• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 452
  • Last Modified:

Users cant browse internet until Ping firewall / router

Hey guys.  Can you help a newbie LINUX guy out.  This is the strangest thing.  I have a small office of about 15 users who I just recently installed an IP Cop firewall for.  It has been working beautifully for the last 4 days...until this morning.  Here's the deal.

Users called me this morning and said they couldn't access the internet.  I could remote in and control any server and I had internet no problem from any server.  However, when I would remote one of their machines...sure enough...no internet.  I thought I would try pinging the firewall to make sure the user could see it, and WHAMMO, as soon as I ping the firewall, Internet access lit up just fine.

This was happening on every user's desktop.  No internet, but as soon as I would ping the IP COP box, internet worked fine.  

ANY IDEAS????  So strange.  
0
kevingibbs1
Asked:
kevingibbs1
  • 5
  • 2
1 Solution
 
NetEngineerFoxCommented:
Could have been several things, maybe an address translation table issue.  Could also be a DNS problem.  I have seen it before on an IP address conflict, needed to ping again to update the mac table.

Does it still happen?
0
 
kevingibbs1Author Commented:
Yes, the problem still exists.  
0
 
JeffSchaperCommented:
It is most likely the computers don't have the gateway mac address in their arp table, when you ping it the entry is added and it works.

I'd check the config of the default gateway as it is likely that the arp entry expires after 24 hrs and has dropped from the arp table overnight.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
kevingibbs1Author Commented:
Jeff, the users are all set to DHCP and the router/gateway is part of the options.  Prior to installing this Linux firewall, the office was running with a Watchguard Firewall that was using the same exact same router/gateway IP (10.0.0.1) .  This problem never existed before now.  The watchguiard is completely gone and the new firewall has this same IP address.  So, it would seem that there would be no problem.  I'm not too terribly familiar with the ARP tables, can I get a little guidance on where i would go to check those?  THANKS!

Kevin
0
 
kevingibbs1Author Commented:
OK, Jeff, you are definitely on to something.  Figured out how to view the ARP tables.  Here is what seems to be happening.  On the Firewall, there are 2 NICS...they refer to them as RED Zone and Green Zone.  Red being Internet (Out) and Green being Internal (In).  Well, when you run an arp -a command on a user who has no internet access, you can clearly see that the user's ARP table has 10.0.0.1 pointing to the hardware address of the RED zone...it is supposed to be the GREEN Zone.  

Now I do see where I can add a static entry, but I am wondering if there is a way to resolve this without doing that?  I only ask because I don't want to have to always remember to add this static ARP entry for every new computer that gets added to the network, it would seem that it should just work!  :-)
0
 
JeffSchaperCommented:
Hi Kevin, am I correct to assume that you have both NICs are teamed so they use the same IP address?
0
 
kevingibbs1Author Commented:
No Jeff, they are not.  One has an internal IP address of the internal network and the other has the IP of the external network.  This is exactly how you are instructed to setup up an IP cop firewall with a reg and green zone.
0
 
kevingibbs1Author Commented:
Technically, I don't have a solution for this.  More of a workaround.   What I have done is in the user's login script there is a line that adds a static ARP entry to the router's mac address.  Why on earth I have to do that I have no idea, but it seems to be working fine now.  Thanks!
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now