Solved

Can't ping Local LAN but can ping WAN

Posted on 2004-08-05
23
740 Views
Last Modified: 2012-05-05
Hi there!

I need some expert networking help with this one:

A home network uses ADSL for in the internet connection and uses wireless LAN to connect to it. WAN connection to internet = OK, but the two clients (PC + laptop) cannot see eachother.
Pinging their IP from either side results in a time out.

The setup:
ADSL -> SpeedtouchPro -> US Robotics 8054 Wireless accesspoint & router -> PC
                                                                                                              -> Laptop
* Speedtouch Pro:
IP: 10.0.0.138
Always On enabled
======routing===================

IP address table


Intf  Address  Netmask  Type  Transl  Action  

MXS 80.127.36.219 255.0.0.0 Auto pat  
eth0 10.0.0.138 255.0.0.0 Extra none  
cip0 172.16.1.1 255.255.255.0 CIP none -
loop 127.0.0.1 255.0.0.0 Auto none -

IP route table

Destination  Source  Gateway  Intf  Action  
10.0.0.0/8 10.0.0.0/8 10.0.0.138 eth0  
80.127.36.219/32 any 80.127.36.219 MXS  
255.255.255.255/32 any 10.0.0.138 eth0  
10.0.0.138/32 any 10.0.0.138 eth0  
172.16.1.1/32 any 172.16.1.1 cip0  
127.0.0.1/32 any 127.0.0.1 loop  
10.0.0.150/32 any 10.0.0.138 eth0  
172.16.1.0/24 any 172.16.1.1 cip0  
10.0.0.0/8 any 10.0.0.138 eth0  
default 10.0.0.150/0 80.127.36.219 MXS  
=================================

*US Robotics 8054 Wireless accesspoint & router
Firmware  
Version: 1.44  
WAN  
MAC Address: 00-c0-49-e1-12-e8  
Connection: Fixed IP  
IP: 10.0.0.150  
Subnet Mask: 255.255.255.0  
Default Gateway: 10.0.0.138  
DNS: 194.109.9.99 194.109.6.66 194.109.104.104      
  LAN  
MAC Address: 00-c0-49-e1-12-e7  
IP Address: 192.168.123.254  
Subnet Mask: 255.255.255.0  
DHCP Server: Enabled  
Wireless  
MAC Address: 00-c0-49-e4-26-16  
ESSID: Paulus Potterhof  
Channel: 11  
Security: Disabled  

============DHCP Assignments===========
Host Name IP Address MAC Address Lease Expires
toshiba1800 192.168.123.101 00-c0-49-d7-33-3b Nov/03/2004 21:07:49
x-spider 192.168.123.100 00-c0-49-e2-fc-bd Nov/03/2004 18:33:29

======X-Spider ipconfig/all=============
Windows IP Configuration

        Host Name . . . . . . . . . . . . : toshiba1800
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter WUR LAN:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : FE574B-3Com 10/100 LAN PCCard-Fast Ethernet
        Physical Address. . . . . . . . . : 00-01-03-AB-7A-9F

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : U.S. Robotics 802.11g Wireless Turbo Adapter
        Physical Address. . . . . . . . . : 00-C0-49-D7-33-3B
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.123.101
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.123.254
        DHCP Server . . . . . . . . . . . : 192.168.123.254
        DNS Servers . . . . . . . . . . . : 192.168.123.254
        Lease Obtained. . . . . . . . . . : donderdag 5 augustus 2004 22:23:20
        Lease Expires . . . . . . . . . . : woensdag 3 november 2004 22:23:20



 

 


0
Comment
Question by:fbict
  • 9
  • 8
  • 2
  • +4
23 Comments
 
LVL 11

Expert Comment

by:Eric
ID: 11731083
Do you have a software firewal installed on either client or both????
IE: NIS Norton internet security, or Zone Alarm?

How bout the XP firewall enabled on these adapters???
0
 

Expert Comment

by:javaretard999
ID: 11731117
what OS are bot computers running?

Also, do you have an ipconfig for the second pc?
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 11731205
use a packet sniffer to see if the pings are actually getting to the other computer.  use ethereal.exe.  it will show you all your network traffic.  you install it on your PC.  Then set it to monitor your NIC, then you can view every packet that went in or out of your NIC.

more than likely it is some firewall setting that is preventing you from getting replys.
0
 
LVL 4

Expert Comment

by:miloudi
ID: 11731702

Hi,
"WAN connection to internet = OK, but the two clients (PC + laptop) cannot see eachother." DO you mean that they access the outside world just fine, but they cannot see eachother. If so, the as the experts said , you have a firewall working in the back..may be MS firewall with XP or somehting like zonealarm.
............
0
 
LVL 5

Expert Comment

by:Magus_opus
ID: 11731822
make sure the subnet mask for both machines is the same, as well as the workgroup name.

on top of that specify what file systems each machine is using for their primary partition.  (NTFS, FAT32)

if you have one with FAT 32 and one with NTFS usually you'll have problems viewing files between the two.
(there are also further steps you need to take if one of them is NTFS, as far as permissions and accounts).
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11733038
Ok, I betting on the FW as well - just in case, however....

One silly thing to note - presuming that the this ipconfig is from the PC

Ethernet adapter WUR LAN:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : FE574B-3Com 10/100 LAN PCCard-Fast Ethernet
        Physical Address. . . . . . . . . : 00-01-03-AB-7A-9F


The media is disconnected....

Probably just a mistake, but you might want to check the cable and also ensure that the link is stable when the cable is installed.....

Cheers!

t
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11733050
oh yeah....

Check to see if you wireless AP/Router has the capability to send a ping from the console.  Always good to check from a third point in the network, if possible.....

t
0
 

Author Comment

by:fbict
ID: 11733318
Thanx for all your quick reactions!

Both sides use Windows XP Pro UK with NTFS
There's no firewall software present it isn't enabled in XP either.
There's a Cisco VPN client that's used to connect to company intranet but it isn't active and I have the VPN Service stopped (start it manually when needed)

The IPCONFIG /ALL of the PC:
==================================
Windows IP Configuration

        Host Name . . . . . . . . . . . . : x-spider
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Gigabit LAN:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : 3Com Gigabit LOM (3C940)
        Physical Address. . . . . . . . . : 00-0C-6E-FB-7D-06
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.123.202
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :

Ethernet adapter Draadloze netwerkverbinding:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : U.S. Robotics 802.11g Wireless Turbo
 Adapter
        Physical Address. . . . . . . . . : 00-C0-49-E2-FC-BD
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.123.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.123.254
        DHCP Server . . . . . . . . . . . : 192.168.123.254
        DNS Servers . . . . . . . . . . . : 192.168.123.254
        Lease Obtained. . . . . . . . . . : vrijdag 6 augustus 2004 8:56:21
        Lease Expires . . . . . . . . . . : donderdag 4 november 2004 8:56:21


* As I had put an entry in route table (ont the PC -X-Spider) to make the printserver (it's on the Gigabit wired LAN) visible.
Route follows...

========= route print x-spider================
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 0c 6e fb 7d 06 ...... 3Com Gigabit LOM (3C940) - Packet Scheduler Miniport
0x20002 ...00 c0 49 e2 fc bd ...... U.S. Robotics 802.11g Wireless Turbo Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.123.254  192.168.123.100      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    192.168.123.0    255.255.255.0  192.168.123.100  192.168.123.100      20
    192.168.123.0    255.255.255.0  192.168.123.202  192.168.123.202      20
  192.168.123.100  255.255.255.255        127.0.0.1       127.0.0.1       20
  192.168.123.200  255.255.255.255  192.168.123.202  192.168.123.202      1
  192.168.123.202  255.255.255.255        127.0.0.1       127.0.0.1       20
  192.168.123.255  255.255.255.255  192.168.123.100  192.168.123.100      20
  192.168.123.255  255.255.255.255  192.168.123.202  192.168.123.202      20
        224.0.0.0        240.0.0.0  192.168.123.100  192.168.123.100      20
        224.0.0.0        240.0.0.0  192.168.123.202  192.168.123.202      20
  255.255.255.255  255.255.255.255  192.168.123.100  192.168.123.100      1
  255.255.255.255  255.255.255.255  192.168.123.202  192.168.123.202      1
Default Gateway:   192.168.123.254
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
  192.168.123.200  255.255.255.255  192.168.123.202       1


======================
Strange one here: pinging both IP adresses from the AP router results in a time-out!
Perhaps we should delve into this one..... hmmm...
0
 

Author Comment

by:fbict
ID: 11733559
Correction: Only pinging the 192.168.123.100 (PC) from the router results in Time Out.
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11735333
Looks to me like a non-deterministic routing issue.

On the PC you have two interfaces, both in the same network.  That means that your routing will depend solely upon which entry appears in the routing table first (notice that you have two 192.168.123.0/24 routes).

Try deleting the 202 interface and see if that helps with connectivity to 100.

troy



Separate note:
(Something else is bothers me:  There are more MAC address in your info that I can seem to account for
toshiba1800 192.168.123.101   00-c0-49-d7-33-3b  (
x-spider 192.168.123.100         00-c0-49-e2-fc-bd
 Physical Address. . . . . . . . . : 00-01-03-AB-7A-9F(no ip)

    Physical Address. . . . . . . . . : 00-0C-6E-FB-7D-06                IP Address. . . . . . . . . . . . : 192.168.123.202
 
What is the 9F address? (ah the laptop Ethernet interface)

Now, it is clear, the top of your initial report says

======X-Spider ipconfig/all=============
Windows IP Configuration

        Host Name . . . . . . . . . . . . : toshiba1800

This is the ipconfig for the laptop?  Not the X-spider?


0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11735496
oops... delete the 202 interface and try connectivity to 101 (not 100....doh!)
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 11

Expert Comment

by:Eric
ID: 11736426
This so reaks of a firewall.  Did you used to have a firewall????  maybe it did not uninstall correctly.

Any company in its right mind would put a firewall on a PC using a VPN to a company LAN!  If not they
are asking for trouble.
0
 

Author Comment

by:fbict
ID: 11754070
Thanx again...
I disabled the .202 interface (Gigabit LOM). Restarted and tried the connection: No go.
Tried pinging from the AP to .100 : No Go either. (timed out).
Never had any firewall installed (I live life risky ;) ) so there aren't any traces left (checked it anyway).

Gonna try it some more, but any more tips would be very usefull...
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11758158
Did you check to see if the extra routing entry for the 192.168.123.0 disappeared when you disabled the 202?  There needs to be just one 192.168.123.0/24 network entry in the routing table when you try the ping....
0
 

Author Comment

by:fbict
ID: 11766418
Hmmm....deleted the double entries (and more) from the route:
===========================================================================
Interfacelijst
0x1 ........................... MS TCP Loopback interface
0x20002 ...00 c0 49 e2 fc bd ...... U.S. Robotics 802.11g Wireless Turbo Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Actieve routes:
Netwerkadres               Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.123.254  192.168.123.100      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    192.168.123.0    255.255.255.0  192.168.123.100  192.168.123.100      20
  192.168.123.100  255.255.255.255        127.0.0.1       127.0.0.1       20
  192.168.123.255  255.255.255.255  192.168.123.100  192.168.123.100      20
        224.0.0.0        240.0.0.0  192.168.123.100  192.168.123.100      20
  255.255.255.255  255.255.255.255  192.168.123.100  192.168.123.100      1
Standaard-gateway:   192.168.123.254
===========================================================================
Permanente routes:
  Geen


Still .100 isn't pingable either from laptop or AP :(
0
 

Author Comment

by:fbict
ID: 11766432
192.168.123.0    255.255.255.0  192.168.123.100  192.168.123.100      20  -> isn't that the wrong gateway?
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11768290
No, that's the correct gateway.  It is saying that anything on the local LAN can be reached out the .100 interface (i.e. it doesn't need a router).

.100 is the interface facing the AP, right?  (looks to be judging from the previous MAC addresses you posted and by the other entries in the routing table).

Having the double entries in the routing table was definitely a problem.  I deal with that type of stuff on a fairly regular basis and you can believe me that you don't want it.  :-)

It is still strange that you can't ping to the 100 node.  Although the metric obviously doesn't look correct, I don't think that should cause this problem.
(that's odd, I just checked my system and my metrics are 40 - never noticed that before - my system obviously working OK).

1)  trying ping 100 from both laptop and AP - then on a DOS window on 100 get the results of arp -a
post those here

2) confirm that the 100 system DOES reach the Internet OK WITH THE 202 SEGMENT DISCONNECTED.

Let's have a look at both of those.  The next step beyond this one might be to use Ethereal on the 100 system.

Cheers!

0
 

Author Comment

by:fbict
ID: 11785565
Thanx tropsmr2!

1) The ARP -A results on the .100:

Interface: 192.168.123.100 --- 0x2
  Internet Address      Physical Address      Type
  192.168.123.254       00-c0-49-e1-12-e7     dynamic

On the .101 it's the same except the .100 is included in the list (with the correct MAC)

2) The .100 DOES have a perfect internet connection (I'm typing this on the .100). .202 is disconnected.

If need any more info, please just ask ;)

Cheers!

0
 
LVL 1

Accepted Solution

by:
tropsmr2 earned 500 total points
ID: 11793886
Well, I think it is time to sniff.  Normally I would have done this a long time ago in the lab.  It has the effect of quickly narrowing the problem.

ftp://mirror.sg.depaul.edu/pub/security/ethereal/win32/

from this directory copy the winpcap3.0 and
both ethereal 10.5 and 10.5a.

Install the winpcap first, then 10.5 and then 10.5 a (not sure whether the 10.5 is required before 10.5a, that's just the way I installed it.).

Start the Ethereal application, and click CAPTURE and select start.  It iwll probably have 2 interfaces in the
inteface list, make sure to pick the correct one.

In the display option, select update list and automatic scrolling,
disable enable MAC and enable Transport.

Click OK.

Try pinging to 100 from 101 and Gateway.  See if any of the packets show up in the display.  Surf the internet from 100 and look at the Ethereal just to be sure that it is working (you should see packets displayed.).

Get that set up and give it an initial swing and we'll move forward from there (I guess I'm suggesting a little experimentation at this point).

Cheers!

troy
0
 

Author Comment

by:fbict
ID: 11874068
Ey!

Did the Ethereal trick and apparently it is a magical program!
During the test (as you described) the pings arrived!!! Don't what is different now, but it works.

Only one problem arrises: can't share sources. I get an error message when I try to create a share on the .100:
(Translated from dutch) "Error while sharing [sourcename]. The server-service hasn't started
The shared source is not created"

the server service isn't listed in the services.msc snapin.
Guess that's what caused the problems in the first place.

Any suggestions?
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11882686
Well, I don't know about it being a magical program, at least in the sense that it permits packets to arrive when didn't before - it's great, but not that great.

We're getting closer, but still not there.  

With Ethereal running, you were able to see the pings arrive at the PC - good.  Did you get a response on the system from which you were pinging?  Ethereal shouldn't make any difference to whether pings are completed or not, so we should expect that the pings did not get a reply on the device from which you originated the ping.

Is that corrrect?  Did you get replies?

If not, then we must assume that the pings arrive at the PC, but the replies do not go back to the originating PC.

If you did get replies on the originating system, then try pinging with Ethereal  and without.  What happens to your pings. (again I have never seen Ethereal effect a problem in this way)

One more thing, how about posting a few of the packets that you capture during your test?  I would like to see that, plus the netstat -rn at the time of the test.

We are definitely getting closer....

t
0
 

Author Comment

by:fbict
ID: 11890107
Tadaa!

It's all OK now.
The pings arrive AND get replied. From laptop & from router.

The server service wasn't available because I hadn't installed the File and print sharing service (duh!).

Before I ran ethereal I had installed service pack 2, but as I tested the ping situation after it was installed the pings still didn't arrive. So it seems that that wasn't the solution.

Strange enough, when I had installed WinCap & Ethereal the pings started to arrive and be answered and everything was OK again.
Perhaps installing WinCap helped? Can't think of a certain technical reason for it, but I won't change this working setup :).

So: shared the neccesary files and printer and all test went OK!

Thank you very much tropsmr2...the points are yours.
If you want still want to see the log tell me and I will post it....

Cheers and thank you again.
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11893757
Well, I am glad it is working for you.  What happened is very strange, but I've seen more strange in my time.  Sometimes it's better not to ask why, just accepting the outcome.  

Drop me a line if you have any more troubles with this config.  If you look at my profile snd do a google or two, it won't be hard to find me.

Best of luck!

t
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now