Announcement

Collapse
No announcement yet.

LAN access but not WAN... kind of...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LAN access but not WAN... kind of...

    So I have a server in Midland, Tx. Server 2008 R2. Division manager calls me yesterday around 1:00 and says the whole facility has no internet access. I ping my SonicWALL successfully from my location. I RDP into the server successfully from my location. I say it's an ISP problem.

    Then I try to access the internet from the server and it fails. "This Page can't be displayed". I check the proxy settings on Internet Exploder and it's normal. I flush the DNS, I register the DNS, I reset the winsock. I reboot the server thinking it'll knock some sense into it and it's also been up for a 100 or so days.

    When it reboots, I get back in and I notice the Network Connection icon in my task bar has a yellow triangle. I ping google.com and the triangle goes away. I still can't access google from IE.

    I telnet into www.google.com via port 80. Putty opens it up, eventually the session times out though.

    I run a couple of scanners and don't find anything. I reboot again and when it comes back up, I get the message that it's reverting back because updates failed. So this makes me think that a bad driver came down. Nope, can't roll the driver back.

    It has two NICs so I configure the other NIC with a differnet IP address and have the user move the plug. Nothing. It never picks up. He moves it back.

    Now I'm at a complete loss as I've tried everything that I know of.

    The only thing I haven't done is set the active NIC to dynamic rather than static and run a diagnose on it. The reason I haven't done that is that the second I do it, I'll lose all connection to the machine and without an IT company out there, I'll be stuck as the guy I'm working with isn't computer literate.

    Does anyone have any ideas for me to try that I already haven't?
    I'd rather check my Facebook than face my checkbook...

    Thanks,
    Todd

  • #2
    Did you ping the Google URL or the IP? If by IP then try opening a website using their IP.
    Have you checked the HOSTS. file to see if any unusual entries may be causing an issue(s).
    Has the SonicWALL had any updates of any kind as you appear to be able to go from "outside in" but are having trouble going "inside out"?
    Is there anything in the Event Viewer about this?

    Comment


    • #3
      Have you looked at the proxy server's settings? Aggressive security software? Anything in the event logs?
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Something is blocking the server from accessing the internet.

        Try this.

        1. ping 8.8.8.8 does this work? If this is fine then the server does have internet access.
        2. tracert 8.8.8.8 does this work? If this is fine then the server does have internet access. Check the route that it takes uses the local ISP.
        3. ping www.google.com does this work? If this is fine then the server does have internet access. If it fails then the server cannot resolve DNS. Things to check would be forwarders on the server.

        Those are the basic steps i would take to determine what the issues actually are.

        Any changes recently on the firewall??

        Comment


        • #5
          Originally posted by JJKing View Post
          Did you ping the Google URL or the IP? If by IP then try opening a website using their IP.
          Have you checked the HOSTS. file to see if any unusual entries may be causing an issue(s).
          Has the SonicWALL had any updates of any kind as you appear to be able to go from "outside in" but are having trouble going "inside out"?
          Is there anything in the Event Viewer about this?

          Yes, did that. checked HOSTS (nothing abnormal) No SW updates and no NAT policies out of place...

          I'm saving the resolution for the end!
          I'd rather check my Facebook than face my checkbook...

          Thanks,
          Todd

          Comment


          • #6
            Originally posted by Blood View Post
            Have you looked at the proxy server's settings? Aggressive security software? Anything in the event logs?
            Yes, Proxy settings are norms, Symantec Security (I know, it's horrid but it's what I have for another year!). Event logs show some Group Policy issues and that's about it.

            The resolution is going to be awesome!

            I'd rather check my Facebook than face my checkbook...

            Thanks,
            Todd

            Comment


            • #7
              Originally posted by wullieb1 View Post
              Something is blocking the server from accessing the internet.

              Try this.

              1. ping 8.8.8.8 does this work? If this is fine then the server does have internet access.
              2. tracert 8.8.8.8 does this work? If this is fine then the server does have internet access. Check the route that it takes uses the local ISP.
              3. ping www.google.com does this work? If this is fine then the server does have internet access. If it fails then the server cannot resolve DNS. Things to check would be forwarders on the server.

              Those are the basic steps i would take to determine what the issues actually are.

              Any changes recently on the firewall??
              1. Absolutely! That's was my most perplexing issue.
              2. Did NOT do a tracert on 8.8.8.8 ( Keeping that in the back of the mind for later use).
              3. All things pointed to DNS. DNS looked fine and acted fine.


              The problem was...

              THEY DIDN'T PAY THE BILL!

              Apparently, the ISP had been providing our location with internet for 8 months (Since the two locations were merged) without billing us. They sent us a bill in June and our AP department reached out to the ISP wondering why, all of a sudden we're getting a bill for $300 and another bill for a past due amount. No one from the ISP responded.

              So, Thursday of last week, they cut WAN access. Friday morning they cut everything.

              The district manager went to the ISP and called our AP department and got it straight.

              Thank you all for your responses, I definitely will take them and use them on later problems! As always, you guys rock!
              I'd rather check my Facebook than face my checkbook...

              Thanks,
              Todd

              Comment


              • #8
                Haha Occam's razor
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  So how did you have internet access if the WAN connection had been cut??

                  Glad its resolved now.

                  Comment


                  • #10
                    Originally posted by wullieb1 View Post
                    So how did you have internet access if the WAN connection had been cut??

                    Glad its resolved now.
                    Honestly, I have no idea. I could ping out. I could use Putty to telnet to 8.8.8.8. I could ping obscure websites that I know that server hasn't ever accessed.

                    I could not resolve anything through IE, Firefox or Chrome...

                    It was easily one of the strangest things I've encountered because theoretically, with no WAN access, I shouldn't have been able to ping anything, yet I could...
                    I'd rather check my Facebook than face my checkbook...

                    Thanks,
                    Todd

                    Comment


                    • #11
                      Sounds like your ISP blocked your DNS recursive requests out of your internal system. No DNS resolution, no outside access. Pings, etc., from just the IP worked 'cause DNS wasn't involved. All they had to do was block any traffic out of your system aimed at port 53 (tcp or udp).
                      *RicklesP*
                      MSCA (2003/XP), Security+, CCNA

                      ** Remember: credit where credit is due, and reputation points as appropriate **

                      Comment


                      • #12
                        ^^ yep pretty much the only thing i can think of.

                        Comment


                        • #13
                          Originally posted by RicklesP View Post
                          Sounds like your ISP blocked your DNS recursive requests out of your internal system. No DNS resolution, no outside access. Pings, etc., from just the IP worked 'cause DNS wasn't involved. All they had to do was block any traffic out of your system aimed at port 53 (tcp or udp).
                          99.9% of the time I've dealt with things like this the ISP just goes all out and cuts service. I think that's why it had me scrambling, I'd never, and have never seen an ISP just block DNS resolution like that before. It's actually quite impressive, though fustrating, technically I had 3 to 4 hours of troubleshooting when in all actuality, I should have determined it was an ISP problem within the first hour or so.

                          I live to fight another day...
                          I'd rather check my Facebook than face my checkbook...

                          Thanks,
                          Todd

                          Comment


                          • #14
                            DNS is something that everyone just takes for granted is working, so much so that they overlook it. I've gotten into the habit of verifying direct-ip vs dns-lookup-to-ip as a first step: it takes seconds to do, and can save hours of work. That assumes, of course, that you know the correct IP you should be getting from DNS when you test it, to know that A) it's answering and B) answering correctly for that record.
                            *RicklesP*
                            MSCA (2003/XP), Security+, CCNA

                            ** Remember: credit where credit is due, and reputation points as appropriate **

                            Comment

                            Working...
                            X