To all network Gurus:

C

Corrugated

Limp Gawd
Joined
Apr 9, 2000
Messages
260
We have recently switched our T1 providers and are having a heck of a time figuring out why we no one can reach our web site. Network solutions has been updated with the new IP's, our firebox (firewall) has been updated as well as the IP addresses for the DNS under Windows 2000. Mail and our VPN's work with no problem, but still no one can reach our web site. The site is http://www.badgerpackaging.com . I for the life of me can't think of what I am missing.

Thanks

Corrugated
 
Start taking parts of hte network away such as the firewall and see what it is that's screwing up the connection.
 
Do you have the webserver inside or outside the Firewall?

If it's inside, is the HTTP protocol forwarded right?

in the HTTP prooperties on the firebox it should say something like incoming enabled and the "to" box should be [external ip] -> [internal ip]
 
You might want to look at your firewall. You guys seem to be blocking everything, including ICMP. I know ICMP gets a bad rep for being used for DOS attacks and such, but it is important. =) It's not the cause of your problems, but you might want to re-eval the decision of blocking it.

What kind of firewall do you guys use? Could you post your ACL?
 
Originally posted by marshac
You might want to look at your firewall. You guys seem to be blocking everything, including ICMP. I know ICMP gets a bad rep for being used for DOS attacks and such, but it is important. =) It's not the cause of your problems, but you might want to re-eval the decision of blocking it.

What kind of firewall do you guys use? Could you post your ACL?
Click to expand...


I'm with him ^^
 
Verify the DNS has been fully propagated and that ICMP isn't mucking up the VPN. Check out this thread for more info on how ICMP interacts with VPNs.
 
I'm assuming you're using IIS for webserving. Check the website's properties and see if it's bound to any address in particular.
 
Originally posted by Gertrude
Maybe your webserver is set to listen on the old IP address?
Click to expand...
Quite possible. You or the person before you may very have binded the http daemon (IIS/apache) to a a specific interface. Might want to check that.
 
I can suggest that you do a tracroute from an outside source, also try to contact the server with just the IP from outside. That should eliminate DNS as the problem. If you still can't connect then its some configuration issue somewhere, looks like its time to sniff!
 
Thanks to everyone for your suggestions. The problem came down to having a different subnets for our WAN and ALIAS (public) ip addresses. Our Firebox must have the WAN and ALIAS ip's on the same subnet.

Thank again,

Corrugated
 
You must log in or register to reply here.
Back
Top