# "Trying to reach google.com" error... how to adjust firewall settings?



## tigercommander (Oct 16, 2012)

:banghead: I keep getting a "trying to reach google.com" error while working on shared google docs for work. I googled it and got to this website Server and firewall settings for Google Docs - Google Docs Help Now, I don't know what this means... Here is the first part of the page: 
*Note:* This article is designed for network administrators and is highly technical.
Google Docs and Sites are designed to work on uninhibited networks. But for domain and network administrators with specific firewalls or servers, the following must be accessible for Google Docs and Sites to function properly:
For the following, *[N]* means any single decimal digit. *** means any string not containing a period.
*Documents List, Documents, Presentations, and Drawings*


*http* (port 80) connection to *docs.google.com*, *docs[N].google.com* and **.docs.google.com*.
*https* (port 443) connection to *docs.google.com* and *docs[N].google.com*. The certificate protecting this connection has *.google.com as its subject.
*https* (port 443) connection to **.docs.google.com*. The certificate protecting this connection has *.mail.google.com as its subject, but has *.docs.google.com as a subject alternative name.
Now I work off a personal computer so I can make any changes I need to, but I don't know what this means. Do I just make a rule to allow port 80 and 443? I read those are for http and https, but I don't want to provide access to any http and https. How do I limit it to just google? If I have to allow ports 80 and 443, how safe is that? Is this more complex than just changing inbound rules? And what does the certificate protecting this connection have to do with this? Is that somehting I need to look for to allow? Any help would be appreciated as it is so annoying to deal with constantly. :dance:


----------



## Wand3r3r (Sep 17, 2010)

I would suspect the document is not referring to your workstation but to the corp router. Port 80 and 443 should be open by default on the router. 

Can you get to a https site? Can others at work get to a https site?


----------



## tigercommander (Oct 16, 2012)

I work from home. I have xfinity internet. I had this same problem when I was in the office. So, the same problem with two different networks. I can go to an https site. I use google email and it's https. No problem. I have no other problems when using google documents, just our shared master sheet. I read on the google support forum that this was a common error message and that some teachers in Colorado first reported it. It said to make adjustments to the firewall and that it was technical and a network administrator needed to do that. Well I work from home and don't have a network administrator nor the money to pay someone. Plus I just like solving problems. Thoughts?


----------



## Wand3r3r (Sep 17, 2010)

link to said document?


----------



## tigercommander (Oct 16, 2012)

There is no link to the master shared sheet... I would need your google email and then I could share it with you. From there you could go on and see. It doesn't do it immediately. Sometimes it doesn't do it for a while. Some days it does it every minute almost.


----------



## Wand3r3r (Sep 17, 2010)

Your situation doesn't fit this criteria
"But for domain and network administrators with specific firewalls or servers"

Fact everthing works but the shared sheet points to the sheet being the issue. Since this is all outbound trafffic, ie you are not hosting this yourself on your pc, there should be no blocking of those ports going on.

But lets do a little troubleshooting.

Start by posting the results of a ipconfig /all when you are at home.
Next go to Shields Up! and do port tests on 80 and 443


----------



## tigercommander (Oct 16, 2012)

Here are the condensed results of the Sheilds Up! Common Ports test:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2012-10-29 at 20:19:05

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 
119, 135, 139, 143, 389, 443, 445, 
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------

Here are the results of the ipconfig /all:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\CBM>
Windows IP Configuration
Host Name . . . . . . . . . . . . : CBM-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.tn.comcast.net.
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.tn.comcast.net.
Description . . . . . . . . . . . : Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-6C-1A-35-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : hsd1.tn.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 44-6D-57-B2-AC-34
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::48e3:6ae0:276d:ff4f%11(Preferred) 
IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, October 27, 2012 12:51:01 PM
Lease Expires . . . . . . . . . . : Monday, November 05, 2012 12:29:32 PM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 239365463
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-58-2B-BE-44-6D-57-B2-AC-34
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.hsd1.tn.comcast.net.:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.tn.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2895:2dc3:bbdf:98bf(Preferred) 
Link-local IPv6 Address . . . . . : fe80::2895:2dc3:bbdf:98bf%15(Preferred) 
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Users\CBM>

:angry:


----------



## Wand3r3r (Sep 17, 2010)

All of that looks good and as expected. 

As an experiment how about changing your dns server from using comast to using google?

google's dns servers are 8.8.8.8 and 8.8.4.4. You would set this in the routers dhcp server.

Lets see if that makes a difference to the google doc


----------

