Can't browse Internet with Windows 2000 server

Posted on 2006-03-25
Last Modified: 2010-04-09

I have a small network that consists of 20 clients and a server. Windows 2000 OS on the clients and windows 2000 server on the server.
Am using dial-up as a network connection to the internet. ISA server (ISA 2000 I guess) is being installed on the server to distribute the dial-up connection among the clients. Now, clients can browse the net with no problems, however, from the server I can’t browse !!
From clients PC, I just put the server name in the proxy server address in the LAN settings (internet explorer). But in the server I didn’t specify in proxy address or even the server name/IP address but no use .

Can you help me?
Question by:turki_00
    LVL 51

    Expert Comment

    by:Keith Alabaster
    The server should be using the same proxy ip/port number as the clients. Any reason why you didn't put these in?
    LVL 35

    Expert Comment

    Jepp, and maybe additional packet filters, as the server itself does not take notice of protocol rules. But as I remeber ISA 2000, HTTP is set by default as packet filter.

    Author Comment


    which proxy are you talking about ?
    is it the dial-up proxy or the LAN settings proxy ??

    for the dial-up, I don't need to specify proxy with my ISP, also the clients can currently can browse the internet. so i guess no problem with that.

    in the LAN settings where it says Proxy Server:
    I've tried both ways (put and remove the server IP/Port) but not luck :(

    just a reminder, that my problem is only in browser the net in the server, the clients have no problems.
    I need to chk that packet filter, where i can find it ?
    LVL 35

    Expert Comment

    > which proxy are you talking about ?
    He means the Proxy settings for the LAN within the browser settings.

    ISA provides a Web Proxy, that means, you have to tell every client a way to the internet (including the server).
    You can set the proxy settings for the browser to redirect all Web traffic (HTTP, FTP) to ISA

    For all other traffic (including ping, tracert etc., but also HTTP / FTP if net set by the browser settings) you can either set the standard gateway for your clients to the server, and the default gateway of the server to your internet router, or you can set all default gateways (clients + server) to the internet router.

    Dependend on the settings, you have to make sure, that ISA is allowed to pass the traffic to the internet. For all traffic, which is directed to the server, you need a "site and content rules" as well as a protocol rule to allow this. For all direct traffic, you need a packet filter, which allows outgoing traffic for that protocol (esp. the server itself).

    You find all of them in ISA MMC - your server -  "access policies".

    Also have a look here:
    you will find a lot of configuration hints here.
    LVL 9

    Expert Comment

    Your Windows 2000 server works in the same way as your clients. For Web browsing you need to point the IP stack at something that will get it out to the internet. As per your clients, they have the LAN Proxy settings pointing to your ISA server so you should point the LAN Proxy settings to point to the proxy server as well. This may be the same server as itself, but the ISA is providing your network with the ability to get out to the Internet.

    As per Keith and Bembi above.

    IPKON Networks Ltd

    Author Comment


    Thank you for your help.....
    Definitely i need to read more about access policies.
    but can you explain to me one thing,

    why are my clients can browse the internet and the server it self CAN NOT !!
    I've put the IP for the server itself in the LAN settings in the proxy settings of the server. (confusued, huh !! :D )

    I mean in the server->Internet Explorer->Tools->internet options->Connection TAB ->LAN settings-> Proxy server (i put the IP address of the server itself, iwth the port 8080)
    and still can't broswe from the server , but any clients ....yes I can !!

    one thing, do i have to mention that the ISA server is installed in the server (windwos 2000).

    I guess at the end i need to know how can i point the srever to the ISA server, HOW ?

    again, thank you :)
    LVL 51

    Expert Comment

    by:Keith Alabaster
    If ISA is on the server itself??

    OK, this box is called local host (in the networks list) have you added local host into the outgoing rule (in the from box)?
    LVL 35

    Expert Comment

    Keith: turki said ISA 2000, your hint point to 2004.

    > one thing, do i have to mention that the ISA server is installed in the server
    Yes, sure, but you wrote this before.

    If you go to my 2. Linke above, you see the three options you can config in ISA
    Check first the content of "site and content filter" and "Protocol Rules"
    There is 1 default rule by default.
    Open them and click through the tabs to make sure, your server is not excluded in this rules.
    Open "IP Packet filters" and have a look at the list, if there is a HTTP filter rule in there.

    Can you ping a server on the internet from your server?


    Author Comment

    >OK, this box is called local host (in the networks list) have you added local host into the outgoing rule (in the from box)?

    Keith, which box ?? which networks list ?? are these in the ISA console or in windows ?
    Bembi: yes am using ISA 2000
    1. I've chked the "Site and Content Rules" under the Access Policy:
    thre is only one rule "Allow Rule" it is enable, destinations tab= All Destinations, schedule= always, Action= Allowed, Applies to= any request, HTTP content= All content groups.

    2. I've chked the "Protocol Rules" under the access policy menu:
    only one rule exist which is "allow", enabled, action=allow, Protocol= All IP Traffic, schedule=always, Applies to=any request

    3. In the "IP Packet Filter" there are number of filters here, amnog them there are the DHCP Client, DNS filter, ICMP outbound....etc
    I've chked them and all of them got the allow tick on them..!!!

    finally, yes i can ping " ping"  from the server.
    LVL 35

    Expert Comment

    1.) sounds fine
    2.) sounds fine
    3.) And HTTP??

    So, try the following:
    First check again if your proxy settings for the browser are pointing to your ISA, usually, you can set any name (NetBios, FQDN or IP Address). Make sure the setting is excactly the same (including the port, mostly 8080) than on all clients. Close all browser windows and check again, if you get now access.

    If this do not work, add a new IP packet filter (right mouse click)
    call it HTTP
    Protocol TCP outgoing
    local port any
    remote port 80
    On the next pages, you can leave everything as default.

    You may repeat this procedure for HTTPS (SSL) on port 443, if needed.

    Save the rule and restart the firewall services.
    Now try, if your server connects to the outside world.

    Author Comment


    I've created an IP packet filter, with the following properties:

    General Tab:
    filter name: HTTP
    enable this filter

    Filter Type:
    user this filter - Predefined = HTTP server (port 80)

    Local Computer:
    This filter applies to= default IP adddress(es) on external interface(s)

    Remote computer:
    This filter applies to= All remote coputers

    and in the server browser, LAN settinges, proxy address, i've put the server IP/name with port 80 or 8080

    I've restarted the Microsoft ISA server control - service

    and still I can't browser the net from the server browser.
    I CAN browse from any client.
    I CAN ping

    LVL 35

    Accepted Solution

    Nope, what you have setup is a server rule, this rule allows a user from the internet to pass ISA (ie. to publish an internal Web-Server.

    Either there is a predefined filter HTTP (not HTTP server) or you have to setup:

    local port: any
    remote port: 80

    Local computer: default...
    Remote computer: All

    Here, you find an example for SMTP / POP3 outgoing, there are simply the ports 25/110 instead of 80

    Author Comment



    Thank you Thank you Thank you

    What i did is the follwoing:
    1. read the provided link (very useful)
    2. enable the "Intusion detection" in the properties of the Packet fliter
    3. create a new packet filter with TCP type and port 80

    finally i can browse the net from both the server and the client.

    thank you again.
    LVL 35

    Expert Comment

    You are welcome... :-)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now