Teacher
•
32 Messages
certain IP addresses blocked on one computer
Hi,
I thought I was having the same problem as GregDO, but it appears mine is different, as my IP address does not start with 172.
I can connect to everything via my ATT router except websites on both my GoDaddy hosting accounts.
Earlier I had remedied this by switching to Google's DNS server at 8.8.8. That worked for several weeks but stopped working yesterday. I also tried changing my router to make my main work machine a DMZ, also to no avail.
This morning I tried a factory reset on my router, after which I had access to websites on these two IP addresses for about 15 minutes before they were blocked again.
I can connect to these addresses with no problem when I am using my mobile hotspot.
I can also connect using a different computer with identical settings.
I interact with these IP addresses heavily, as I am a web developer. I suspect that they are being blocked by some kind of firewall, either on the router or upstream at ATT.
Because the problem reappeared shortly after I reset the router, I am concerned that the problem may lie upstream from it - i.e. ATT is assuming some sort of exploit is occurring and is explicitly blocking traffic between the mac address of the affected computer and the two IP addresses that I most want to connect to.
I have a technician coming out to look at the problem this afternoon, but am worried that he or she will not be able to resolve the situation.
I'm wondering if anyone in the community has insight into this problem.
Saill
JefferMC
ACE - Expert
•
35.1K Messages
10 years ago
I can pretty much guarantee that the technician visit is a waste of time for a problem such as this. Have you looked in the logs of the Residential Gateway for clues? Information about discarded packets, etc.
I agree with you that this is unlikely a problem like the other user experienced, since rebooting your RG fixed the problem, even for a while, it is very unlikely that it is a routing/filtering issue in a remote network, such as appears to be affecting him.
Have you done traceroutes when access is working and again when it is no longer working?
What errors/messages do you get when it is not working?
What ports/protocols are you trying to use? 80/443? 21/22?
0
0
sailll
Teacher
•
32 Messages
10 years ago
Oops - I selected "accept solution" because I agreed with JefferMC that the technician probably won't help at all. Is there a way to change the status of this back to "unresolved"?
As for traceroutes - here they are.
1. Using mobile hotspot:
sudo /usr/sbin/traceroute --tcp 72.167.1.128
2. Using ATT router
sudo /usr/sbin/traceroute --tcp 72.167.1.128
The oddest thing is that the problem is so far ONLY with port 80 (http). I haven't tested 443, but am having no problem at all with ftp (21) or ping(1). Clearly traceroute works fine as well.
Saill
0
0
JefferMC
ACE - Expert
•
35.1K Messages
10 years ago
Some more questions/things to try:
0
0
sailll
Teacher
•
32 Messages
10 years ago
Well THAT was a shocker. Excellent technician came out, checked the line, gave me a new RG, and so far so good with those IP addresses.
Totally weird.
Only thing that makes sense is that I didn't manage to do a complete factory reset on the old RG and some scraps of the old firewall were still in place.
It's been about 20 minutes and all is still well.
Fingers crossed that it holds.
Saill
p.s. - thanks for the further suggestions Jeffer. Good ideas. With luck I won't need to explore further.
0
0
sailll
Teacher
•
32 Messages
10 years ago
Ok, this is extremely frustrating. The exact same problem has suddenly cropped up again with the new RG.
Tried setting DNS to Google's and making this machine a DMZ. Absolutely no effect at all.
I am getting extremely angry about this.
0
0
ATTU-verseCare
Community Support
•
6.7K Messages
10 years ago
Hi @sailll ,
I apologize for the issues you are having accessing certain sites. For some reason it sounds like it may be IP base. When your router gets replaced, usually, you will receive a new WAN IP address. Have you noticed any issues with a telnet connection as JefferMC suggested?
-David T
0
0
sailll
Teacher
•
32 Messages
10 years ago
Hi @ATTU-verseCare ,
Yes I did get a new IP address with the new router.
I just now tried telnet to the two affected IP addresses. Using the ATT RG I can not establish a connection at either on port 80. Using my mobile hotspot I establish an immediate connection:
With ATT RG:
telnet 72.167.1.128 80
Trying 72.167.1.128... telnet: connect to address 72.167.1.128:
Connection timed out
With mobile hotspot:
saill@linux-mctl:~> telnet 72.167.1.128 80
Trying 72.167.1.128...
Connected to 72.167.1.128.
**Edited to add**
I have no "websafe" solutions installed anywhere. TCP syncookies is not enabled in my kernel, and at any rate that would not explain why I can connect through my mobile hotspot.
Also, I can immediately connect to port 21 via telne through the RG:
saill@linux-mctl:~> telnet 72.167.1.128 21
Trying 72.167.1.128...
Connected to 72.167.1.128.
Escape character is '^]'.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
**end edit **
As earlier, I have a second Linux computer with an identical configuration which is able to connect to those two IPs via the RG, with no problem.
I am becoming quite convinced that the port 80 connection between this particular machine and those two IP addresses is being explicitly blocked somewhere upstream from my RG.
About to call ATT again.
This is extremely frustrating. It is preventing me from working.
Saill
0
0
ATTU-verseCare
Community Support
•
6.7K Messages
10 years ago
Hi @sailll ,
With the second Linux machine, is it connected behind the same U-verse connection. If so, I can only assume that there may be an issue, possibly firewall, that is causing this problem. With the IP blocking that we do, we strictly do it based off the IP and not the MAC address. For testing purposes though, is it possible to put a different network card in that one Linux computer or test with a wireless network adapter?
-David T
0
0
JefferMC
ACE - Expert
•
35.1K Messages
10 years ago
I agree with AT&T. If you have one machine that works and another one that does not, through the same RG, it tells me the issue is inside that machine, not with the RG or further on. The AT&T network doesn't know the difference between the two machines.
Do you use a different interface when using the hotspot? If so, then maybe there's some filter on the interface?
0
0
sailll
Teacher
•
32 Messages
10 years ago
Hi @ATTU-verseCare ,
Both machines are connected to the router wirelessly. Unfortunately I don't have a spare wireless card on hand right now.
I will try a wired connection with the machine that is failing to connect. It is my main fast work machine, and I really need it to work.
Saill
0
0