Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

clients can't ping outside

2 views
Skip to first unread message

John

unread,
Oct 30, 2009, 10:25:42 AM10/30/09
to
I'm running BM3.9sp2 on NW6.5sp7
I have a filter defined to allow ICMP in/out both public and private NIC's
on the server.
From the server, I can ping outside addresses when I have this filter in
place, can't when I remove this filter.
However, the clients can't ping outside addresses with or without the filter
in place. In fact, if I unload ipflt and filtsrv, the clients still can't
ping outside addresses.
They get a 'destination net unreachable' error. The clients def gw points to
the BM server and the clients are on the same lan segment as the server.
Any ideas what I can try to fix this problem?
TIA


Mysterious

unread,
Oct 30, 2009, 10:37:51 AM10/30/09
to
John wrote:

> They get a 'destination net unreachable' error.


no, they get "Reply from xx.xx.xx.xx:destination net unreachable".

the xx.xx.xx.xx is the ip of the device you have to look at it as is the
one sending the error. If it is the pc's ip, your DG is wrong. Check for
typos and verify subnet mask is correct.

Craig Johnson

unread,
Oct 30, 2009, 1:15:27 PM10/30/09
to
In article <4AEAB117.5...@nospam.com>, John wrote:
> In fact, if I unload ipflt and filtsrv, the clients still can't
> ping outside addresses.
>
1. Check INETCFG, Protocols, TCPIP and see if routing is enabled. (Not
'end node')
2. Make sure dynamic NAT is enabled on the public IP address (and not
on any other). If it is, try disabling it, reinit, enabling it again,
and another reinit to restart it.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***


John

unread,
Oct 30, 2009, 5:40:45 PM10/30/09
to
you are correct on the message.
the ip address it shows is the address on my Internet router that sits on
the other side of my BM server.
the BM server has a public IP that is on the same subnet as the Internet
router.
BM is working fine for proxy the way things are but when I ping from a
workstation from a dos prompt, it returns that error.
I'm not sure why a ping fails from the workstation. the def gw on the ws is
set to the bm server private ip.
shouldn't the workstation use the proxy server's public ip address to do the
ping?
i can ping fine from the bm server.

mysterious

unread,
Oct 30, 2009, 6:42:31 PM10/30/09
to
John wrote:

> shouldn't the workstation use the proxy server's public ip address to do the
> ping?
> i can ping fine from the bm server.

For that, you have to enable dynamic nat on the public interface on the
bm server.

John

unread,
Nov 2, 2009, 8:47:04 AM11/2/09
to
ok, that's what I didn't have set. It's working now.
Thank you very much for your help.

John

unread,
Nov 2, 2009, 8:47:59 AM11/2/09
to
ok, I didn't have dynamic nat enabled. It's working now.
Thank you very much for your help Craig.

Mysterious

unread,
Nov 2, 2009, 8:53:29 AM11/2/09
to
John wrote:
> ok, that's what I didn't have set. It's working now.
> Thank you very much for your help.
>

you're welcome

Craig Johnson

unread,
Nov 2, 2009, 2:34:06 PM11/2/09
to
In article <4AEE8EB2.5...@nospam.com>, John wrote:
> ok, I didn't have dynamic nat enabled. It's working now.
> Thank you very much for your help Craig.
>
You're welcome.

Be sure to test that enabling nat didn't open up other things too much.
For instance, if you can now browse without using a proxy in the
browser, you have filtering issues. (Filters should block non-proxy
browsing).

John

unread,
Nov 3, 2009, 11:55:51 AM11/3/09
to
ok, thank again craig!
0 new messages