I have centos6 with physical firewall of Cisco ASDM6.1. When I am executing dig gmail.com or dig google.com, it gives me following error:
connection timed out; no servers could be reached
To get the domain resolved, do I need to make any change in firewall? If yes, then what change do I need to make in CISCO ASDM Firewall? If not, then how can I solve this?
If DNS is working fine then check whether firewall is blocking DNS port. if so open the DNS port and see whether it works.
Related
I have a bit of a bizarre problem. I have a Hyper-V VM and I cannot connect to it via IP address on the host computer.
I intend to use it as an SQL server to host a database for a website while I test it, and the first step I can see in this endeavour is to make sure the IP addresses work externally.
Other PCs on the LAN appear to be able to connect just fine via the IP address on Remote Desktop. I cannot do so. I also cannot connect through SQL Management Studio (named pipes or TCP/IP). Although named pipes gives an error relating to being denied access as opposed to IPs which are just not found.
I have tried pinging both ways:
VM => Host : Always gives a "Destination Host Unreachable" error
Host => VM: Always gives a "Request Timed Out" error
As for netstat -a -n, I can see that the VM is listening to 3389 (default Hyper V port, which makes sense).
Regarding Firewalls, all have been turned off on all machines. I can tell that the firewall is not the issue.
If you need any more information to help me to diagnose and treat the problem, please ask me as I would like to get this sorted as quickly as possible.
Thanks a lot in advance.
Which windows server version do you use?
Windows Server 2016 blocks insecure RDP connections (https://support.microsoft.com/en-us/help/4295591/credssp-encryption-oracle-remediation-error-when-to-rdp-to-azure-vm).
Since RDP uses CredSSP you have to install the current Windows Patches.
Do you can ping the DNS server by IP address from your VM?
Is ICMP (ICMP = the thing you need for ping) on your host enabled?
Here is a Checklist for ICMP:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc749323(v=ws.10)
Solved,
Just switched to another physical computer and it was fine.
I have a computer connected to my workplace AD domain where through this connection it has access to the internet and also can connect to a server located on that domain e.g 150.130.xxx.xxx. I wonder how I can keep the connection to the server whilst disabling internet connection so that this computer can connect to the server but not the internet. Any advice?
I found a way by changing the IP settings from "obtain an IP address automatically" to "use the following IP address" and giving it the actual IP address of my machine, then leaving the default gateway and preferred DNS server empty.
Another solution is to simply do route -f in cmd after you've connected to the network. This will prevent internet traffic from being sent to your router. This might be a little simpler than what youre doing - it essentially does the same thing, but all in one convienent little command.
I have 2 instances running on Compute engine, although the documentation says that I'm able to ping and establish a communication between these VMs I can't. I've tried the ping with VM name and ipv4 address. I also tried to configure new work-group for both VMs and nothing.
Here's the link: https://cloud.google.com/compute/docs/vm-ip-addresses
If you are communicating between instances in the same network, you
can send packets to an instance using the instance name, and the
network automatically resolves the name to the internal IP address of
the instance.
My VMs configuration:
Both are in the same network
I even turn off the firewalls
But no connection between at all.
Anyone passed for the same? someone knows what is going on?
How do I solve this issue?
This is due to firewall rules. You need to add the allow-icmp network tag in the Network tags section of the instances edit page >
You can create new Network tags to open up new ports/protocols in the VPC Network>Firewall rules section:
EDIT 1:
Please note that the 0.0.0.0/0 subnet used on the screenshot above opens up the ports to the entire internet and I only used it for demonstration purposes to avoid sharing my IPs. I would STRONGLY advise against using that subnet for firewall rules in a production environment. The internet is a dark and scary place.
This happens to us from time to time - suddenly our 2 instances cannot reach each other through API or even ping. Even though we haven't changed any firewall rules or anything. I guess it's some GCloud glitch.
Nothing we have tried works, except for restarting the instances, then everything works again. So, if anyone has the same, and nothing seems to help the issue, I suggest, as a last resort, to reboot the instances.
Each network in Google Compute Engine has its own firewall configuration which by default will block incoming traffic to your VM. See the firewall documentation to see how the default network is configured and how to apply similar rules to your custom network.
Be sure the firewall rules include the GCE subnet. In your case, it would mean that 10.10.0.0/24 has icmp allowed.
I'm not sure why the firewall rules apply within the network subnet, but apparently they do.
If you did not change network and or firewall rules and use default network and firewall rules then simply edit hosts file (open hosts on all vm, copy hosts line for each vm and add its all other vm) and then try ping. I have tried same between three centos instance and its working.
Make sure you restart the network on VMs in order to work it fine.
This helped me pretty well.
I've been trying to port forward on my router for the last couple days with little success. I just realized that my IP is not in fact static as it is supposed to be, would this cause ports to show as closed?
Not of course.
You can open ports on your firewall.
The problem is that your ip will change and someone to find you again needs the new one. Find your new one there http://whatismyipaddress.com/
You can work with a dns manager like http://www.noip.com/ to have a dns name.
Also the problem with the firewall ports is that your computer will change your IPV4 address and then you must edit your port configs again. Go to run->cmd->write ipconfig and see that your ip is different now.
No, if you setup port forwarding, it will work regardless of what your external IP address is and will remain in place even if your external IP address changes. In other words, traffic will be forwarded to the internal IP address on port you specify, even if the external IP address changes.
Now, the trick is going to be finding out your external IP address when you are working remotely. This is one creative way:
http://lifehacker.com/5737187/use-dropbox-to-find-the-ip-address-of-your-remote-computers
If you're having other issues, try looking into the firewall settings of your computer.
I just tried to publish my website via IIS.
I forwarded the right ports to my LAN and it successfully connects to the LAN, but can't connect the internet.
When using 192.168.1.20:8080 (which is my local IP address), it connects to the website, but when using my external IP address it doesn't work.
What do I do wrong?
Thanks!
It likely has something to do with the port being auto-blocked by your Windows firewall or :80 not being routed to :8080 in your router.
I had this issue too, Windows Firewall's default was to block the :80 port. I just had to go in and make an exception.
-first of all you should have a static IP address.
-second make sure you add the make sure you add that IP address to your Network (NIC) card Interface and I hope it will work fine.
Check This Please or this topics