Things are not going well at the office and I believe that the network admin blocked the internet access for my particular machine. I would like to be able to prove it.
We share a (V)LAN through a small switch with my team. I’m able to ping anything and to resolve DNS names but can’t connect to any website, IMAP server or anything. When I connect to my smartphone’s internet connection sharing everything is ok. I also tried to connect to another VLAN and it worked as well. So I believe that my computer was blocked at firewall level, probably based on my Mac address. The network manager says that it is “because I use a Mac”
Now I would like to be able to prove (if my assumption is right) that the packets are blocked at the firewall level. Any idea how I could do that ?
Certain Firewalls, like Sonicwall, have this built-in. If you’re running the SonicWall Anti-Virus, then you can pass the firewall. The AV is a packaged McAfee agent.
Can you connect to / use any VPN? (OpenVPN based).
Run a Windows on your Mac (Maybe in full screen mode) and see if it works, if not, demand the admin get’s it working. If a VM Windows can access the Net, your Mac “should” be able to do so also. (Unless it’s something like the SonicWall mentionned above.).
A Mac makes it fairly easy to circumvent the network, eg by creating another vLAN adapter…
You can allocate a different Mac…
A Traceroute will only allow access up to the firewall. (Also a “proof”…)
Simply ask you Network Admin, the problem and the reason. It could be a small technical problem. Don’t do anything from your side, if your employer don’t want you to have an internet access.
For the proof you can copy the network configuration (ifconfig > ip.txt)
ping any local device – Which which will prove the local connectivity
ping website – ping google.com
ping google dns – ping 8.8.8.8
check port 53 – cat < /dev/null > /dev/tcp/8.8.8.8/53; echo $? – the output should be 0
nslookup – nslookup google.com
Pagaille lives / works in France, as I recall.
In Switzerland, Germany - and AFAIK also in France: If your working contract does not forbid Internet usage (very rare!), the company is not allowed to forbid Internet…
That’s why I think it’s more a “mandate” to use the security components - like I explained in 1) with the Sonicwall.
Thanks for all your clever suggestions (especially creating a VLAN adapter, didn’t think about that) ! I thought I could also use a spare USB LAN adapter.
You know what ? I bet that Monday everything will work again I believe that the network admin sabotaged my connection on purpose, but he didn’t know that I could so easily point out the reason why.
In the great old game of chess, it’s always a good thing if your opponent thinks you’re a move ahead of him - without realizing you’re actually ten moves ahead!
Of course, without cheating, or thinking about some “chess” player/cheater whose name sounds like “nobody” in german…
Most DHCP servers, including Microsoft and NethServer, will give the same IP to an existing DHCP Client / MAC address when a lease expires, even without any DHCP reservations… So something has been changed by someone…