We help IT Professionals succeed at work.

SMC Barricade stopping packets

DanR
DanR asked
on
I've got a small office behind an SMC Barricade.  I'm having it do DHCP and NAT.  It's been working fine, but recently it has stopped forwarding packets from our internal Web server (Win2k, IIS 5).  It is set to pass incoming HTTP requests to the Web server, and I can access the Web server from outside the network.

However, the Web server can't see anything outside the network.  I can ping the internal interface on the Barricade and other computers inside the network, but I cannot ping the external interface on the Barricade or anything on the Internet.  I'm pinging with IP address (I can't use a domain name, since we're using our ISP's DNS servers, which this poor server can't see).

Any idea what's causing this?
Comment
Watch Question

Commented:
Can you ping outbound with any device?  Possibly the firewall is blocking ICMP.  Also, try telnetting on port 80 to a web server out on the Internet:

telnet 198.133.219.25 80

to see if it is at least passing port 80.  I am assuming it is, if you can still access the server from the outside.  You can also try doing this by name, such as:

telnet www.cisco.com 80

Anyway, it sounds like the rules may have gotten a bit too restrictive when you set up access to the web server from the outside.

Hope that gets you started!

Author

Commented:
From other machines on the network, I can ping external hosts by IP address or domain name.

I cannot telnet to port 80 from the Web server using domain name or IP address; after a wait of a minuter or so, I get "connection failed."  

From other computers, I can telnet to those same hosts by IP address or domain name.

Commented:
When you say you can access the server from the external network - are you able to access it in multiple ways?  Can you open up a web page from it and say FTP to it if that is set up as well?

I am wondering if the firewall is only allowing established connections to pass from it.  Usually, this is set up in a reverse manner from this, but it may be something to check into.
DanR, For your reference.

http://support.microsoft.com/support/kb/articles/Q258/0/30.ASP
Cannot Ping External Network Adapter After Configuring RRAS as a VPN Server

http://support.microsoft.com/support/kb/articles/Q279/9/09.ASP
The Access to the Internet May Be Unsuccessful When You Use Routing and Remote Access Service with Dial-On-Demand

pslh

Author

Commented:
pslh
Thanks for the info, but we don't have RRAS set up there, I think.  I'll check on it.

scraig
I'm wondering if that's so.  I can't see any setting like that, but I'm wondering if someone may have experience with the Barricade and can show me what setting might be causing this.
DanR, you may also inspect if any policy made to block the incoming per the user. If you logon as Administrator or power user and ping it again, is it the same case as before?
Sr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008
Commented:
did you double-check the default gateway and subnet mask on the server?
Can you post output of C:>ROUTE PRINT

Author

Commented:
lrmoore
I found two default routes, one left over from a previous setup.  I deleted them (I didn't see a way to delete only one, since delete only seems to take the destination as a parameter), then added the correct one back in.

I'm rebooting now to see if the correct route sticks.  But if it doesn't, I'll open a new question into WinNT Networking or something.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.