Solved

Strange problem can not access specific website.

Posted on 2006-06-20
66
658 Views
Last Modified: 2008-01-09
Hi,
There is a specific website that my client can not browse to.  The website is www.goldenone.com
There are approximately 15 computers behind a pix firewall and a cisco 2524 router and none of the computers including the domain controller and mail server can go to this site.
If I do nslookup I get:
C:\Documents and Settings\Administrator>nslookup www.goldenone.com
Server:  srv1.fakedomain.com
Address:  172.22.10.20

Non-authoritative answer:
Name:    goldenone.com
Address:  63.80.202.32
Aliases:  www.goldenone.com

C:\Documents and Settings\Administrator>ping www.goldenone.com

Pinging goldenone.com [63.80.202.32] with 32 bytes of d

Reply from 63.145.241.33: Destination host unreachable.
Reply from 63.145.241.33: Destination host unreachable.
Reply from 63.145.241.33: Destination host unreachable.
Reply from 63.145.241.33: Destination host unreachable.
If I put the IP address into the browser, I still get timed out.
I have tried putting 4.2.2.2 into one of the workstations as dns server and still can not go to sit.
Is it possible that they are blocking our IP?
Is there a way to tell if a website is blocking your IP?
Thanks,
Laura
0
Comment
Question by:lizardqueen007
  • 38
  • 22
  • 4
  • +1
66 Comments
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16948917
Also, We seem to have no problem going to other sites and the mail server is working well.
0
 
LVL 7

Expert Comment

by:sunilcomputer
ID: 16948989
Greetings lizardqueen007 ,

If they are blocking your IP you can use any public proxy to test it.

Choose any public proxy from the list
http://www.proxy4free.com/page1.html

In your browser just configure proxy IP and Port then open any working site (ex. www.experts-exchange.com) to check proxy's working state then open www.goldenone.com

This time they will get proxy's IP instead of yours and it may not be blocked.

(Some Proxies may be down or having heavy traffic so try 3 - 4 proxies to get a working one)

Hope this help
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949021
As far as I can see it is nothing you can do specifically.  The router at 63.145.241.33 is as far as it's got which I presume is on the internet and not your own external address, in which case there is a routing problem which can only be solved by the ISP's involved.

But as sunilcomputer says you may be able to get around it using a public proxy as then you talk to the proxy and the proxy talks to the remote site (if it can get to it too).

Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949057
sunilcomputer,
The page www.goldenone.com DOES display through a proxy!
Are you sure this means they are blocking our IP?
It seems to be true, but I am not sure if changing proxy doesn't change more than just IP.
I am not doubting you, but I need to be sure before I shoot off my mouth.
Thank you Laura
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949120
See above.  63.145.241.33 is mail.us.embeddedsol.com, is that you?

Try tracert www.goldenone.com to see where it stops.  If it is after the first internet IP then there is a routing issue at the ISP as above.  You are getting host unreachable from that router which means it doesn't know how to get any further towards the host.

Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949144
dragon-it,
I'm just trying to understand exactly what it means that I can go the the site through a proxy, but not directly.
You say a routing problem?  Please explain if you would.
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949172
dragon-it,
Tracing route to goldenone.com [63.80.202.32]
over a maximum of 30 hops:

  1     4 ms     2 ms     4 ms  mail.us.embeddedsol.com [63.145.241.33]
  2  mail.us.embeddedsol.com [63.145.241.33]  reports: Destination host unreacha
ble.

Trace complete.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949180
When you are using a proxy you are talking directly to that proxy and that proxy does the job of talking to the rest of the world for you.  As fasr you are concerned you only talk to the proxy and the website only sees the proxy talking to it, not you, effectively you have an extra level of anonminty (can't for the life of me work out how to spell that at the moment but you get the idea).

When you connect without the proxy you need an end to end connection between you and the web server and it sounds like there is a break somwhere along the way in the routing, though the routing between the proxy you chose and the webserver is clearly OK.


Try a tracert and see how far it gets.
Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949190
dragon-it,
here is another tracert to google.
Tracing route to www.l.google.com [66.102.7.147]
over a maximum of 30 hops:

  1     2 ms     3 ms     2 ms  mail.us.embeddedsol.com [63.145.241.33]
  2     5 ms     7 ms     5 ms  svl-edge-12.inet.qwest.net [63.145.225.245]
  3     5 ms     5 ms     5 ms  svl-core-01.inet.qwest.net [205.171.14.133]
  4     5 ms     5 ms     6 ms  pax-edge-01.inet.qwest.net [205.171.214.30]
  5     5 ms     5 ms     5 ms  72.165.46.26
  6     7 ms     6 ms     6 ms  66.249.94.14
  7     8 ms    17 ms     7 ms  66.249.94.227
  8     6 ms     6 ms  ^C
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949222
Ok so 63.145.241.33 is you then, just a guess but check your router's IP address and subnet details if they are manually entered.  Maybe you have a subnet mask of 255.0.0.0 or something or there is a static route defined wrongly in there.

As a matter of interest can you get to :

ping 63.145.241.1
ping 63.90.1.1

both of which ping from here OK.

Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949227
dragon-it,
please see above your last post for tracert to goldenone.com
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949232
(our posts crossed before).
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949259
dragon-it,
I can not ping either of those two ips
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949286
Dragon-it,
Remember before I mess with the router too much that I can go to every other site that I have tried.
0
 
LVL 7

Expert Comment

by:sunilcomputer
ID: 16949287
On the webserver where the site is actually hosted they can chack the following and block you using any of them :-

1. The Client's  Operating System
2. Client's Brower and It's version
3. Client's ISP's IP (Your Internet Service Provider's IP) (May be Static or Dynamic Doesn't Matter)
4. Using advance programming they can read your MAC Address HDD Serial, Your Workgroup etc.

But some Proxies have the Capabiliy to change above info and make fool of them.

Most of the time ISP's IP is the Key, So one good option is just use any other ISP's Internet Connection at one machine inside your network (Ex. Dialup Connection from Different ISP) then Do not use any public proxy and then try to open www.goldenone.com.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949312
Then as they are on the same IP range 63.x.x.x as your router I suggest you check it's settings.  I imagine the subnet mask will be set to 255.0.0.0 or possible 255.254.0.0 rather than the correct setting.  Post the router ip, default gateway and subnet mask if you can please.
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949320
sunilcomputer,
we have legitamate reasons to go to this site, so if I can find the cause perhaps I can call IT and have them unblock, but before I accuse them I would like to know all possibilities.  If it's a problem with ISP then I would have them make changes if possible.
Laua
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949330
He is not getting to the remote webserver.  He isn't getting beyond his router.


Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949341
dragon-it, I would rather not post router config if possible since I probably already revealed more than I should.  Perhaps if you as, I can tell you what the settings are.  I am pretty sure that the subnet is correct, at least it is the subnet the isp gave me.   255.255.255.224 external block of 30 addresses with one static going to web server.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949344
If you are not IT I would ask them to check if they can ping these hosts from their router and then if not ask them to find out why not...
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949349
Funny thing tho tracert to google works.  So are you saying the problem might be that goldenones ip and ours are similar?
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949361
I can try ping from router.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949383
Fair enough.  Posts cross again.. Can you PING the server involved or other IP's from your router?

Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949389
Here is a ping from router:

router>ping www.goldenone.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 63.80.202.32, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949396
<<So are you saying the problem might be that goldenones ip and ours are similar?>>

I was but if your subnet mask is correct that should be OK.  Just strange you can't ping various other IPs on the 63.x range that I picked at random and could ping...

Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949400
router>ping www.google.com
Translating "www.google.com"...domain server (4.2.2.2) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.102.7.104, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949413
I will check subnet mask
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949418
What about the other two IP's or try various addresses in the 63.x range.   Does your router do trace route too?
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949427
Here is from router config
Serial0 is up, line protocol is up
  Hardware is HD64570 with FT1 CSU/DSU
  Internet address is 63.145.225.xxx  255.255.255.252
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949443
Thanks, that loojks fine. No other interfaces with a stray 63.x address I presume or similar entry in routing table?

0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949457
Only two interfaces
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949474
Bizarre then!  Might be worth contacting your ISP to check if they can get to those IP ranges too in which case it would narrow it down to your router config.  If you don't mind posting your config. by email you'll find my email in my profile -- obviously strip out any passwords etc :-)
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949476
Although I am confuse because the ISP said subnet should be /27 so is 252 correct?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949493
I guess /27 is the internal subnet
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949495
No if you are sure it is /27 then it should be 255.255.255.224 so maybe you can't get to a gateway it needs to...
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949501
ok dragon-it leep of faith I will mail config
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949502
crossed again :-)
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949532
the config has been sent thanks
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949596
dragon-it,
All those access-list deny entries are for spamming jerks that were trying to use the mail server.  No open relay, but still they try.
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949668
Hey dragon-it,
I need to go, but please let me know via email your thoughts and then we can post so as not to be rude to exchane community who are so helpful.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949678
Not a Cisco expert but I don't see any issues in there unfortunately.  Think it may be time to talk to your ISP.  You could quickly turn off your anit-spam deny access group rule to see if somehow one of these is kicking in but I think not.

Have you tried a tracert from the router to se eif it is getting anywhere for those IP's.

Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949702
no
but I will
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949719
Here is the traceroute for google and goldenone.  I think now it's obvious that they are not blocking me it's closer up the line somewhere.
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949746
Router#traceroute www.google.com
Translating "www.google.com"...domain server (4.2.2.2) [OK]

Type escape sequence to abort.
Tracing the route to www.l.google.com (66.102.7.99)

  1 svl-edge-12.inet.qwest.net (63.145.225.245) 4 msec 8 msec 4 msec
  2 svl-core-02.inet.qwest.net (205.171.14.129) 8 msec 4 msec 8 msec
  3 pax-edge-01.inet.qwest.net (205.171.214.34) 4 msec 4 msec 8 msec
  4 72.165.46.26 4 msec 8 msec 4 msec
  5 66.249.94.12 8 msec
    66.249.94.14 8 msec 12 msec
  6 66.249.94.226 4 msec
    66.249.94.227 8 msec 8 msec
  7  *  *  *
  8  *  *  *
  9 www.l.google.com (66.102.7.99) 8 msec 4 msec 4 msec
Router#traceroute www.goldenone.com

Type escape sequence to abort.
Tracing the route to goldenone.com (63.80.202.32)

  1  *  *  *
  2  *  *  *
  3  *  *  *
  4  *  *  *
yada yada yada
 30  *  *  *
Router#
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949762
To be honest, I don't give a @#$% about goldenone.com, but as I was explaining to my client how the network was fixed, he pulls this one out.  Plus this is a puzzle that will drive me crazy if I don't get to the bottom.
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949768
What is it about this website???!!!
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949778
The last time I spoke to qwest about our dns problems, they assured me that everything is great on there end.  I wish I had another client using qwest to see if they are the problem.  It makes me nuts that so many ISPs won't admit to fault.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949882
It does seem you are not even hitting the default route.  I would suggest you go back to them armed with a copy of your config. file from the router and a link to this Q.  Think I've run out of ideas for now!
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16949907
I am out of ideas on our end also, but dragon-it you helped me narrow it down, and I appreciate.  I will make sure you get   some points for the effort.  Take care,
Laura
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16949931
No problem, sorry I couldn't solve the problem but keep plugging away at the ISP and get them to test.

Steve
0
 
LVL 32

Expert Comment

by:jhance
ID: 16950299
It is no wonder that you can't contact www.goldenone.com.  They are offline as far as I can tell:

C:>ping www.goldenone.com

Pinging goldenone.com [63.80.202.32] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 63.80.202.32:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16950357
jhance,
They are NOT offline.  I can reach them from several other computers from different ISPs, but this is interesting.  You are having trouble also?
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16950364
If I might ask jhance, who is your ISP.  The one that is having trouble is qwest.
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16950387
Besides, jhance as you can see by the posts, it seems as though the failure to connect is very close to me in the path, which makes me suspect the ISP.
0
 
LVL 32

Expert Comment

by:jhance
ID: 16950418
My ISP is Insight Broadband (insightbb.com) from here.  I believe they use Sprint as their backbone provider.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16950433
jhance, how far do you get with a tracert?  I can ping it from here in the UK from my PDA over t-mobile GPRS network?
0
 
LVL 32

Expert Comment

by:jhance
ID: 16950481
06/21/06 07:52:16 Fast traceroute www.goldenone.com
Trace www.goldenone.com (63.80.202.32) ...
 1 XX.XX.XX.X       0ms    0ms    0ms  TTL:  0  (dhcp-xx-xx-xx-x.insightbb.com probable bogus rDNS: No DNS)
 2   No Response      *      *      *                
 3 74.132.0.157      8ms    7ms    7ms  TTL:  0  (No rDNS)
 4 74.132.0.93      11ms   11ms   10ms  TTL:  0  (No rDNS)
 5 74.128.8.105     18ms   11ms    9ms  TTL:  0  (No rDNS)
 6 4.78.214.21      31ms   35ms   31ms  TTL:  0  (so-3-1-0.gar2.atlanta1.level3.net ok)
 7 4.68.127.178     33ms   51ms   34ms  TTL:  0  (uunet-level3-oc48.atlanta1.level3.net ok)
 8 152.63.86.170    33ms   36ms   32ms  TTL:  0  (0.so-4-0-0.XL1.ATL4.ALTER.NET ok)
 9 152.63.53.249    97ms   98ms   97ms  TTL:  0  (0.so-7-0-0.xl1.sac1.alter.net ok)
10 152.63.53.238    96ms   97ms   96ms  TTL:  0  (0.so-3-0-0.XR1.SAC1.ALTER.NET ok)
11 152.63.51.77     97ms   96ms   97ms  TTL:  0  (185.atm7-0.gw1.sac1.alter.net ok)
12   No Response      *      *      *                
13   No Response      *      *      *                
14   No Response      *      *      *                
15   No Response      *      *      *                
16   No Response      *      *      *                
17   No Response      *      *      *                
18   No Response      *      *      *                
19   No Response      *      *      *                
20   No Response      *      *      *                
21   No Response      *      *      *                
22   No Response      *      *      *                
23   No Response      *      *      *                
24   No Response      *      *      *                
25   No Response      *      *      *                
26   No Response      *      *      *                
27   No Response      *      *      *                
28   No Response      *      *      *                
29   No Response      *      *      *                
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16950916
I have posted tracerts, please take a look.
0
 
LVL 32

Expert Comment

by:jhance
ID: 16951670
Best I can tell, the site www.goldone.com is OFFLINE.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16951809
Actually I now get "destination net not reachable" too from 63.80.202.32 (which is supposed to be the server IP ??!!)  so there are definetly routing issues with those IP ranges at the moment.

Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16953691
So........goldenone.com has problems?  Th e site is definitely ONLINE I can verify this as we speak by going to the site from various other computers.  wierd!  I don't know what to think now.  Maybe their pointers are wrong?

This is a tracert from another location.
Tracing route to goldenone.com [63.80.202.32]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.11.1.1
  2     *        *        *     Request timed out.
  3     7 ms    31 ms    20 ms  GE-1-1-ur02.hayward.ca.sfba.comcast.net [68.87.1
96.145]
  4     9 ms     9 ms    11 ms  10g-8-2-ar01.oakland.ca.sfba.comcast.net [68.87.
192.90]
  5    14 ms    11 ms     9 ms  68.87.226.134
  6    51 ms    12 ms   214 ms  12.118.38.5
  7   115 ms     9 ms    10 ms  tbr1-p010802.sffca.ip.att.net [12.123.12.66]
  8   164 ms   116 ms   225 ms  ggr2-p300.sffca.ip.att.net [12.123.13.190]
  9   226 ms   262 ms   164 ms  att-gw.ashburn.eli.net [192.205.32.74]
 10   105 ms    12 ms    62 ms  0.so-2-0-0.XL2.SCL2.ALTER.NET [152.63.57.102]
 11   244 ms   194 ms    15 ms  0.so-7-0-0.XL2.SAC1.ALTER.NET [152.63.54.9]
 12    14 ms    14 ms   185 ms  0.so-3-0-0.XR2.SAC1.ALTER.NET [152.63.54.2]
 13    78 ms    25 ms   174 ms  184.ATM6-0.GW1.SAC1.ALTER.NET [152.63.51.81]
 14  golden1-gw.customer.alter.net [157.130.214.246]  reports: Destination net u
nreachable.

Trace complete.
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16953793
If you use this public proxy 200.79.192.12 port 80, you can get to the goldenone.com website.
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16958337
So that's it? No one has anything definite to add.  Please where is the problem?  Us, our ISP, or the website?
Thank you, I'm counting one of you brilliant network gurus.
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 16958377
The website is fine byt he sound of it.  The problem is somwhere with routing inbetween.  It is effecting different people in different ways so it infers the issue is with IP routing which is with the / an ISP or the internet in general.  It could be some ISP's are getting to it fine, not others.  What does your ISP say?

The site is working for me at the moment from t-mobile GPRS internet on my PDA.  Comes up with Access your Account login box.

Steve
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16960307
Thanks for all the help Steve, I will try to ask ISP.  
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16960468
No problem, sorry I couldn't help in the end as such.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now