifconfig lan5
REM ifconfig lan6
REM ifconfig lan7
REM ifconfig sl0  
route add default 209.221.206.1 1
route add net 209.221.206 209.221.206.1 1 netmask 255.255.255.0
ipgate off
0
 

Expert Comment

by:msmanju
ID: 1558767
Can you try this , if you don't mind ?


Delete the following entry

209.221.206.142 209.221.206.142 255.255.255.255    1        0  UH       0  lan0

Add
route add subnet 209.221.206.0 209.221.206.142 0 netmask 255.255.255.0
0
 

Author Comment

by:mr_realtime
ID: 1558768
No, I don't mind.  

I got an error when I first tried it; it said the route already existed.  Since a flush would not remove the route, I deleted it manually.  After adding it back in with your string, I was back where I started...
0
 
LVL 12

Expert Comment

by:Otta
ID: 1558769
Can the computers in that company's network connect "anywhere",
i.e., to 'WWW.EXPERTS-EXCHANGE.COM' or 'WWW.IBM.COM' ?
0
 

Author Comment

by:mr_realtime
ID: 1558770
Otta,

Yes, there is a router/firewall there, but all computers on their local net can surf freely.  I do it all the time.  Also, we are running an FTP server and I've been able to access it from everywhere... except my house.

Mr. Realtime
0
 
LVL 12

Expert Comment

by:Otta
ID: 1558771
From your computer, please try
  '\tcpip\bin\tracerte aaa.bbb.ccc.ddd',
where 'aaa.bbb.ccc.ddd' is the IP-address of that FTP-server.
0
 

Author Comment

by:mr_realtime
ID: 1558772
Ooops, I thought I had already posted that.  Here it is:

[D:\]tracerte aic-gw.dsl.qnet.com
 0  * * *
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

[D:\]


It occurs to me that I don't know for sure if anyone else on the subnet can connect.  Maybe it's a router configuration error?

0
 
LVL 12

Expert Comment

by:Otta
ID: 1558773
How about showing a 'tracerte' to a site which you *can* access?
---
I get:
---
traceroute to aic-gw.dsl.qnet.com (209.221.206.136), 30 hops max, 38 bytes
 0  * * *
  ...
11  194.ATM9-0-0.GW1.LAX2.ALTER.NET (146.188.248.77)  55 ms  55 ms  55 ms
12  softaware-gw.customer.ALTER.NET (157.130.225.30)  62 ms  47 ms  54 ms
13  h3-0.MDR.softaware.com (206.83.165.221)  55 ms  63 ms  62 ms
14  209.85.129.162 (209.85.129.162)  63 ms  63 ms  62 ms
15  209.85.129.54 (209.85.129.54)  62 ms  55 ms  63 ms
16  aic-gw.dsl.qnet.com (209.221.206.136)  102 ms  86 ms  86 ms

Can you try 'ping' or 'tracerte' to some of the above "intermediate" IP-addresses?


0
 

Author Comment

by:mr_realtime
ID: 1558774

Those addresses would not normally be "intermediate" to me, since I'm trying to get to an address on my own subnet.  Even if it did go "out" first, I would think it might bounce around my ISP and back into my subnet.  Anyway, here are some of the ones from your tracerte:

[D:\]tracerte softaware-gw.customer.ALTER.NET
 0  qnet-gw (209.221.206.1)  31 ms  54 ms  40 ms
 1  qnet-gw (209.221.206.1)  31 ms  32 ms  39 ms
 2  209.85.129.53 (209.85.129.53)  70 ms  39 ms  39 ms
 3  209.85.129.161 (209.85.129.161)  47 ms  39 ms  55 ms
 4  h4-0-0.IPG.softaware.com (206.83.165.222)  39 ms *  39 ms

[D:\]tracerte 146.188.248.77
 0  qnet-gw (209.221.206.1)  63 ms  47 ms  39 ms
 1  qnet-gw (209.221.206.1)  47 ms  39 ms  39 ms
 2  209.85.129.53 (209.85.129.53)  47 ms  39 ms  55 ms
 3  209.85.129.161 (209.85.129.161)  47 ms  93 ms  39 ms
 4  h4-0-0.IPG.softaware.com (206.83.165.222)  47 ms  47 ms  54 ms
 5  Serial1-1-1.GW1.LAX2.ALTER.NET (157.130.225.29)  47 ms *  39 ms

[D:\]tracerte 209.85.129.54
 0  qnet-gw (209.221.206.1)  70 ms *  62 ms

[D:\]tracerte 209.85.129.162
 0  qnet-gw (209.221.206.1)  39 ms  86 ms  55 ms
 1  qnet-gw (209.221.206.1)  39 ms  31 ms  47 ms
 2  209.85.129.53 (209.85.129.53)  55 ms *  47 ms

I guess it's interesting to note that they never actually get to the address being traced.  Hmm...  

[D:\]tracerte www.ibm.net
 0  qnet-gw (209.221.206.1)  32 ms  31 ms  32 ms
 1  qnet-gw (209.221.206.1)  31 ms  39 ms  39 ms
 2  atm9-0-064.CR-1.LsanCA.savvis.net (209.144.96.25)  54 ms  71 ms  54 ms
 3  sl-gw8-ana-11-0-T3.sprintlink.net (144.228.170.17)  94 ms  62 ms  55 ms
 4  sl-bb11-ana-2-3.sprintlink.net (144.232.1.45)  46 ms  47 ms  54 ms
 5  sl-bb4-ana-4-0-0.sprintlink.net (144.232.1.30)  63 ms  63 ms  54 ms
 6  lang1sr1-11-0.ca.us.ibm.net (165.87.157.98)  55 ms  47 ms  46 ms
 7  lang1br2--.ca.us.ibm.net (165.87.32.139)  47 ms  39 ms  47 ms
 8  scha1br2-8-0-5.il.us.ibm.net (165.87.230.190)  101 ms  117 ms  94 ms
 9  165.87.34.229 (165.87.34.229)  101 ms  94 ms  109 ms
10  www.ibm.net (204.146.17.5)  101 ms  102 ms  93 ms

Well, that one did.  Damn, I gasterflabbed.
0
 
LVL 1

Expert Comment

by:lweinmunson
ID: 1558775
Have you tried to look at arp and see if you are sending out an arp request when you try to connect to this server?  One thing I am wondering about is your subnet mask.  Most ISPs give out a mask like 255.255.255.248 for 5 IPs on a DSL connection.  I think that this is your problem.  Your router 209.221.206.1 is between you and the computer you are trying to reach.  Even with the IP address looking like thay are on the same network, they are really on a completely different subnet.  Each DSL line is supposed to be set up as a seperate network.  Therefore to reach a computer on a different network, you should not send an arp request for the hardware address of the IP.  Your IP stack should simply hit the router and forget about it.  The reason that you can hit external sites like Yahoo is that you IP stack is not confused and knows that they are on a different subnet and it must hit the router to see them.  If you don't have anything from your ISP about your subnet laying around try 255.255.255.252 and see what happens
0
 

Author Comment

by:mr_realtime
ID: 1558776
lweinmunson,

>Have you tried to look at arp and see if you are
>sending out an arp request when you try to connect
>to this server?  

This excerpt from a trace seems to indicate an afirmative to your question:

-------------------------- #:14 --------------------------
 Delta Time:  1.000sec   Packet Length: 42 bytes (2A hex)
 DIX:   Dest: FF:FF:FF:FF:FF:FF   Source: 00:80:AD:B4:D9:6D
-------------------------- ARP --------------------------
 ARP:  Hardware Type:1     (Ethernet 10Mb)
 ARP:  Protocol Type:0800 (IP Address)
 ARP:  Hardware Len:6
 ARP:  Protocol Len:4
 ARP:  Operation:1  (ARP Request)
 ARP:  Sender HW address: 0080ADB4D96D
 ARP:  Sender PA: 209.221.206.142.
 ARP:  Target HW address: 000000000000
 ARP:  Target PA: 209.221.206.136.
 Finished


>One thing I am wondering about is your subnet mask.  
>Most ISPs give out a mask like 255.255.255.248 for 5
>IPs on a DSL connection.  I think that this is your problem.  

My ISP did give me 255.255.255.0 for a subnet mask, however, I think you are on to something.

>Your router 209.221.206.1 is between you and the
>computer you are trying to reach.  Even with the
>IP address looking like thay are on the same network,
>they are really on a completely different subnet.  Each
>DSL line is supposed to be set up as a seperate network.  
>Therefore to reach a computer on a different network, you
>should not send an arp request for the hardware address
>of the IP.  Your IP stack should simply hit the router and
>forget about it.  The reason that you can hit external
>sites like Yahoo is that you IP stack is not confused and
>knows that they are on a different subnet and it must hit
>the router to see them.  If you don't have anything from
>your ISP about your subnet laying around try 255.255.255.252
>and see what happens

I tried flushing the route table and re-running setup.cmd with a subnet mask of 255.255.255.252, but it still didn't work.

[D:\mptn\bin]ifconfig lan0 209.221.206.142 netmask 255.255.255.252

[D:\mptn\bin]route add default 209.221.206.1 1
Adding network default, router 209.221.206.1 netmask 0.0.0.0.
ERROR: SIOCADDRT: Network is unreachable

[D:\mptn\bin]route add net 209.221.206 209.221.206.1 1 netmask 255.255.255.0
Adding network 209.221.206, router 209.221.206.1 netmask 255.255.255.0.
ERROR: SIOCADDRT: Network is unreachable

This resulted in:

[D:\mptn\bin]netstat -r

  destination         router          netmask   refcnt   use  flags  snmp intrf
                                                                     metric
      127.0.0.1       127.0.0.1 255.255.255.255    0        0  UH       0  lo
209.221.206.140 209.221.206.142 255.255.255.252    0        0  U        0  lan0

Not only am I disconnected from my subnet, but from everything else as well.  Of course, I probably screwed up the routes...  So I tried it this way:

[D:\mptn\bin]ifconfig lan0 209.221.206.142 netmask 255.255.255.0

[D:\mptn\bin]route add default 209.221.206.1 1
Adding network default, router 209.221.206.1 netmask 0.0.0.0.

[D:\mptn\bin]route add net 209.221.206 209.221.206.1 1 netmask 255.255.255.252
Adding network 209.221.206, router 209.221.206.1 netmask 255.255.255.252.

This looks better and results in my being connected to the outside world, but not to my the machine which looks like it's on my subnet.

BTW, after the last round of Q & A,  I squawed this to my ISP, showing that other of their DSL customers have the same problem.  They seem to think their router is the problem.  They opened a problem report with Cisco.  What do you think?

Mr. Realtime
0
 
LVL 1

Expert Comment

by:lweinmunson
ID: 1558777
Sounds like they have no clue as to how to set up a subnet to me.  If they are going to give out a mask of 255.255.255.0 then they should not segment off the rest of that network.  I just noticed that your router is .1 so you must use the 255.255.255.0 mask to see that.  What they should have done is set it up so that you have a .252 mask and a router of 141.  This would have reduced the number of available addresses on the network (you waste 3 for each customer, 1 for the router and 2 for the subnetting) but would have let everyone connect to everyone else.  In a case like yours where you are trying to connect to a business on the same net (Does the business have the symetric DSL service so that they can run a small webserver?) it causes more problems than it is worth and depending on the service agreement may open them up for liability (What do you mean my customers can't access this website?)  They can probably do a work around on the router by simply not segmenting the network.  That way you will be able to connect but you loose the security of having a private connection.  I don't think there is anything you can do on your end of this.  They will either fix it so that its one big subnet or they won't and you will never be able to access anyone with a 209.221.206.000 address.  Good luck. :)
0
 

Author Comment

by:mr_realtime
ID: 1558778
lweinmunson,

>Sounds like they have no clue as to how to set up a
>subnet to me.

Well, neither do I, so your insight is helpful.

If they are going to give out a mask of 255.255.255.0
then they should not segment off the rest of that network.  
I just noticed that your router is .1 so you must use the
255.255.255.0 mask to see that.  What they should have
done is set it up so that you have a .252 mask and a
router of 141.  This would have reduced the number of
available addresses on the network (you waste 3 for
each customer, 1 for the router and 2 for the subnetting)
but would have let everyone connect to everyone else.

 
>In a case like yours where you are trying to connect
>to a business on the same net the symetric DSL service
>it causes more problems than it is worth and depending
>on the service agreement may open them up for liability
>(What do you mean my customers can't access this website?)

Which part may be more trouble than it's worth?

>They can probably do a work around on the router by
>simply not segmenting the network.  That way you will
>be able to connect but you loose the security of having
>a private connection.  

Definitely not my preference.

>I don't think there is anything you can do on your end
>of this.  They will either fix it so that its one big
>subnet or they won't and you will never be able to
>access anyone with a 209.221.206.000 address.  

Can't they also segment three ways using a mask of 255.255.255.252 like you suggested?  They would probably have to change everyone's ip address... I guess that's what you meant my "more trouble than it's worth"?


0
 
LVL 1

Expert Comment

by:lweinmunson
ID: 1558779
The only problem they would have with the .252 subnetting is that they would then have to alias the router as a different IP for each little subnet.

.252 net is 1 1 1 1 1 1 0 0 binary mask.  Since the last two bits can not both be 0 or 1 you really have two IP addresses available, 01 and 10.  One for the router and one for the computer.  Since they gave you 142 for an IP you would use 141 as a router.  Notice that we just used 4 IP addresses for your one PC.  I think that is the reason why they set it up this way in the first place.  If they do not have enough class C networks then they are probably trying to sneak around it by not subnetting the network.  Now that they have set it up this way they would have to give every customer a new IP range, router and netmask to change.  The easiest thing to do would be probably be to reconfigure the network switch so that it will pass IP traffic without going through the router.  On a 5500 or 7500 series switch that would be easy enough to do since they are designed for this type of use.  I would assume that they probably have something differnt in the telco office though.  I don't really know about how the DSL service comes to them.  If it pops back out on their side as seperate ethernet lines that they plug into a switch then it would be no problem to reconfigure that to let you see other users on the network.  You would receive a slight increase in traffice (probably very slight since most users are going external to a web site) from arp requests.  With the switch set up to filter all NetBIOS, IPX, Apple Talk and whatever else people try to throw out there, you would probably not loose much in the way of security or speed.  

0
 

Author Comment

by:mr_realtime
ID: 1558780
lweinmunson,

I have been in an iterative email loop with my ISP.  Here is the tail end.  Please let me know what you think.  

Oh, submit your reply as an answer and I'll give you the points.

============================================

...these people don't understand that we're not having a "routing" problem, we're having a "bridge" problem.  If we were trying to "route" your traffic what everyone wrote you would be correct.  Since we are not routing, their information is pointless.

Why bridge and not route?  Mostly to save IP address space.  If we were to route each single IP address space customer, then yes, you would have been provided a .252 subnet mask, and every single IP address customers would actually consume 4 IP addresses, one "network address", a router address, your address, and broadcast address.  This is very wasteful, since IP addresses are not only limited, but aren't free.

In theory, setting up the Cisco to bridge is supposed to be less complicated and therefore more reliable.  It's also the way Cisco and GTE recommend for GTE's DSL service, since GTE does not provide their customers with DSL routers, they provide the customers with DSL bridges.

============================================
0
 
LVL 1

Accepted Solution

by:
lweinmunson earned 560 total points
ID: 2037988
Looks like they have at least admitted that they are having a problem with the setup. :)  Once they get the bridging setup fixed you and everyone else should be fine.  It's probably a little one line error in the setup that is driving them nuts.  
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6820298
This question was awarded, but never cleared due to the JSP-500 errors of that time.  It was "stuck" against userID -1 versus the intended expert whom you awarded.  This corrects that and the expert will now receive these points, all verified.
Moondancer
Moderator @ Experts Exchange
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question