Network won't work

Answered Question
Jan 22nd, 2006
User Badges:

I have a problem networking. Hope you can help me.


Here's what I have,


11 units running on Windows XP

1 unit (w/c I will call PC 1)

1 D-Link DES-1024d 24 port 10/100 ethernet switch


I've done ping tests and the results are baffling.


All units can ping PC 1. That's about it. No unit can ping any other unit in the network except for PC 1. PC 1, on the other hand can't ping any other unit. I've reformatted PC 1 and installed Windows Server 2003 and then to XP and the results are the same.


Add'l NFO:

Internet Access seems to be fine on all units. I've tried the ping tests with and without the Internet Access and the results are the same. I've tried various IP Addresses from 192.168.xx series to 169.254.xx to 10.x.x.x. Nothing seems to work.


One more thing. When I add a network place on 'My Network Places', I can see the computer names of the other units but when I click on nothing shows.

Correct Answer by Richard Burts about 11 years 7 months ago

When you ping from some other unit to PC1 the other unit sends a ping request (an ICMP packet) to PC1 and PC1 sends a response to the unit. If this works then it demonstrates that you have basic IP connectivity between the unit and PC1. If PC1 can not ping the unit it can not be because of an problem in IP connectivity and must be because either something is preventing PC1 from sending the request or something is preventing the other unit from sending the response. This sounds like there may be firewall(s) running that are preventing the ping from success. Are there firewalls running on any of this equipment?


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Richard Burts Sun, 01/22/2006 - 04:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

When you ping from some other unit to PC1 the other unit sends a ping request (an ICMP packet) to PC1 and PC1 sends a response to the unit. If this works then it demonstrates that you have basic IP connectivity between the unit and PC1. If PC1 can not ping the unit it can not be because of an problem in IP connectivity and must be because either something is preventing PC1 from sending the request or something is preventing the other unit from sending the response. This sounds like there may be firewall(s) running that are preventing the ping from success. Are there firewalls running on any of this equipment?


HTH


Rick

williamwbishop Sun, 01/22/2006 - 04:42
User Badges:
  • Bronze, 100 points or more

Also don't forget to turn off firewall in XP, it's a pile...and causes us more connectivity problems here than you could imagine.


Can you give us some specifics on hardware, nics, pc model, etc.

Froix1234 Sun, 01/22/2006 - 16:40
User Badges:

That did it! Thanks.


Apparently, my units are running a 60 day trial Norton Internet Security with Firewall.


Thanks for the help and the nfo.

Froix1234 Sun, 01/22/2006 - 16:44
User Badges:

Thanks again for the help. I have a follow-up question though. How important is the firewall? Can I install one without affecting connectivity within the network?


By the way, I do have a router installed.

Richard Burts Sun, 01/22/2006 - 18:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Froix


I believe that the answer to your question about how important is the firewall is that it depends a lot on your situation. If the PC is connected directly to the Internet (or connected directly to a cable modem/DSL modem which functionally is being directly connected to the Internet) then I believe that a firewall is absolutely curcial. If the PC is in an enterprise network which is well protected by an enterprise firewall external to the PC then the firewall on the PC is nice but not so important. Many situations fall somewhere in the middle of this. These days I would certainly not want to have any PC that has any degree of Internet connectivity without some kind of firewall protection.


The answer to your second question about being able to install a firewall without affecting connectivity with the network is that you should be able to configure the firewall so that it does not prevent desired connectivity to the rest of your internal network.


HTH


Rick

Froix1234 Sun, 01/22/2006 - 18:50
User Badges:

Rick,


Thanks a lot for the information. However, I still have a lot to learn.


I've heard that routers also act as firewalls somewhat. How effective is it?


Can all firewall softwares be configured to control connectivity within the network?


Froix

williamwbishop Sun, 01/22/2006 - 22:38
User Badges:
  • Bronze, 100 points or more

Routers are a protective layer if you are natting through them, plus you can with more strenuous configurations control what comes in and goes out of the router...so yes, to a degree they can be a firewall.


Can all software firewalls? Unknown, I've used a few dozen and I've never been that thrilled with a software firewall. For the most part, a nat layer will give you fairly decent protection. Software firewalls can give you added protection but there is a price to pay and that comes in administrative overhead, you will suffer numerous configuration problems, plus failures, unexpected behaviour, etc.

Richard Burts Mon, 01/23/2006 - 14:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Froix


In rather absolute terms a router makes decisions about how to forward packets through the network and a firewall inspects packets entering the network or passing through the network and makes decisions on what should be allowed to go through. But Cisco has been putting more and more firewall type logic into some versions of the IOS. So that for some people and some situations a router can provide satisfactory firewall functionality.


You ask how satisfactory it is to do firewall on a router. I believe that there is no absolute answer to this and various people would answer it in different ways depending on their perspective and their approach to implementing security. Some people have an approach that values consolidation of function and if they can get one device that will both forward packets and will inspect the traffic to screen out undesirable traffic, then they think that they have a very satisfactory solution. Other people have an approach that wants to divide functionality and put each function on a device that is optimized for that function. They want a device that is optimized for forwarding packets through the network and they want a device that is optimized for screening packets in the network and does stateful inspection of traffic with knowledge of how various applications are supposed to act. For the first group the combined router/firewall is a satisfactory solution while for the second group the separate router separate firewall is the satisfactory solution.


So I believe that you should evaluate your network requirements, decide on which approach is a better fit for your particular environment and go in that direction.


HTH


Rick

Actions

This Discussion