certain IP addresses blocked on one computer

Hi @ATTU-verseCare 

Both machines are connected with wired connection now.  Identical results.

Saill

@JefferMC 

The two machines have identical configurations, including the networking. I keep them rsynced.

When I called ATT earlier the technician was able to see the names of the various devices connected to the RG. That tells me that somewhere upstream the system CAN differentiate between devices.

Saill

Hi @sailll ,

The information that the agent sees is from remotely logging into the router. The router detects each individuals device MAC address and ties it to it's name, so it can route correctly. After it exits the AT&T router, that information is not carried along. From there, it just comes out in a packet that has the information of the Source IP and MAC from the U-verse router. 

-David T

@ATTU-verseCare 

In that case am completely flummoxed by this whole thing. The only other thing I can think of is that I am being blocked or throttled somehow by GoDaddy. That seems much less likely  because I would expect them to block my IP address, which would obviously affect both machines. Nonetheless I will call them and see if there is any possibility of that happening.

Saill

Ok, this is truly bizarre. Was just about to pick up the phone to start the process of quizzing GoDaddy about their firewall. Switched back to RG, and suddenly can connect to both IP addresses again.

Planning to quiz GoDaddy anyway.

Thank you @ATTU-verseCare and @JefferMC for your help and attention. As usual ATT customer care truly rocks.  

Saill

GoDaddy claims complete ignorance, and the technician I talked to was definitely one of the knowledgeable and curious ones.

My connection to one of the IP addresses is down again.

Despite what you say, I know it is possible to block traffic from a given MAC/IP address combination using something like iptables. I am wondering if there is something built into the system at ATT that does this automatically when it detects what it thinks is unusual or excessive traffic between a particular device/IP combination and a foreign IP address. This is all I can think of.

Meanwhile, I guess I'll be burning through my mobile hotspot gigabytes.

Saill

Okay, yes, I misspoke when I said the RG couldn't tell the difference.  That is not true, because the devices have different IP addresses and the RG segregates their traffic.  However, once it forwards the packets, the rest of the network (AT&T, Internet, GoDaddy) sees only the common dynamic IP address; i.e. the two boxes are then equal.

You could try tricking the RG by changing the IP addresses on the two boxes: Statically assign them to the reverse of what they are now.

Hi Sailll,

You said that when you used an ethernet cable, that both machines acted the same. Do you mean that both worked in that configuration? That would tie the issue to the Wifi connection that machine #1 is using to the router. When you connected with a cable, as it uses a different interface and has a different MAC address, it gets a different local IP address and is not in the DMZ. Is there a reason you can't use the cable rather than your hotspot? 

Another issue to me would be that of using the DMZ feature; I would not reccomend that on your main working machine unless it is hardened to withstand being exposed to the wild and wooly internet. The 2nd, working machine is not configured that way and works fine - so the DMZ configuration is not necessary. As a matter of fact, the main working machine being open to the internet in the DMZ might be causing it to react defensively to inbound abuse in some way.

Communication from your PCs to your router utilize their MAC hardware addresses for differentiation. Once they traverse your router to communicate with external addresses, they have gone through a NAT process and packets from either machine only carry the MAC address and public IP address of your router. So I concur that it is some setting or reaction in your first machine that is causing the issue. Given that both your browser AND telnet react similarly, it is machine-wide and not app based. 

Also, though you say you keep the two machines rsync'd – but they must have different host names and IP addresses, right? Are they DHCP or statically addressed? If both machines hop on the same IP address, that may cause packet loss on one of the machines...

I also agree with Jeffer's suggestion to trade IP addresses on the two boxes. But disable the DMZ configuration, and just pinhole any service ports you require coming inbound from the router. Good puzzler! 

@SteveNetGuru 

Actually using the network cable did not change the behavior of the two machines. The fast one could not connect, the slow one could. Exactly as with their wireless behavior.

Similarly Jeffer's idea of swapping the IP addresses caused no difference in the behavior. The fast machine could connect, the slow one not.

And yes, the fast machine is no longer set to DMZplus. I'm glad that didn't work because it would have made me pretty nervous to leave it that way. Both machines are now using Google's 8.8.8.8 DNS, although that also made no difference.

Both machines were using DHCP so rsync works fine for that. I rsync once a day. If I end up keeping static addresses I will do things differently. I might just do that because it's been quite a chore to keep editing my rsync scripts whenever the assigned addresses change.

--

The main point though is that I believe a server at ATT should be able to see both my public IP address and the MAC address of each of my devices, and thus can set a firewall to block any combination of IP/MAC address it chooses. If I were a sysadmin there I might want to write a script that looks for seemingly malicious or excessive traffic from a  particular device so that device's traffic could be blocked without affecting the entire organization. Here is a nice tutorial on using iptables to block traffic from specific devices: http://tecadmihttp://tecadmin.net/mac-address-filtering-using-iptables/n.net/mac-address-filtering-using-iptables/.

Saill

Hi,

With the MAC address, it is not encapsulated in the packet across the entire path. The only MAC address that is in the ipv4 packet is the devices directly connected to it, so the routing table ARP request would not directly effect a device 2 hops away. Also, you have a unique MAC address with each network card, so I am thinking it is not a MAC address block because it is blocking it on both your wired network card and your wireless network card. I am still curious as to what could be causing this. If you have any firewalls, virus scanners, or malware programs, try disabling that and seeing if it works.

-David T