?
Solved

Unable to Access Certain Web Pages Behind Firewall (Shorewall)

Posted on 2005-02-25
27
Medium Priority
?
500 Views
Last Modified: 2013-12-06
Hi—

A very strange problem has recently surfaced whereby I am unable to access yahoo.com (specifically mail.yahoo.com) and www.ebay.com.  The pages eventually load but not completely.  After about 3-5 minutes some of the graphics and background text will appear.  I have contacted my broadband supplier (COX HIS) and they had me attempt the normal things such as:

1.)      Clear internet cache and cookies
2.)      Reset I.E. to all defaults ("Security" tab, and click on [DEFAULT LEVEL]; "Privacy" tab, then on [DEFAULT]; "Programs" tab, then on [RESET WEB SETTINGS]; "Advanced" tab, then on [RESTORE DEFAULTS].)
3.)      These guidelines will set your browser settings to defaults to ensure you are able to access all Web sites with no restrictions of any kind. You might also need to clear the DNS (Domain Name System) values to avoid having possibly wrong Web addresses that will deter your browser from accessing certain Web sites. The following procedure can only be done of you have Windows XP, 2000 or Server 2003:
4.)      Type "ipconfig /flushdns" (between the "g" and the "/", there is one blank space), and press [ENTER].
5.)      For the new changes to take effect, please perform a soft network reset (restart cable modem and PC)

Anyhow, I have tried all of this, run Webroots SpySweeper and Window Washer, and am still having problems accessing these two web pages.  Every other page I have tried loads instantly (2-3 seconds max).  This Windows XP system is running behind a Red Hat Linux system acting as a firewall using Shorewall.  None of the settings in Shorewall has been changed.  Following Cox’s procedures, I obtained a new IP address.  I also tried plugging the network cable directly into my laptop and yahoo.com and ebay.com both worked immediately.  Therefore, I know the problem lies somewhere between the Windows system and the cable modem (i.e. the Linux box).  What could have changed to cause the very slow loading in these web pages?

Thanks for any help that you can provide to resolve this issue!

Bill
0
Comment
Question by:psuwtb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 10
  • 2
  • +2
27 Comments
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13408872
try this
http://www.annoyances.org/exec/show/article04-107
change MTU on client
use drtcp to change the MTU settings
drtcp (free)
http://www.dslreports.com/front/drtcp.html

http://support.microsoft.com/default.aspx?scid=kb;en-us;319661
it says for ICS, but applies to routers as well
0
 

Author Comment

by:psuwtb
ID: 13409910
I gave you suggestions a try and lowered my MTU to 1472, the first time I received a return ping.  After rebooting I still had no luck in opening ebay.com and mail.yahoo.com.  All other web pages load immediately.  I was unable to run DRTCP as it crashed directly after running it.  I am running Windows 2003 Server on this PC.  I tried making the program run as if this were a Windows 2000/XP machine but it continued to crash.

Thanks for any more help you can provide!

Bill
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13410282
OK, leave the MTU to 1472
check your hosts file
%systemroot%\system32\drivers\etc
should be a file named hosts (not hosts.sam, just hosts, no extension)
open in notepad and see if there are any entries for ebay or yahoo, if so delete them
0
Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

 

Author Comment

by:psuwtb
ID: 13410303
Steven--

The only entry present in my hosts file was the localhost (127).

Bill
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13410434
I'm not familiar with the shorewall firewall, but can you set rules to block access to certain sites on it?
can you reset it to factory defaults and check? You can access them if you by pass the shorewall?
how about if you put your machine in the dmz?
0
 

Author Comment

by:psuwtb
ID: 13411533
Steven--

I checked the settings in the firewall but nothing has been changed.  This has worked fine for two years now with the settings staying the same.

When I plug the network cable directly into the back of my Windows 2003 PC and obtain the IP, I can visit all web pages instantaneously.

After messing around with some settings, I noticed something very suspicious.  If I try to access https://mail.yahoo.com, it loads immediately.  When I use http://mail.yahoo.com, it takes 3-5 minutes and the page never fully loads.  There must be somewhere I can distinguish between these two protocols.  It is just strange that everything else works fine.  http://www.ebay.com still never loads and takes 3-5 minutes for text to appear.

Thanks again,

Bill
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13411945
what happens if you use
http://66.135.192.124
0
 

Author Comment

by:psuwtb
ID: 13411966
It takes 3-5 minutes for some text to appear.  It never fully loads and I received many errors (runtime debug errors)

Bill
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13412100
Well, that eliminates dns problems
lets run a tracert
from a prompt type
tracert www.ebay.com
see where the hop latency is the highest
then run the same thing with out the firewall and compare
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13412121
I found this interesting, with only one page open on ebay (the default home page) I ran netstat -an and got these results
TCP    192.168.2.25:1285      68.22.73.188:80        ESTABLISHED
TCP    192.168.2.25:1287      68.22.73.203:80        ESTABLISHED
TCP    192.168.2.25:1288      68.22.73.203:80        ESTABLISHED
TCP    192.168.2.25:1291      216.73.86.49:80        CLOSE_WAIT
TCP    192.168.2.25:1292      216.73.86.49:80        CLOSE_WAIT
TCP    192.168.2.25:1293      216.73.86.49:80        CLOSE_WAIT
TCP    192.168.2.25:1900      0.0.0.0:0              LISTENING
TCP    192.168.2.25:137       0.0.0.0:0              LISTENING
TCP    192.168.2.25:138       0.0.0.0:0              LISTENING
TCP    192.168.2.25:139       0.0.0.0:0              LISTENING
TCP    192.168.2.25:1257      66.135.208.101:80      TIME_WAIT
notice a lot of connections
0
 

Author Comment

by:psuwtb
ID: 13412166
It looks very similar to me.  The one directly connected to the cable modem opened e-bay right away.  The one behind the firewall didn't work (same as before).

Trace to ebay.com behind Firewall

Tracing route to hp-core.ebay.com [66.135.208.90]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.0.1
  2    14 ms    11 ms    11 ms  ip68-98-130-1.dc.dc.cox.net [68.98.130.1]
  3    14 ms    23 ms    18 ms  ip68-100-1-81.dc.dc.cox.net [68.100.1.81]
  4    27 ms    14 ms    13 ms  ip68-100-0-65.dc.dc.cox.net [68.100.0.65]
  5    11 ms     9 ms    11 ms  mrfddsrj02gex070003.rd.dc.cox.net [68.100.0.149]

  6    12 ms     9 ms     9 ms  mrfdbbrc01pos0103.rd.dc.cox.net [68.1.1.12]
  7    15 ms    14 ms    15 ms  NYRKBBRJ01-POS010000.R2.ny.cox.net [68.1.1.9]
  8    21 ms    19 ms    21 ms  provdsrc01-gew03010999.rd.ri.cox.net [68.1.0.50]

  9    20 ms    18 ms    18 ms  provbbrc01-pos0100.rd.ri.cox.net [68.1.0.42]
 10    50 ms    49 ms    49 ms  chgobbrj01pos010000.r2.ch.cox.net [68.1.0.40]
 11    65 ms    64 ms    62 ms  mtc1bbrc02-pos0103.rd.om.cox.net [68.1.0.47]
 12    67 ms    64 ms    65 ms  mtc1bbrc01-pos0100.rd.om.cox.net [68.1.0.122]
 13    92 ms    91 ms    92 ms  lvxxbbrc02-pos0102.rd.lv.cox.net [68.1.0.92]
 14    93 ms    93 ms    93 ms  lvxxbbrc01-pos0100.rd.lv.cox.net [68.1.0.82]
 15   116 ms   122 ms   112 ms  paltbbrj01-pos010000.r2.pt.cox.net [68.1.0.95]
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.
Trace complete.


Trace without firewall

Tracing route to hp-core.ebay.com [66.135.192.123]
over a maximum of 30 hops:

  1    13 ms     9 ms    11 ms  ip68-98-130-1.dc.dc.cox.net [68.98.130.1]
  2     9 ms     9 ms     9 ms  ip68-100-1-81.dc.dc.cox.net [68.100.1.81]
  3     9 ms     9 ms     9 ms  ip68-100-0-65.dc.dc.cox.net [68.100.0.65]
  4     9 ms     9 ms    11 ms  mrfddsrj02gex070003.rd.dc.cox.net [68.100.0.149]

  5     9 ms     9 ms     9 ms  mrfdbbrc01pos0103.rd.dc.cox.net [68.1.1.12]
  6    16 ms    15 ms    17 ms  NYRKBBRJ01-POS010000.R2.ny.cox.net [68.1.1.9]
  7    20 ms    19 ms    19 ms  provdsrc01-gew03010999.rd.ri.cox.net [68.1.0.50]

  8    20 ms    18 ms    20 ms  provbbrc01-pos0100.rd.ri.cox.net [68.1.0.42]
  9    50 ms    50 ms    49 ms  chgobbrj01pos010000.r2.ch.cox.net [68.1.0.40]
 10    65 ms    65 ms    63 ms  mtc1bbrc02-pos0103.rd.om.cox.net [68.1.0.47]
 11    67 ms    62 ms    64 ms  mtc1bbrc01-pos0100.rd.om.cox.net [68.1.0.122]
 12    93 ms    93 ms    91 ms  lvxxbbrc02-pos0102.rd.lv.cox.net [68.1.0.92]
 13    91 ms    93 ms    91 ms  lvxxbbrc01-pos0100.rd.lv.cox.net [68.1.0.82]
 14   114 ms   115 ms   113 ms  paltbbrj01-pos010000.r2.pt.cox.net [68.1.0.95]
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.
0
 
LVL 2

Expert Comment

by:americanaxis
ID: 13415866
Bill,

You said that this connection has worked just fine for the last two years and has now just started failing?

Your issue is very consistent with a problem that I had a few months ago with one of my DSL connections.

Please answer a few questions.

First, When you plug your Windows machine directly into the cable modem what IP address do you get?
You can find this out by clicking on start, run, and then entering cmd. after this type IPconfig

Second, Have you purchased a static IP from your providor?

Lastly, with the modem connected directly to your machine and seperately with the firewall connected directly go to the following domain name.  http://www.whatismyip.com
What address did you get for each?

Thanks
Ron

0
 

Author Comment

by:psuwtb
ID: 13417015
Ron—

Thanks for your response.  Here are the answers to your questions:

1.)      After raising the issue with my cable company, they had me obtain a new IP address.  I successfully obtained one.
2.)      I do not have a static IP address.  It is a dynamic one.
3.)      After connecting directly to my Windows PC, and separately behind the Linux Shorewall firewall, the IP address is correctly referenced on the webpage http://www.whatismyip.com and is the same via both connecton methods.

Thanks again,

Bill
0
 
LVL 4

Expert Comment

by:bluebirds1984
ID: 13418563
I use IE, and ive had problems before. i used Opera internet browser and havent had any since.
it worked for me, just see if it works for you.

www.opera.com/ 
0
 

Author Comment

by:psuwtb
ID: 13418884
Bluebirds--

I had a similar hunch and decided to install Firefox.  Unfortunately, I had the same results, and Firefox could not load mail.yahoo.com.  This agreed with my main problem because IE will load the web pages fine when the connection is direct thru the cable modem from the Windows PC.

Bill
0
 
LVL 4

Expert Comment

by:bluebirds1984
ID: 13418913
not sure what the problem is, but you could visit other countries yahoo mail websites? i'm not sure if different countries have differnet yahoo mail sites but its worth a try, like the UK ones, or other ones in Europe/australia for example. i'd post the link but im at work and with all external email blocked, i wont be able to tell you!

the same for Ebay, you can search worldwide websites through Ebay UK as well.

also with Yahoo, you can use POP mail through Outlook express.
0
 

Author Comment

by:psuwtb
ID: 13419023
Bluebirds--

As I have previously posted, I am able to visit https://mail.yahoo.com without any problem.  I am not looking for a way to circumvent the problem, rather a way to solve it directly.  I do appreciate your suggestions for a temporary workaround though.

Thanks,

Bill
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13419115
You have moved the machine to the DMZ, with the same results?
0
 

Author Comment

by:psuwtb
ID: 13419139
Steven--

I have not had a chance to try that yet.  Once I get home from work I will give that a try.

Bill
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13419164
Is the firewall doing the NAT for you?
0
 

Author Comment

by:psuwtb
ID: 13420340
I do not believe that the firewall is performing any sort of NAT.

Bill
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13420437
Then what is doing your NAT?
0
 

Author Comment

by:psuwtb
ID: 13420513
Okay, I didn't fully understand how NAT worked.  You are correct, my firewall handles all NAT translations.

http://www.shorewall.net/FAQ.htm#id2435217

Bill
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13420556
I'm trying to see if it's a NAT problem or a firewall (blocking) problem
0
 

Author Comment

by:psuwtb
ID: 13454618
Well I was able to solve the problem on my own.  I am still not 100% sure what the actual problem was but I ended up installing the newest version of Shorewall and it seems to have cleared up the problem.  Thanks for all of your help in attempting to track down this problem.

Bill
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13490875
Closed, 250 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question