Solved

Win7 Internet Connection to the web Failing

Posted on 2010-08-15
26
463 Views
Last Modified: 2012-05-10
We are unable to connect to the internet via our new Windows7 box.

We have 4 other computers on the network, which we can see fine, we just cannot get out to the web.

In services.msc, we have these set to automatically load:
SSDP Discovery
Computer Browser
TCP/IP NetBios Helper
Server

We have a static IP address assigned in the network card, and netbios over TCP/IP is on.

We have manually hooked a cable from a different network to this box, and it hits the internet fine. It's just going through this hardware/firewall router that it fails. We are using Netgear. All of our settings are the same for this box, as they are on the other 4 boxes that connect fine.

Our Outgoing settings on the netgear firewall are set to ALLOW ALL and there are no other settings to turn off anything outgoing.

We have tried with both the Windows Firewall on and off, with no differences.

We are using our AT&T T1 service privider's DNS IP Resolver addresses on the network card and in the firewall.
Can someone please help? Our globe is disabled.

Thanks!
0
Comment
Question by:BobCSD
  • 14
  • 5
  • 4
  • +2
26 Comments
 
LVL 5

Accepted Solution

by:
jhill777 earned 42 total points
ID: 33441828
Can you ping the gateway?
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33441887
jhill,
No I get a request timed out.
 
0
 
LVL 14

Assisted Solution

by:btdownloads7
btdownloads7 earned 167 total points
ID: 33442028
please open the command prompt and type "ipconfig /all". I'd like to know the IP address of the machine, the gateway address, and the DNS server addresses. Also, you said that you assigned an IP address to that machine, but I'm not sure what you meant -- are you setting it up on a Static IP, or did you assign a static DNS on the router (or server, or firewall, whicever device you are using as a DHCP server)?
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33442039
if I type in ipconfig /all and provide you with all that information here in a public forum, isn't that messing with my security?
Also, since I'm trying to get OUT on the network and not allowing people IN, how does my publishing that here help answer the question?
I assigned a local address, such as 192.168.10.x to the card, static.
 
I didn't assign a static DNS. I assigned the DNS of our resolver IP's:
>>We are using our AT&T T1 service privider's DNS IP Resolver addresses on the network card and in the firewall.
I put those resolver IP's both on the card in the DNS area and on the router for the DNS spot.
 
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33442049
IP: 192.168.10.8
Gateway: 192.168.10.1
DNS server:
12.127.16.67
12.127.17.71
 
0
 

Assisted Solution

by:benoitvanier
benoitvanier earned 208 total points
ID: 33442079
What about your subnet mask?
0
 

Assisted Solution

by:benoitvanier
benoitvanier earned 208 total points
ID: 33442096
Let your second dns server as is but change the first one 12.127.16.67 for your gateway adress: 192.168.10.1
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33442114
subnet mask:
255.255.255.0
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33442118
>>Let your second dns server as is but change the first one 12.127.16.67 for your gateway adress: 192.168.10.1
On the card, I changed the first one to the 10.1 address. However, it did not fix the problem.
 
0
 
LVL 2

Assisted Solution

by:tekrage
tekrage earned 83 total points
ID: 33442196
Check if you have proper network connectivity.

Ping the gateway - 192.168.10.1
Ping yourself - 192.168.10.8
Ping another computer on the network - 192.168.10.?  (judging by your IP I would guess 192.168.10.7, 192.168.10.6, ...)
Ping the DNS servers - 12.127.16.67 & 12.127.17.71

Where does it fail?
0
 
LVL 14

Assisted Solution

by:btdownloads7
btdownloads7 earned 167 total points
ID: 33442296
You initially said that pinging the gateway failed. So I just want to verify that if you ping 192.168.10.1 from that machine, you get a time-out. Try pinging the same gateway from another machine on the network. If it works from other machines, but not from that specific one, the firewall device is blocking the connection. Try loggin into the Netgear firewall and see what is shows regarding that PC.

Also, please verify that other computers on the network have the same IP, DNS, and gateway info. (of course, the last section of the IP address would be different)
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33442319
>>You initially said that pinging the gateway failed. So I just want to verify that if you ping 192.168.10.1 from that machine, you get a time-out. Try pinging the same gateway from another machine on the network. If it works from other machines, but not from that specific one, the firewall device is blocking the connection. Try loggin into the Netgear firewall and see what is shows regarding that PC.
yes, from this box it fails (192.168.10.1)
From the other boxes it pings fine.
I have looked at every single page of the firewall, and the Langroups has this box on it, but there is nothing else specific to 10.8. The outgoing firewall options are all Open by default and I have no options set up.
yes, all other working computers use the same IP range, DNS Ip's and gateway.
We bought two new boxes, one is windows7 and another is windows2008 web server, and both have the same problem getting out on the internet.
Our other boxes, Vista, Windows 2008 web server, Windows 2000 web server OS's-- none have any problems reaching the web.
Just the new ones we are trying to add. We've swapped their cables with the working one's slots and that does nothing.
 
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33442323
BTW, these boxes DO recognize and access other computers on the network. They just don't recognize getting out on the internet.
 
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Assisted Solution

by:benoitvanier
benoitvanier earned 208 total points
ID: 33442349
If your netgear router is a prosecure it as group policies that can be applied, it is working with mac adress.
you can find those info under
Network Configuration->
lan sttings ->
lan group
Verified that your computer is in the same group as those who are working, If not, than change it's group apartnance or disable the policies that is blocking that particular group.
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33442451
My new computer is in the same Group1 Langroup.
I setup the computer and put in the mac address and on save, it automatically updates it if I typed it wrong. But I get the mac address from the physical address of ipconfig /all
So yes, I've done that.
 
0
 
LVL 14

Assisted Solution

by:btdownloads7
btdownloads7 earned 167 total points
ID: 33442664
OK, just to rule out a DNS issue, try pinging Google's IP address instead of the WWW address. Ping 209.85.225.99 and see if it works. If it does, then there's definitely a DNS problem. But if you can'e even ping an outside IP address, then it's most definitely a firewall or routing problem.
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33442816
yes, 209.85.225.99 times out on ping.
I can't even ping my own gateway, so didn't figure it would work. :)
yes, I know it's a firewall router issue, because, as I said:
>>We have manually hooked a cable from a different network to this box, and it hits the internet fine.  It's just going through this hardware/firewall router that it fails. We are using Netgear. All of our settings are the same for this box, as they are on the other 4 boxes that connect fine.

I need to know what to do to fix the situation on this firewall/router. We have turned off the software firewall and that does nothing.
Let me give a little background:
About 4 days ago, our mail server stopped sending mails. For no apparent reason. Just every single mail server in the world, it connects, then loses connection,and doesn't send the mail. Period. So we've been looking at why that is happening. Decided maybe the old Win2000 OS and old machine and old version of mail server was the problem, so we bought a new machine, new merak icewarp mail server, new OS, and now we can't get the machine to find the web.
Now on the old mail server, it can find the web, it can relay pop3 (we can receive mails), it can even send SMTP to anyone with an addy on our own mail server, just nowhere else in the world. But connecting to the web wasn't a problem.
On the new box, connecting to the web is our problem. We bought another new box for a web server, and same problem (it is Windows 2008 web server). So yeah, we are at a quandry what is going on with our firewall/router that we can't get SMTP on our mail server and now this. And we had made absolutely no changes to our network, mail server, firewall, or anything. Just out of the blue!
Any ideas?
Thanks.
0
 

Assisted Solution

by:benoitvanier
benoitvanier earned 208 total points
ID: 33442846
Can you provide witch model of router an firmware version?
 I have some of those netgear in house an i can take a look on mine to help me visualise with options can cause this problem.
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33442946
It's a netGear ProSafe VPN Firewall FVX538.
Firmware version 3.0.3-13. Secondary firmware version 2.1.0.7
Thanks!
 
0
 

Assisted Solution

by:benoitvanier
benoitvanier earned 208 total points
ID: 33443010
under security -> firewall: Anny outboud rules?
under adress filters: anny mac filtering?
You can find help in log:, try to enable "routing log" option "lan to wan" section droped pacquet.
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33443185
>>Our Outgoing settings on the netgear firewall are set to ALLOW ALL and there are no other settings to turn off anything outgoing.
Mac Address filtering: None
Everything has been running fine on this firewall for two years, until two days ago the SMTP stopped sending mails and now we can't hook up an additional computer.
Tomorrow we're going to call Netgear first thing, and maybe even run out and buy a new one.
 
0
 
LVL 14

Assisted Solution

by:btdownloads7
btdownloads7 earned 167 total points
ID: 33446852
Have you tried power-cycling the ProSafe firewall? Is ProSafe providing DSN and DHCP, or do you have a server on the network that does that? Try replacing the ProSafe (even with just a cheap router) to see if the problem gets resolved. If it does, then the ProSafe crapped out on you.
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33452320
We purchased a new firewall. It allows the connections for the two new boxes as well as it now fixes the SMTP problem for the mailserver.
However, we had to send the 10,000 mails that had been accumulating and hook back up the old firewall that didn't send the SMTP because the new one gives an error everytime we try to hook up HTTP to multiple boxes. It says that you're only allowed to assign to a port only once. (something like that anyway).
What's that all about? Do some firewalls only allow one port assignment per firewall? Like HTTP, we allow it on one web server. But when we tried to assign it to a second web server, it said it was only allowed to assign a port just the once. Same with the DSNSQL port, and the all the ports.
Our old firewall didn't have that problem. This one was cheaper by about a third, but entirely useless if that's the case. (We have upgraded our firmware to the latest version).
0
 
LVL 2

Assisted Solution

by:tekrage
tekrage earned 83 total points
ID: 33462353
It sounds like you're configuring inbound port assignments, not outbound.  For inbound you can't assign a port more than once per IP address.  I'm not sure how many IP addresses you have that you're trying to assign ports to but if your ISP only gives you one IP address then you can only assign a port one time.  Otherwise how would the firewall know what direction to point traffic if you've got multiple destinations defined for the same port.

If you have multiple public IP addresses assigned by your ISP then you can use the same port over and over again but only once per IP address.  So if they gave you 1.1.1.1 - 1.1.1.5 then you can assign port 80 (HTTP) to 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4, 1.1.1.5 and have each port assignment go to a different (or same) server internally but you can't assign port 80 twice on any one public IP for inbound traffic.
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33496124
My problem with not being able to assign multiple ports (and yes, I have multiple public IP addresses)... was because the Netgear Prosafe firewall box we purchased doesn't support it. It's a cheap version.
 
0
 
LVL 1

Author Comment

by:BobCSD
ID: 33496133
Ok, this is fixed.
Here's the scoop:
We purchase another identical netgear firewall to what we have. Installed it, updated the firmware, reloaded the config file, and it failed too.
So we reset it to factory settings, updated the firmware and manually put in all of our config settings. That did it. It was apparentl a bad config file.
I had even used a backup version from over a month ago, and still it was bad. So go figure. It didn't break down a month ago, only a week ago, so why the month old config file failed too, who knows. But all is well now.
Thanks all!
 
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now