Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Routing to a computers outside the firewall ?

Posted on 2003-02-25
15
Medium Priority
?
181 Views
Last Modified: 2013-11-16
My computer(192.168.0.7) is behind a firewall,
I setup my network so a WebServer(10.0.0.3) is outside the firewall but inside the DSL router,
For some reason I can't ping the server outside the firewall,
I could once but I don't remember how I did it,
The subnets are the same for inside and outside the firewall 255.255.255.0 ,

Can someone remind me how to get these two computers to see eachother ?

Thanks All!
0
Comment
Question by:Maverick5
  • 6
  • 4
  • 3
  • +2
15 Comments
 

Expert Comment

by:siliconjunkie
ID: 8023027
The router has to know that the 10.0.0.3 subnet is on the same side of the route. I assume it is a linksys or similar device. If it is you will have to add a route to tell it how to get there.
0
 

Author Comment

by:Maverick5
ID: 8023498
Do I add the route to the DSL router?
because I already add the route to the Firewall and it didn't do any good...
0
 

Author Comment

by:Maverick5
ID: 8023526
From my machine(192.168.0.7) I can get to the Internet,
but I can't ping the DSL router either...
My gateway is the firewall(192.168.0.1),
the firewall's gateway is the DSL Router...
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Expert Comment

by:siliconjunkie
ID: 8023659
Ok, you have a firewall between you and a dsl router. and the webserver is on the other side of the firewall but behind the DSL router?

What kind of firewall is it? Can it ping the webserver? Can the webserver ping the DSL router? Can the webserver ping the firewall (check logs if it doesnt reply)? Just trying to get a visual of what you are working with.
0
 

Author Comment

by:Maverick5
ID: 8024652
SJ,

?1 NetGear
?2 No
?3 Yes
?4 No
Log shows no pings

Cool thanks...
0
 
LVL 3

Expert Comment

by:DanR
ID: 8028088
What message do you get when the Web server tries to ping the firewall?  What is the IP address of the external interface on the firewall?  What is the default gateway for the Web server?
0
 

Author Comment

by:Maverick5
ID: 8028945
DR,

?1 Request timed out.
?2 10.0.0.45
?3 10.0.0.1

Thanks
0
 
LVL 3

Expert Comment

by:DanR
ID: 8035720
What's the default gateway for the Web server?
0
 

Author Comment

by:Maverick5
ID: 8039587
I answered that just above...
0
 

Expert Comment

by:siliconjunkie
ID: 8039893
Ok, I'm going to try a diagram here to make sure we are all on the same page.

client 192.168.0.7
webserver 10.0.0.3
firewall ?192.168.0.1? and 10.0.0.45 <clarify this pls
dsl router ? and ?  (i assume 10.0.0.1 and something from your ISP)

client ---------->firewall--------->DSL Router
                              |
                          webserver

From the client PC can you ping the firewall and the DSL router or get to the net on the other side of the router.

Other than ping can you access the webserver with browser etc? Is the netgear "firewall" a simple NAT router? Model # on it?
0
 

Author Comment

by:Maverick5
ID: 8040475
That's a good idea; I'll try to diagram it,

client(192.168.0.7)<---->(192.168.0.1)Firewall(10.0.0.45)<--------WebServer(10.0.0.3)--------->(10.0.0.1)Router(ISP_DHCP)

Client can see the Internet, but can't ping 10.0.0.1 or 10.0.0.3

Thanks Guys....
0
 

Expert Comment

by:siliconjunkie
ID: 8040582
From the client if you try to goto http://10.0.0.3 or are you trying by name? What happens? Are there any other services on that box you can try to connect to? SSH, telnet, terminal services? It doesnt sound like the firewall is blocking outbound ports and shouldnt need a route to get there since its local to him. Does the firewall have any rules regarding ICMP?
0
 
LVL 3

Expert Comment

by:DanR
ID: 8041098
Here's what I think is happening.  You send a packet from your client to the Web server.  Your Web server responds.  Since the client is on a different subnet, it sends its response to the DSL router (its default gateway).  The DSL router sees that the packet is for a non-routable IP address directly connected to it, and discards it.  Can you set up a packet capture on the Web server to verify that the pings are reaching it?  Can your DSL router log packets it drops as unroutable.

Some possible solutions:
1) Do either your DSL router or firewall allow you to name a DMZ port or address?  (If you can give make and model, we can look that up online.)
2) You could make 10.0.0.45 the default gateway for the Web server, but then it will probably become unavailable to the Internet, which I'm assuming you don't want.
3) Put your Web server inside your firewall, then configure the firewall to forward all packets coming to port 80 to the Web server (look in the documentation for setting up a "virtual server").

Now why doesn't the router respond to pings from the client?  Siliconjunkie's idea of the firewall preventing ICMP packets is the most likely, but could it be that the router is set not to respond to pings?
0
 

Expert Comment

by:CleanupPing
ID: 9153379
Maverick5:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 

Accepted Solution

by:
SpazMODic earned 0 total points
ID: 9806717
PAQed - no points refunded (of 25)

SpazMODic
EE Moderator
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question