Re: Can't ping yahoo.com


"Joe" wrote:

Vivien wrote:
I have DNS set up on our SBS2003 server with forwarders set to our ISP DNS servers. We are able to access the internet and nslookup works fine. I am puzzled as to why I can't ping yahoo.com or do a tracert on yahoo.com or any other external site. Internal pings work fine.
Thanks
Have a wander through your router configuration, looking for 'ICMP', which is the protocol used by the ping and tracert commands, but not by DNS servers or web browsers.

Most routers default to not replying to pings from outside, but can be configured not to allow any ICMP traffic. Also, the Netgear DG834 (and probably others) can be configured to control outbound access of TCP and UDP calls. When it's in that state it cannot also be configured to allow any ICMP traffic out at all, a serious oversight in the design of its web configuration software.

Vivien wrote:
> So in other words this is behaving correctly? If I want to trace a packet
> from my computer to a web site, how would I do this?

Not necessarily, I'm just saying there might be a good explanation for it. If you can confirm that it's a router configuration, then you know where to turn it off. My main client uses the DG834, with most outbound connections denied. If I need to use ICMP, I just turn off the rule until I've finished. That's not ideal, but I'd rather do that than permanently open the firewall to everything outbound, and none of the client's staff use ICMP. If the DG834 had decent command-line facilities I'd fix it, but anything I did would be lost on a reboot or power failure.

Your router itself will almost certainly have a facility for using ping (though probably not tracert), and if that works, but ping doesn't from the SBS, then it looks like the router is responsible. If you can't find a configuration setting for it, then it's time to look for the router model and/or its firmware revision on the Net. If there's a known problem, it should show up with Mr Google's help. While the fundamental software of most routers is pretty solid Open Source stuff, the router manufacturers seem to have a talent for scripting it badly.

Nearly forgot. If the router is blocking ICMP, try power-cycling it first. That fixes a surprising number of odd Internet problems.
.

Relevant Pages

  • Re: How do I stop my PC from returning a "Ping"?
    ... to send out packets and retrieve the incoming replies as well. ... I would bet that he is behind a router, the router is getting the IP ... The router probably can be set up to disable ICMP ... >> Hmmm, but "ping of death" attacks could be pretty major, should they ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Solaris 10 IP Multipathing
    ... for obscure CPU spikes which drop ICMP echo packets and lead to ICMP failovers ... All ping targets must be in the same subnet as the primary interface. ... Since the default router is used as the first target, ...
    (comp.unix.solaris)
  • Re: Solaris 10 IP Multipathing
    ... disabled ICMP due to ping floods etc. ... Your point about setting up the ping list is a very good one. ... Since the default router is used as the first target, ...
    (comp.unix.solaris)
  • Re: Cant ping local computers
    ... >>Internet without any problems via a router connected to a DSL modem. ... They cannot ping each other. ... > Check to make that each Linux box does not have a firewall setup that blocks ... arping uses arp packets instead of icmp packets. ...
    (comp.os.linux.networking)
  • Re: XP/98 ptp and Westell DSL router
    ... Whenever I run the network wizard on the XP box I get scared off when we ... firewall configuration? ... When configured as a NAT router on a private LAN, ...
    (microsoft.public.windowsxp.network_web)