[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Can't get to two websites

Posted on 2005-04-07
12
Medium Priority
?
254 Views
Last Modified: 2010-04-10
I need some professional IT help.  I have 2 websites, 2 different servers, 2 different IP addresses, hosted by 2 different companies.  Both sites we moved to a new server and given a new IP address.  From my t1 line at work, i can't get to either one since the switch.  From home, i can get to it just fine.

Can anybody give me ideas as to why i can't get to these websites?  Would my network be blocking these sites?  Maybe they haven't updated with the new IP yet.  I'm not quite sure.  On my network, i have:

Cisco 1400 series router
Cisco PIX 506E Firewall
Windows 2000 Server running AD, DNS, DHCP

I have done a tracert and ping on both of these sites.  They both get through my ISP and they both hit the hop before the final hop.  But for some reason, i can't get to that last hop to complete the connection.  If i ping, they both time out.  I have been on the phone with my ISP, Webhost, etc and they all say everything is fine.  (even though i don't believe them.)  
0
Comment
Question by:sbock
  • 4
  • 3
  • 3
  • +2
12 Comments
 
LVL 8

Assisted Solution

by:ITDharam
ITDharam earned 200 total points
ID: 13731684
You also never get to the last hop when you're trying to hit internet devices, almost all firewalls will block ICMP...most routers don't by default, that is why you get the intermediary hop responses.

Well, when doing a change like this you will have to typically wait 48-72 hours before the DNS propogates, some servers will update faster than others for various reasons which could explain why you can access it from one place but not another.

One quick test for this is to do an nslookup from the command prompt and put in the name of your website, you will receive the IP as an answer.  That IP needs to be the same from either place.
Answer should look like

Name:    www.cisco.com
Address:  198.133.219.25

Just to confirm, neither of the sites were, or are now, hosted at the place where you work?

0
 

Author Comment

by:sbock
ID: 13731890
yes, neither sites are hosted where i work.  

It has been 3 weeks since the server and IP change.  I would hope it would have propogated by now :)

If i go to www.network-tools.com and do a tracert, i can get to the last hop, so i would assume that icmp has not been disabled.

When i do the nslookup, i get this...

C:\WINDOWS\system32>nslookup www.website.com
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.0.1

Non-authoritative answer:
Name:    website.com
Address:  XXX.XXX.XXX.XXX
Aliases:  www.website.com

192.168.0.1 is the IP address of my dns server at work.  The XXX.XXX.XXX.XXX is the correct IP (the new one) of my website.
0
 
LVL 10

Expert Comment

by:neteducation
ID: 13732141
it could be that you have some old entrys in you c:\windows\system32\drivers\etc\hosts in your work-machine. those entries are stronger than your dns-information
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 5

Expert Comment

by:simonenticott
ID: 13732320
Also check in your local DNS to ensure you don't have entries in there with the old IP addresses.

Simon,
0
 
LVL 10

Accepted Solution

by:
Joesmail earned 200 total points
ID: 13735672
If you are getting name resolution (as indicated above).  Try to telnet to www.website.com on port 80

->telnet www.website.com 80

You should see the website's postback html.....
0
 
LVL 10

Expert Comment

by:Joesmail
ID: 13735732
If this dosen't work try telnet to the ip address you resolved above.

->telnet XXX.XXX.XXX.XXX

or open your browser and type the address in the "address bar".

Can you see anything?

If not at this point you will need to find out why you are being blocked by the hosting site?  Since you have already run a trace you know it's not your firewall stopping the traffic unless you are restricting all http traffic to the only the 3 old servers...
0
 
LVL 8

Expert Comment

by:ITDharam
ID: 13736627
So the site resolves to the correct IP address, but when you put that same address in your browser, you get a page that is old?  Most often that is just a matter flushing the cache of your browser, but in this case I doubt it.

Try and ping the name of the website...you won't get a response but it should resolve, and this may help us determine if you have a host file that could be in play here.  If we determine that you don't have the site cached, and you don't have a local host file in use, then I'd start looking at the other places where you think it is working correctly, and just verify that using the same steps you are using at your work.
0
 

Author Comment

by:sbock
ID: 13756684
yes, the website did resolve correctly (to the new IP address).  I keep thinking that i have the site cached somewhere.  Either in my dns server, firewall, or router.  But the odds are that if 2 separate websites change IP addresses and everybody else can get to them, then it is something on my end.
0
 
LVL 10

Expert Comment

by:Joesmail
ID: 13757655
Can you telnet to the ip address as indicateda above.
0
 
LVL 8

Expert Comment

by:ITDharam
ID: 13762955
Well, let's see if we can rule out your network.

From your internet router, try and telnet to the IP in question on port 80.  If you get a connection refused, or other message, that is bad, if the telnet session connects (you may not get any kind of feedback that you've actually connected, you just won't get a message that you didn't connect, then that is good.

Of course, if you can connect from the outside interface, but not from an inside host, then that gives you something to look at.

Despite being able to complete a trace route against www.network-tools.com, ithat doesn't mean you'll be able to complete a traceroute against another domain.  Not only do you have to allow ICMP, which apparently you do, the far side also has to allow ICMP as well.

Is there any chance you are using some kind of proxy server?
0
 

Author Comment

by:sbock
ID: 13979284
I apologize for not posting on this thread.

I am still having the problem.  My ISP says everything is fine.  I can get into the router, do a tracert and ping and they both time out.  I also tried to telnet and that doesn't work either.  Could it be my router?  Does it store dns information?

I am not using a proxy server.

Thanks for all your help.
0
 

Author Comment

by:sbock
ID: 14064699
i was able to figure it out.  I'll split the points to ITDharam and Joesmail for helping me.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question