# Ping but no Browse



## djaburg (May 15, 2008)

I've acquired a new client and have resolved several issues their previous IT had neglected to do (such as no AV on half of the workstations) and have encountered a puzzling one. From the server (Server 2008 Standard), I can ping external sites, but I cannot browse to them. Windows updates don't work, can't connect. There are no proxy servers in place, the hosts file is default, and all network settings appear to be correct. The server hosts files and that works fine. It would appears that main thing not working appears to be HTTP and HTTPS access. I've tried firefox and IE as they were already on the machine and neither works. They have a SonicWall TZ200 (Dell Branded) router and I've not found anything obvious there. I'm a bit puzzled and although I'll continue to search, I'm wondering if there's something I'm missing. 

I'm not adverse to working the command line or digging in to the registry, but I'm not sure where to check. All the workstations can connect to the server and access shared files and no other workstation exhibits these symptoms, so I'll assume the previous IT person didn't want people to use it as a workstation. Any ideas where to further my checks?


----------



## JMPC (Jan 15, 2011)

Can you load a web page via the IP address? Where is DNS configured? If you bypass the sonicwall does the internet access work?


----------



## djaburg (May 15, 2008)

Can't load from IP address, not even their Buffalo NAS on the network via web interface. DNS points to their ISP DNS...they're NOT running a domain, which is a entirely different discussion I'll be having with them. I did change the DNS settings manually on the server and no change. I don't have the option during business hours to test bypassing their router, but I will test that the next time I'm in their office, which will be in the coming days.

The client doesn't see it as that big of an issue, like I do, so they're not in any hurry to disrupt their network for testing. I do ultimately have to do what I have to do in order to repair it.


----------



## loda117 (Aug 6, 2010)

Could it be that some rule on Sonicwall is throwing all HTTP traffic to garbage? sort of like what you would do using ACL on Cisco routers?


----------



## ganjeii (Oct 26, 2011)

Are there any software firewalls in place on the server? It sounds like Internet security (corrupted?) is possibly blocking certain packets.

Also check for networking filters in registry possibly left behind from any previous firewalls


----------



## Wand3r3r (Sep 17, 2010)

"I can ping external sites, but I cannot browse to them"

Sounds like a name resolution issue.

If you do a nslookup yahoo.com does it return the correct info?

Is the server pointed to itself for dns?
Is its dns being forwarded to a valid isp/internet based dns server?


----------



## ganjeii (Oct 26, 2011)

djaburg said:


> *Can't load from IP address*, not even their Buffalo NAS on the network via web interface. DNS points to their ISP DNS...they're NOT running a domain, which is a entirely different discussion I'll be having with them. I did change the DNS settings manually on the server and no change. I don't have the option during business hours to test bypassing their router, but I will test that the next time I'm in their office, which will be in the coming days.
> 
> The client doesn't see it as that big of an issue, like I do, so they're not in any hurry to disrupt their network for testing. I do ultimately have to do what I have to do in order to repair it.


Please see bold type, if it was DNS, they should be able to do a reverse lookup.


----------



## Wand3r3r (Sep 17, 2010)

That would assume they had a reverse lookup zone locally. Some folks don't bring up reverse lookup zone locally on the mistaken idea it prevents dns poisoning.

If you can ping but not do name resolution, a prereq for browsing, it usually means its pointed at a invalid or disconnected dns server.


----------



## loda117 (Aug 6, 2010)

another suggestion here: 
where is the DHCP server running? on the actual server or on the tz200?


----------



## ganjeii (Oct 26, 2011)

Wand3r3r said:


> If you can ping but not do name resolution, a prereq for browsing, it usually means its pointed at a invalid or disconnected dns server.


Agreed:thumb:, Please also check for faulty SW firewall


----------



## djaburg (May 15, 2008)

ganjeii said:


> Are there any software firewalls in place on the server? It sounds like Internet security (corrupted?) is possibly blocking certain packets.
> 
> Also check for networking filters in registry possibly left behind from any previous firewalls


After a long day of fixing issues, I'm finally home and able to look at all the responses. The windows firewall has been disabled to eliminate that as a possibility. DNS IS working and has been set to proper DNS servers and verified that they work on my laptop when connected to their network. If there is a router based block, it only affects the "server" (as previously mentioned there's no domain in place and DHCP is handled by the router). I've not been back in their office to attempt to bypass the router to determine is the block is local or router based. 

I did receive a message from the owner indicating he was going to contact the previous IT to find out what they've done, but I'd certainly like to figure it out one way or another. I've made a list of things to try, and I should be back in their office on Friday for more troubleshooting. Since the network is "working fine" and they can access files on the server, they're not in a big hurry to resolve an issue they don't perceive as an issue. Then there's me...I want it fixed.


----------



## ganjeii (Oct 26, 2011)

djaburg said:


> The windows firewall has been disabled to eliminate that as a possibility. DNS IS working and has been set to proper DNS servers and verified that they work on my laptop when connected to their network.


But is there / was there any previous Security software installed? (ie. Antivrus w/ internet based security **3rd party firewall)


----------

