Re: Can't access WAN IP's with Cayman and SBC

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 09/30/04 

Date: Thu, 30 Sep 2004 14:21:14 -0500

In article <124982b.0409291634.4426830c@posting.google.com>,
Scott Murray wrote:
>I am trying to switch a small web-site and email server from an
>existing ISDN line to a new DSL line with a Cayman 3546 router. The
>service is SBC's 5 static ip-address service.

Re the mail server. If it's inbound, make sure SBC permits this service,
and is not blocking it. For outbound mail, make sure they're not blocking
that also, and scan the Usenet newsgroup news.admin.net-abuse.blocklisting
to make sure others are not refusing to allow connections - SBC hasn't
got the cleanest reputation for abuse.

>>From a different internet service, I still can't ping any of the 5
>ip-addresses. Shouldn't at least one of them respond to a ping?

Sounds like someone is blocking ICMP type 8 or type 0 or both. Ping has
been abused so badly, a lot of sites are dropping it at the gateway.
Check the logs on your router, and see if the packets were even detected.

>I can ping the address SBC provided with the install listed as "gateway"
>- it is one number higher that the 5 provided ip's - but the pinholes
>don't respond here either.

That's a completely different system (host, computer, router - whatever
you want to call it), and is obviously configured differently from your
system. This does sorta point at your router as the culprit.

>A trace route of this gateway address shows it leading to my location.
>A trace route on any of the 5 provided ip's shows trace results that
>lead up to my location until the last hop - then request time out.

Windows "Tracert" uses pings with incremented "time to live' counts,
and is thus dependent on ICMP types 8 and 0 being permitted, and on
ICMP type 11 (time exceeded) errors from the intermediate hops. If
ICMP 8 (or 0) is blocked, the requests will time out. If ICMP 11 is
blocked, you wouldn't get the per hop data even if types 8 and 0 were
getting through. The original UNIX 'traceroute' from Van Jacobson
defaults to using UDP packets to ports above 33434 in place of ping,
though most versions also can be made to use ping. All that means is
different firewall rules effect things differently.

>I am fairly new to this, what am I missing?

Sounds like overly restrictive (for now) rules on the router. Have
you actually tried to connect to the web site or mail server? What
shows up in the logs?

        Old guy

Relevant Pages

  • Re: Remote Web Desktop Connection - DHCP scope
    ... ping the server and the isp dns as well as access the 'net. ... the workgroup computers can access the internet through the server. ... workgroup computer I can ping 192.168.16.2 but not the router 192.168.1.1 see ... I have a couple of questions, when setting up the two nics, I have not ...
    (microsoft.public.windows.server.sbs)
  • Re: [opensuse] Two NICs, one connected, Ping Both...?
    ... >>> Server is behind a Router, and the Router is doing Port Forwarding. ... >>> Only one of these RJ45 Ports is connected, but I can Ping them both. ... >> From the server itself (pinging its own nics) its normal. ...
    (SuSE)
  • Re: loss of SOME connectivity
    ... I cannot ping out - Ping could not find host yahoo.com. ... Yes, I can ping the router, AND the ISP DNS. ... From the server, if you ping yahoo.com do you get an ip address followed by ...
    (microsoft.public.windows.server.sbs)
  • Re: loss of SOME connectivity
    ... The only issue is that the server cannot send/receive email, ... I cannot ping microsoft's IP address. ... Yes, I can ping the router, AND the ISP DNS. ... I can VNC in AND out. ...
    (microsoft.public.windows.server.sbs)
  • Re: Networking problem
    ... machine 2# HP Z8000 laptop xp media center on board lan and 802.11 windows firewall off. ... router linksys befw11s4 ... Network activity lights flash on the router on the port in use. ... I finally got it to the point that from the desktop i can ping the ip ...
    (microsoft.public.windowsxp.general)