Hello! I would like to share some experience of other people in their Network. If you are the network administrator, I think this must be implemented:
1. Network and Security Policy
2. Network Auditing every month
3. Checking of Policy every quarter
4. Network Report every quarter
5. Content Filtering and Proxy for users (optional). This helps me a lot.
Note: Of you guys out there can add more. It would be great!
The problem starts here!!!
Setup: Linux (Gateway), IP Tables (Firewall), Squid (Proxy), Dansguardian (Content Filtering) and a DHCP.
Senario: Your client/users opened his/her web browser but no Proxy Authentication POPup (client browser is configured to use proxy server). The client/user restart the browser but nothing happened. He/She tried to restart the computer but nothing happened =D. Other System Administrator tried to check if the proxy server is running correctly in the server and double check the firewall. But proxy server and firewall are running correctly, what do you think is the problem?
Gateway IP Address: 192.168.3.250
Here are some basic steps to troubleshoot this problem:
1. Make sure proxy is running correctly.
2. Make sure proxy authentication is enabled in the server.
3. Try to reconnect your LAN Cable or try to release and renew IP Address:
For Windows: ipconfig /release ipconfig /renew For Linux: /etc/init.d/network restart /etc/rc.d/networkmanager restart /etc/init.d/networking restart 4. Double check network settings of Windows For Windows:ipcofig /all IP Address: 192.168.3.125 Netmask: 255.255.255.0 Gateway: 192.168.3.250 DNS Server: 192.168.1.1 (Make sure DNS Server is Correct) For Linux: ifconfig
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 192.168.3.125 netmask 255.255.255.0 broadcast 192.168.3.255
inet6 fe80::21c:bfff:feac:c3f3 prefixlen 64 scopeid 0x20<link>
ether 00:1c:bf:ac:c3:f3 txqueuelen 1000 (Ethernet)
RX packets 890738 bytes 1035419263 (987.4 MiB)
RX errors 0 dropped 18 overruns 0 frame 0
TX packets 948781 bytes 139179037 (132.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Check the gateway route -n
0.0.0.0 192.168.69.50 0.0.0.0 UG 0 0 0 wlan0
192.168.69. 0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
Check the DNS cat /etc/resolv.conf
# Generated by NetworkManager
tracert 18.104.22.168 Tracing route to 22.214.171.124 in-addr.arpa [126.96.36.199] over a maximum of 30 hops: 1 <1ms <1ms <1ms 188.8.131.52.in-addr.arpa [192.168.1.1] 2 184.108.40.206.in-addr.arpa [192.168.1.1] reports: Destination host unreachable. Trace Complete 6. Check Windows Event Logs " Event Logs from windows indicated that the IP Address lease 192.168.3.64 for the Network with network address 0xB8A386077582 has been denied by the DHCP Server 192.168.1.1 (The DHCP Server sent a DHCPNACK message)." 7. Windows Lan Manager has !(exclamation point), indication that their are conflict gateway or DNS in Network. Conclusion: Therefore their are other gateway(router) installed in your network. This gateway broadcast DNS on other workstation. Think what are the events happened before the problem (this is helpful when it comes to troubleshooting). Trace the other gateway(router) and turn it off.