Network doesn't see its own network

I have setup a router and XYZ company's 128Kbps Frame Relay line at my office. (I will call this frame relay service company XYZ to explain) I also setup a web server and connected to the router.  I have been using the line quite a while without any problem. I can access outside and from the out side, I can access the router and the web server.  And recently I noticed a very serious problem.

From any where else, I can access the web server without any problem.  However, when I use the same company(XYZ) DSL or phone dial-up service to get on to the Internet and type the web server address, it cannot find the web server.

I can telnet to the router, but I cannot access the web server from any network of XYZ.  I cannot even ping to the web server if I am on the XYZ network through DSL or dial-up line.

Is this something about the router table on the router or the web server?

Here is the current information on the router
 
Destination        Gateway         IF       Flg   Pref Met     Use     Age
0.0.0.0/0          63.17.204.1     wan5     SG       0   1   59524  286710
63.17.204.0/24     63.17.204.1     wan5     rGPT    60   1       0   69016
63.17.204.1/32     63.17.204.1     wan5     rPT     60   1      68   69016
63.17.204.1/32     63.17.204.1     wan5     *SP    120   7       3  286710
63.17.204.48/28    -               ie0      C        0   0    2537  286710
63.204.178.192/28  -               ie0      C        0   0   61061  286710
63.204.178.193/32  -               local    CP       0   0   15254  286710
127.0.0.0/8        -               bh0      CP       0   0       0  286710
127.0.0.1/32       -               local    CP       0   0       0  286710
127.0.0.2/32       -               rj0      CP       0   0       0  286710
216.176.104.192/27 63.17.204.1     wan5     SGP    120   7       0  286710
216.176.104.193/32 63.17.204.1     wan5     SGP    120   7       0  286710
224.0.0.0/4        -               mcast    CP       0   0       0  286710
224.0.0.5/32       -               bh0      CP       0   0       0  286711
224.0.0.6/32       -               bh0      CP       0   0       0  286711
224.0.0.9/32       -               local    CP       0   0       0  286711
255.255.255.255/32 -               ie0      CP       0   0    7922  286711
 
Information on the webserver
 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
63.204.178.201  *               255.255.255.255 UH    0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
63.0.0.0        *               255.0.0.0       U     0      0        0 eth0
default         63.204.178.193  0.0.0.0         UG    0      0        0 eth0
 
Note.
Numbers are slightly modified, but best represent the configuration.                                                                                                              

So to sum up the long story, it is basically that within the LAN, I can access the web server. From out side, I can access the web server except from the own company's Internet service.

Any help is greatly appreciated.
yjh123Asked:
Who is Participating?
 
snkhadConnect With a Mentor Commented:
You can access the web server from
within the LAN as well as from a third
party network but not from your own
network via the DSL or dialup link.

This means either the connecting
address or the responding address is
being recognized as one assigned to the
internal LAN and being deliberately
dropped as a forged attack packet since
it is seen coming from the WAN
interface.

Check any firewall configuration and
VPN setup at both the frame relay link
and the DSL/dialup link.

If you really want to do this, you
could implement NAT at one or both
sides and use the public address(es)
when connecting the long way round.
0
 
nobaCommented:
the company(XYZ) did not gave you the facility to connect to your router or server through dial-up line or dsl,so you can only connect through the frame relay connection (whatever it is (leased-line) maybe). so go back to your provider and ask him if their system can accept other connection type to get to your router or server,so check their system's ability for that.
0
 
yjh123Author Commented:
Here is the situation.

We setup a frame relay line and we have a web server connected to the router.  This line is from one of two major ISP companies in the nation.

Everyone can ping the web server and browse the contents on the server fine.

Only problem is that if you are connected to the Internet via this company's own network (e.g., dial-up or DSL subscribers, or anything), you cannot get to this web server.

So the situation is that if you are on your own network (other than LAN), you can not access the router.

0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
apaduaCommented:
Ok. Is your web server on your end of the Leased Line, or over at the ISP's office?


Can you do it the other way around? Can you connect via dial-up, and ping your dial-up connection from the Web server?

Do you have any type of security system running, either on your net or on the ISP's end? (Firewall, NAT, etc...)

What type of router is it on your end? (Just so I know what type of info I can ask.)

Thanks,

Andre

0
 
c11risCommented:
It may be that your provider has an erroneous route somewhere that doesn't affect traffic from outside, but does inside. When you are dialed up, try tracerouting to your webserver and see where it dies. This will at least give you an idea of what is happening internally. Also, try doing a traceroute from outside their network and compare the two.

--Chris
0
 
estestCommented:
What kind of router is this?

Try pinging the web server from the interface that your web traffic comes from . (specific ping)

Also, make sure that your web server has the correct subnet mask /28. This can cause nodes to be unreachable from certain router interfaces.


Tim

0
 
yjh123Author Commented:
It's Lucent Superpipe 155.

The other way around works fine.

I verified the IP address and mask...

Thanks.
0
 
apaduaCommented:
The funny thing is this:

If you can do it the other way around, meaning you can ping the Dial-up connection from your web server, you have all your routes correctly configured. (Since when the "echo reply" packets need to get to your web server, the route is found), it works)

Is it possible that you have some type of access list, either locally on your router or on the ISP's router, filtering out some types of inbound packets?

This is my best guess right now.

Cheers,

André
0
 
apaduaCommented:
Any feedback?
0
All Courses

From novice to tech pro — start learning today.