1

I've got a simple set up here:

        Client C                (Internet)
        10.10.10.5 (Static)         |
        255.255.255.0               |
                  \                 |
                   \             X.X.X.X
Server 2008         \          Untangle Router              Client A (Win 7)
10.10.10.10 (Static)-----10.10.10.2      10.10.11.2---------10.10.11.X (DHCP)
255.255.255.0       /    255.255.255.0   255.255.255.0
                   /
                  /
        Client B (Win 7)
        10.10.10.X (DHCP)
        255.255.255.0

Client A can ping Client B. File share also works. Client B can ping Client A. File share also works. Server can ping Client A. File share also works. Server can ping Client B. File share also works. Client B can ping Server. File share also works. Client A CANNOT ping Server. File share does not work.

I've disabled the firewall on Server. Why does the server reject traffic outside its subnet (Client A) but Client B accepts it?

Edit: Here's proof that the packets are leaving the 10.10.10.2 interface of the UT.

Mon Jan 30 2012 23:54:35 GMT-0500 (Eastern Standard Time)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
23:54:39.197107 IP 10.10.11.50 > 10.10.10.10: ICMP echo request, id 1, seq 223, length 40
23:54:43.952136 IP 10.10.11.50 > 10.10.10.10: ICMP echo request, id 1, seq 224, length 40
23:54:48.844599 IP 10.10.11.50 > 10.10.10.10: ICMP echo request, id 1, seq 225, length 40
23:54:53.885277 IP 10.10.11.50 > 10.10.10.10: ICMP echo request, id 1, seq 226, length 40
23:54:58.902342 IP 10.10.11.50 > 10.10.10.10: ICMP echo request, id 1, seq 227, length 40

5 packets captured
5 packets received by filter
0 packets dropped by kernel
Mon Jan 30 23:55:03 EST 2012 - Test Complete!

Edit #2: I've added Client C, which is also a static IP. I can ping it successfully as well. This is just to verify that the Untangle wasn't doing anything hokey with computers it had not assigned the IP to.

Edit #3: Pings get replied to, until just before the server is all the way booted up. Then the suddenly stop going through...

Joel Coel
  • 12,932
  • 14
  • 62
  • 100
psyklopz
  • 141
  • 6
  • How do you know the packets are actually getting from Client A to the Server? You are going to need to do a couple packet captures to locate the true source of the problem. If the packets *are* reaching the server, verify that the default gateway on the server is set correctly. – EEAA Jan 31 '12 at 03:56
  • As an aside, your server can't be running both 2008 and 2008 R2. You should probably fix your tags accordingly. – EEAA Jan 31 '12 at 03:57
  • I'm sure because they get from Client A to Client B. Default gateway on the server is correct: 10.10.10.2 – psyklopz Jan 31 '12 at 04:01
  • Also, the packet capture built into Untangle shows them leaving out the 10.10.10.2 interface. – psyklopz Jan 31 '12 at 04:02
  • 4
    You can take my advice or you can choose not to. A packet capture on the server is the only way to make sure that Client A's packets are actually getting there. – EEAA Jan 31 '12 at 04:02
  • I'm bewildered that Wireshark on the server is not showing the pings coming in. If I unplug Client B, and change the Server's IP to that of Client B, still nothing gets through. Does the pCap driver run behind the network card's driver? Perhaps it is a faulty NIC driver? – psyklopz Jan 31 '12 at 04:32
  • The obvious difference is that you are passing icmp packets via the ut router. So, do you know whether icmp packets in fact make it past 10.10.11.2? – slashdot Jan 31 '12 at 04:37
  • I can ping from Client A to Client B. Obviously the ping packets make it through the router. – psyklopz Jan 31 '12 at 04:38
  • Can the untangle router ping the server? Also, what kind of switch are you using, is it a managed switch? – Per von Zweigbergk Jan 31 '12 at 11:01

3 Answers3

1

Here's to a lucky 1AM fix...

An old Kaspersky firewall existed from years ago. EVEN THOUGH IT HAD BEEN INSTALLED, PIECES REMAINED and had to be removed by the Kaspersky removal tool.

psyklopz
  • 141
  • 6
0

I think the same as many commentators: Your router seems to be the problem here. Make sure it routes IP traffic in both directions correctly between the two networks.

Nils
  • 7,695
  • 3
  • 34
  • 73
  • After your edit I was about to say that there MUST be a firewall involved - but you found it yourselv. ;-) Mark your answer as accepted asap. – Nils Feb 01 '12 at 21:00
  • StackExchange makes you wait 24 hrs if you have less than 100 rep. ;( – psyklopz Feb 02 '12 at 23:05
0

You say you disabled the firewall on server.

Did you also reboot server after that ?

In my experience Win7 and Server 2k8 have an annoying tendency to keep using TCP settings (including firewall) AFTER they got changed. It takes a reboot to get them fully in effect.

(Among other things they keep honoring ARP's for the old IP address after you change the IP. Makes troubleshooting very "interesting".)

Other than that: Packet capture on the server to really make sure things arrive there, just like ErikA already suggested.

Tonny
  • 6,332
  • 1
  • 18
  • 31
  • Yes. Rebooted. ARP cleared on server as well. Please see my above comment from yesterday, showing that Wireshark on the server does not receive the ping. Refer to Edit #3, again from yesterday, showing that pings make it to the server BEFORE it's fully booted up. Therefore it's not a network problem. It's something on the server. – psyklopz Jan 31 '12 at 22:53
  • It look sto me as if it's the firewall on the server. Allows traffic from local lan but not from accross router. It takes a short while when booting for the firewall to kick in. That explains why it stops working halfway through the booting process. – Tonny Feb 01 '12 at 12:15