I can't ping the world from inside behind my firewall.

M

mmac

I can't ping the world from behind my firewall. everything works, mail, web dns forwarding, etc. from the inside but I can't ping yahoo.com or anything else from a workstation. Well let me restate that, I cant ping with any regularity. If I leave a ping running (ping -t) I will see a couple responses once in a while but 90% will be timed out. Where would I look for that? I am hooked to a t1 behind a Netgear FVS318 firewall. running win2k domain.

I had the provider check his equipment and he can ping from his box tothe outside just fine.
 
D

David Robbins

I can't ping the world from behind my firewall. everything works, mail, web
dns forwarding, etc. from the inside but I can't ping yahoo.com or anything
else from a workstation. Well let me restate that, I cant ping with any
regularity. If I leave a ping running (ping -t) I will see a couple
responses once in a while but 90% will be timed out. Where would I look for
that? I am hooked to a t1 behind a Netgear FVS318 firewall. running win2k
domain.

I had the provider check his equipment and he can ping from his box tothe
outside just fine.

intermittent pings are odd. try upping the time to wait for a reply with
something like -w 5000 and see if that gets more back to you. also try to
tracert and see if there is one very slow or intermittant hop in the path.
it could be one slow hop that delays the ping replies enough to time them
out, but still allows data through to programs that wait a bit longer.
 
M

mmac

I tried pinging with a 3 second wait and still no luck. I can ping from the
netgear firewall using thier utility but I only get three out of four even
there. the first one always fails.
Here is the trace result:

Tracing route to yahoo.com [66.218.71.198]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 10 ms 10 ms 20 ms csc12001.oak.mdsg-pacwest.com [63.93.97.1]
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 20 ms 20 ms 10 ms w1.rc.vip.scd.yahoo.com [66.218.71.198]
Trace complete.

Got any ideas?
 
D

David Robbins

i would call that a bad connection from your router to the isp. you should
be able to ping your isps' first router 100% with consistantly short
response times...if you can't do that then everything past there will be
even more intermittant.

mmac said:
I tried pinging with a 3 second wait and still no luck. I can ping from the
netgear firewall using thier utility but I only get three out of four even
there. the first one always fails.
Here is the trace result:

Tracing route to yahoo.com [66.218.71.198]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 10 ms 10 ms 20 ms csc12001.oak.mdsg-pacwest.com [63.93.97.1]
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 20 ms 20 ms 10 ms w1.rc.vip.scd.yahoo.com [66.218.71.198]
Trace complete.

Got any ideas?



David Robbins said:
I can't ping the world from behind my firewall. everything works, mail, web
dns forwarding, etc. from the inside but I can't ping yahoo.com or anything
else from a workstation. Well let me restate that, I cant ping with any
regularity. If I leave a ping running (ping -t) I will see a couple
responses once in a while but 90% will be timed out. Where would I look for
that? I am hooked to a t1 behind a Netgear FVS318 firewall. running win2k
domain.

I had the provider check his equipment and he can ping from his box tothe
outside just fine.

intermittent pings are odd. try upping the time to wait for a reply with
something like -w 5000 and see if that gets more back to you. also try to
tracert and see if there is one very slow or intermittant hop in the path.
it could be one slow hop that delays the ping replies enough to time them
out, but still allows data through to programs that wait a bit longer.
Click to expand...
Click to expand...
 
M

mmac

This turned out to be the welchia virus. It was pinging away at random IP's and
just killing my bandwidth. I can now ping and tracert to my hearts content.


David Robbins said:
i would call that a bad connection from your router to the isp. you should
be able to ping your isps' first router 100% with consistantly short
response times...if you can't do that then everything past there will be
even more intermittant.

mmac said:
I tried pinging with a 3 second wait and still no luck. I can ping from the
netgear firewall using thier utility but I only get three out of four even
there. the first one always fails.
Here is the trace result:

Tracing route to yahoo.com [66.218.71.198]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 10 ms 10 ms 20 ms csc12001.oak.mdsg-pacwest.com [63.93.97.1]
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 20 ms 20 ms 10 ms w1.rc.vip.scd.yahoo.com [66.218.71.198]
Trace complete.

Got any ideas?



David Robbins said:
I can't ping the world from behind my firewall. everything works, mail, web
dns forwarding, etc. from the inside but I can't ping yahoo.com or anything
else from a workstation. Well let me restate that, I cant ping with any
regularity. If I leave a ping running (ping -t) I will see a couple
responses once in a while but 90% will be timed out. Where would I look for
that? I am hooked to a t1 behind a Netgear FVS318 firewall. running win2k
domain.

I had the provider check his equipment and he can ping from his box tothe
outside just fine.

intermittent pings are odd. try upping the time to wait for a reply with
something like -w 5000 and see if that gets more back to you. also try to
tracert and see if there is one very slow or intermittant hop in the path.
it could be one slow hop that delays the ping replies enough to time them
out, but still allows data through to programs that wait a bit longer.
Click to expand...
Click to expand...
Click to expand...
 
D

David Robbins

ah, thanks for that update. another symptom of those things to keep in
mind. does your router not have activity lights that might have shown that
the link was really busy?

mmac said:
This turned out to be the welchia virus. It was pinging away at random IP's and
just killing my bandwidth. I can now ping and tracert to my hearts content.


David Robbins said:
i would call that a bad connection from your router to the isp. you should
be able to ping your isps' first router 100% with consistantly short
response times...if you can't do that then everything past there will be
even more intermittant.

mmac said:
I tried pinging with a 3 second wait and still no luck. I can ping
Click to expand...
from
the
netgear firewall using thier utility but I only get three out of four even
there. the first one always fails.
Here is the trace result:

Tracing route to yahoo.com [66.218.71.198]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 10 ms 10 ms 20 ms csc12001.oak.mdsg-pacwest.com [63.93.97.1]
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 20 ms 20 ms 10 ms w1.rc.vip.scd.yahoo.com [66.218.71.198]
Trace complete.

Got any ideas?




I can't ping the world from behind my firewall. everything works, mail,
web
dns forwarding, etc. from the inside but I can't ping yahoo.com or
anything
else from a workstation. Well let me restate that, I cant ping with any
regularity. If I leave a ping running (ping -t) I will see a couple
responses once in a while but 90% will be timed out. Where would I look
for
that? I am hooked to a t1 behind a Netgear FVS318 firewall. running win2k
domain.

I had the provider check his equipment and he can ping from his box tothe
outside just fine.

intermittent pings are odd. try upping the time to wait for a reply with
something like -w 5000 and see if that gets more back to you. also
Click to expand...
try
to
tracert and see if there is one very slow or intermittant hop in the path.
it could be one slow hop that delays the ping replies enough to time them
out, but still allows data through to programs that wait a bit longer.
Click to expand...
Click to expand...
Click to expand...
 
M

mmac

The "router" is actually a "Vina T1 integrator" which combines all our Phone
lines with our Data lines so the activity light is pretty active. The final
clue was turning on the taskbar icon for the network connection and noticing
that the TX light was lit constantly on every machine. I borrowed a sniffer (to
watch network connections on another machine oddly enough) and I watched all the
machines pumping out random ICMP at 200 per second. I was floored!
A quick search on the symantec site revealed that welchia does this very thing
so I got the removal tool and there it was.
Network's a lot snappier now too!

David Robbins said:
ah, thanks for that update. another symptom of those things to keep in
mind. does your router not have activity lights that might have shown that
the link was really busy?

mmac said:
This turned out to be the welchia virus. It was pinging away at random IP's and
just killing my bandwidth. I can now ping and tracert to my hearts content.


David Robbins said:
i would call that a bad connection from your router to the isp. you should
be able to ping your isps' first router 100% with consistantly short
response times...if you can't do that then everything past there will be
even more intermittant.

I tried pinging with a 3 second wait and still no luck. I can ping from
the
netgear firewall using thier utility but I only get three out of four even
there. the first one always fails.
Here is the trace result:

Tracing route to yahoo.com [66.218.71.198]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 10 ms 10 ms 20 ms csc12001.oak.mdsg-pacwest.com [63.93.97.1]
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 20 ms 20 ms 10 ms w1.rc.vip.scd.yahoo.com [66.218.71.198]
Trace complete.

Got any ideas?




I can't ping the world from behind my firewall. everything works, mail,
web
dns forwarding, etc. from the inside but I can't ping yahoo.com or
anything
else from a workstation. Well let me restate that, I cant ping with any
regularity. If I leave a ping running (ping -t) I will see a couple
responses once in a while but 90% will be timed out. Where would I look
for
that? I am hooked to a t1 behind a Netgear FVS318 firewall. running
win2k
domain.

I had the provider check his equipment and he can ping from his box
tothe
outside just fine.

intermittent pings are odd. try upping the time to wait for a reply
with
something like -w 5000 and see if that gets more back to you. also try
to
tracert and see if there is one very slow or intermittant hop in the
path.
it could be one slow hop that delays the ping replies enough to time
them
out, but still allows data through to programs that wait a bit longer.
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

TCP/IP computer can ping world, world can't ping computer 4
Get IP addr from DHCP router but can't ping 2
Certain routers and switches are not accessible through VPN. 0
xp CAN telnet 3389 + ping but CAN'T connect to terminal server 3
Ping stops responding. 7
Can't access URL from the workstation 1
Vista cannot ping itself and from other pc 1
Unable to access DNS names 3

Top