Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Machines not pingable outside network

02 Jun 2010   #1
rdanner3

Windows 7 Home Premium/64-bit
 
 
Machines not pingable outside network

Simply put: My network's machines are not responding to ping that originate from outside my network. This is very bad... since I am running a private server that, nevertheless, needs to be seen from outside the network to be useful.

Have created rule to allow ICMP in (and out) (using Win7 Firewall on this machine) to no effect. Machine still doesn't respond to ping.

This is seriously hampering efforts to test usability of a handful of things I'm working on.


My System SpecsSystem Spec
.

02 Jun 2010   #2
osholt

Windows 7 Profesional x86, Mac OS X 10.6 Snow Leopard
 
 

Quote   Quote: Originally Posted by rdanner3 View Post
Simply put: My network's machines are not responding to ping that originate from outside my network. This is very bad... since I am running a private server that, nevertheless, needs to be seen from outside the network to be useful.

Have created rule to allow ICMP in (and out) (using Win7 Firewall on this machine) to no effect. Machine still doesn't respond to ping.

This is seriously hampering efforts to test usability of a handful of things I'm working on.
Are the PCs you are trying to ping behind a router?

You will need to configure your port forwarding so that when you try and ping your public IP address (the one that identifies your internet connection) the router then sends that ping to the appropriate computer on your network via its private IP.

If I were to ping the public IP address 123.45.6.7 it would ping the IP on port 80 by default which the router would then have to forward to a computer on your network.

If you were to ping 123.45.6.7:81 on the other hand you could set your router to send the ping to another PC.

If you only want to ping 1 PC from outside of your network you may want to consider using DMZ if your router supports it.

This allows your public IP to be directly assigned to one computer on your network, although this does bypass your routers firewall making it more susceptible.

If you have any questions please ask.

Oli
My System SpecsSystem Spec
03 Jun 2010   #3
devolutionist

Win7 64
 
 

Offhand I'd say that your router - not the Windows 7 firewall - is blocking the ping. After checking that ICMP isn't being filtered by your router, you should check to see if the ping is at least making the inbound leg of it's journey. Remember, a ping goes to your destination, and then back - and asymmetric routing or firewalling happens all the time. What I would do (after considering the previous poster's advice and checking the router) would be to install something like Wireshark on your internal server. Once that's up and a capture session is running, fire off the ping from the external host and you should see them hitting the target host running Wireshark. If you see them making it that far, then you know you need to focus your efforts on the outbound leg of the ICMP packet's journey.

Bear in mind also that unblocking ICMP at your router might solve your ping problem, but at the same time it'll open you up to DDoS and other ICMP attacks. Check your router's settings for a "choke" setting that limits the number of ICMP packets that it'll allow in a given timeframe. It's also possible that this setting is already enabled and you're currently being probed with ICMP - and your pings are a casualty of the unwanted ICMP probes. You can try to mitigate this by setting up a rule on your router that only allows ICMP from the external host you're pinging from.

Good luck,
/d.
My System SpecsSystem Spec
.


09 Jun 2010   #4
rdanner3

Windows 7 Home Premium/64-bit
 
 

Quote   Quote: Originally Posted by devolutionist View Post
Offhand I'd say that your router - not the Windows 7 firewall - is blocking the ping. After checking that ICMP isn't being filtered by your router, you should check to see if the ping is at least making the inbound leg of it's journey. Remember, a ping goes to your destination, and then back - and asymmetric routing or firewalling happens all the time. What I would do (after considering the previous poster's advice and checking the router) would be to install something like Wireshark on your internal server. Once that's up and a capture session is running, fire off the ping from the external host and you should see them hitting the target host running Wireshark. If you see them making it that far, then you know you need to focus your efforts on the outbound leg of the ICMP packet's journey.

Bear in mind also that unblocking ICMP at your router might solve your ping problem, but at the same time it'll open you up to DDoS and other ICMP attacks. Check your router's settings for a "choke" setting that limits the number of ICMP packets that it'll allow in a given timeframe. It's also possible that this setting is already enabled and you're currently being probed with ICMP - and your pings are a casualty of the unwanted ICMP probes. You can try to mitigate this by setting up a rule on your router that only allows ICMP from the external host you're pinging from.

Good luck,
/d.
I am aware of the ICMP security problem. I am not entirely ignorant of networking security (and am going through Network+ yet again; it has changed since the last time I was certified in it.)

I have tried to keep a screen-shot log of what I've tried (step-by-step) and it is attached, but out of date. It rather alarmed me when the router was set to allow ICMP bi-directionally, Win7's Firewall was DISABLED and still nothing. That should not have happened. Even now, with Win7's firewall with an explicit rule permitting ICMP ping bi-directionally, I'm still getting nowhere.

Have installed Wireshark, am studying how to get it to capture, and nothing. So far, it's not capturing anything. Chances are real good I'll be embarrassed at some step I failed to do once this is resolved.


Attached Files
File Type: doc Proof of What Has Been Done.doc (938.0 KB, 40 views)
My System SpecsSystem Spec
31 Aug 2010   #5
rdanner3

Windows 7 Home Premium/64-bit
 
 

Quote   Quote: Originally Posted by rdanner3 View Post
Chances are real good I'll be embarrassed at some step I failed to do once this is resolved.
Hooboy, is my face ever red . It was the router's fault. Or more precisely, I goofed a bit. Forgot to set up a service. It's working for one machine on the network, but not (for now) on the others. Yet more work to be done. :sigh:
My System SpecsSystem Spec
06 Dec 2010   #6
jharris1993

Two soup cans and some string.
 
 

I discovered some more very interesting "issues" about this. (Make that read, things that can give you grey hair!)

At the risk of cross-posting (which I know can get me my fingers broken), I am going to insert the text of a comment I made on social Technet.

========= Begin inserted text ===========

Update:


This has more aspects than a cat has hair! I have discovered:
  • Most, if not all, of the rules established for the "Private" profile have their remote scope set to "local subnet" instead of "all". This is really easy to miss as this setting is way off-screen to the right. (Unless you have your window set REALLY wide!)
  • On the Advanced tab, there is another setting - Interfaces - that needs to be checked. You need to make sure that whatever interface you are using (or "all") is actually selected.
  • The "edge traversal" setting appears to have no effect whatsoever if you are behind a hardware router.
  • If you have the Windows Firewall window open, showing rules (or whatever), and you restart the Windows Firewall service, the objects within the windows become "invalid" (i.e. "Invalid Handle"), and saved settings don't get saved. And you don't always get a warning either. Note that they LOOK like they have been saved, but the REALLY HAVE NOT been saved at all. If you are wondering, close the Windows Firewall window, and then re-launch it, to see if the settings are "sticky".
I'm rapidly becoming convinced that it really IS a conspiracy!

Jim

================ End inserted text ================

The take-aways here are these:
Check your remote scope, especially if using a "Private" profile.
Check your interfaces, especially if creating a rule by hand.
Verify that your session to the Windows Firewall service has not become invalid by restarting the session.

Jim
My System SpecsSystem Spec
10 Jan 2011   #7
flower88

Windows 7 Ultimate x64
 
 

you may visit some speed test sites.....
My System SpecsSystem Spec
Reply

 Machines not pingable outside network




Thread Tools





Similar help and support threads
Thread Forum
Can't see/connect to other machines on network when VPN'ed in
It hasn't gotten much attention in the Networking Section so I thought I'd post it over here as well. I have VPN service running on my Linksys DD-WRT router at home, so I can VPN back into my home network when using unsecured wireless internet on travel. I also have remote desktop port...
Network & Sharing
Can't network 2 machines
I have 2 machines MACHINE1 and MACHINE2 running Windows 7 Ultimate x64 and am trying to map to the D: drive from MACHINE1 machine on to MACHINE2. I enter \\MACHINE1\D$ as the drive address but then it tells me access is denied. The account name and password is the same on both machines (no domain...
Network & Sharing
Can you network with win7 and XP machines
I am having problems with connecting my new win 7 computer to my network (all of which are XP). I cannot access my network drive or for some strange reason Outlook. Any suggestions? thanks Brian
Network & Sharing
Hotfix for XP machines not showing up in W7 Network Map
I found a hotfix for those who have XP machines on their networks that don't show up on the W7 Network Map. What happens is the XP machine will show up at the bottom of the screen and can't be placed on the map correctly. It has to do with a protocol that Microsoft uses called Link Layer...
Network & Sharing
Windows 7 machines can't get network but XP can?
I've recently installed some windows 7 machines on our network and they don't seem to be getting valid network configs. It sees the correct DHCP info and DNS servers and you can ping the gateway and other computers on the same subnet but when you try to ping other subnets or out to Google it won't...
Network & Sharing
Can't see NAS or XP machines on Network (64 bit RC)
So I have a network with 3 computers, a readynas, and multiple network printers. Two machines have 64 bit RC 1, one has XP. XP machine can see both Seven machines, and NAS. 64 bit machine one can see everything as well. 64 bit machine two could see everything when I did the first...
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:07.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App