Solved

Some Websites blocked on Network - DNS?

Posted on 2008-06-20
25
551 Views
Last Modified: 2011-10-19
There are some websites that we can't go to from any PC or from the Server.  There is nothing blocked in the router.  I disabled the firewall and still couldn't get to some websites (unless I needed to reboot the server and/or router to effect this change???)

From a cmd window I can ping wildblue.net and I get a response.

If I use NSLOOPUP this is what i get:

Server: Wildblue.net
Addresses:  66.249.81.121
                    64.233.179.121
                    72.14.207.121

          DNS Request Timed Out
          Timeout was 2 seconds
  ****Request to wildblue.net  timed out

I can not go to the website using any of the listed IP addresses

Can anyone tell me what is wrong?

Thanks in advance
         
0
Comment
Question by:wndata
  • 11
  • 10
  • 4
25 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21835085
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21835087
To make sure that this is not a DNS related issue:

Try to add the following line to c:\windows\system32\drivers\etc\hosts:

66.249.81.121 wildblue.net

Save this file and try to connect with your browser again.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21835089

Oops, didn't realise that kind was quite so huge. Horrible thing, sorry about that.

Chris
0
 

Author Comment

by:wndata
ID: 21849183
I will try these suggestions tomorrow and report back!

Thanks!
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21865165
Any updates on this one?
0
 

Author Comment

by:wndata
ID: 21867891
Hello again,

I checked aggreisser's suggestion and added the line to the host's file.  No joy.

I couldn't use the link supplied by Chris-Dent because it is from the wildblue site.  I will try it from another computer.   I did try opening port 8443 in the router but there was no change in the behavior.

In case its of any help, that system uses a linksys router BEFSX41.

Thanks!

Anne
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21868160
OK, then can you try to telnet to that port? By doing this we would definetly know if it's a connection issue or something else.

Start -> Run -> cmd

telnet www.wildblue.net 80
<Enter>
<Enter>
You should be able to press enter multiple times (quit by writing "QUIT" and press Enter multiple times after that).

Then try to connect to the myaccounts site:

telnet myaccount.wildblue.net 8443
<Enter>
<Enter>
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21868437

Running Tracert to myaccount.wildblue.net would be interesting as well. Just in case, that's:

tracert myaccount.wildblue.net

All hops and the destination respond to ICMP, which helps :)

Chris
0
 

Author Comment

by:wndata
ID: 21868639
Okay - I am scheduled to be back at that office tomorrow and I will try your suggestions.

I was giving this more thought and I came up with something that might have something to do with this problem.  Another tech set up VPN access and, of course, made several changes in Port Forwarding in the router.  This inability to go to websites did not coincide with his VPN setup but I wonder if these websites are now trying to use one of the ports he redirected.  Possible?  If so,  I will get into the router on Thursday and tell you what the setup is.

Thanks very much!

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21868713

Yep, it is possible. Especially considering this particular web site feels the need to use 8443 instead of the default ports.

Chris
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21868723
That mostly depends on what kind of router is working at your office.
Nowadays, in times of stateful packet filtering, no ports should be wrongly redirected anymore (especially not the usual reply ports above 1024, but we'll see when you get to your router).
0
 

Author Comment

by:wndata
ID: 21877193
Agriesser - I was able to telnet www.wildblue.net. 80.  It connected and I could press Enter without popping out to a DOS prompt.    QUIT and Enter several got me out.

When I tried telnet myaccount.wildblue.net 8443:  I got an underscore prompt but when I pressed Enter a couple of times it popped out to a DOS prompt.

I don't know much about port triggers so I may not have 8443 open.  I will attach a screen shot of the Forwarding page, the Port Triggering page and the UPnP Forwarding page from the router.

Perhaps you can tell me if something I or the guy that setup the VPN did is wrong.

Thanks so much!
Forwarding-Screen.doc
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:wndata
ID: 21877262
Chris-Dent

Here is the tracert to myaccount.wildblue.net.  Looks like it gets there but...
It looks a little funky when I paste the text in this window so I will also attach the text file.

Tracing route to myaccount.wildblue.net [64.106.208.167]

over a maximum of 30 hops:



  1    62 ms    61 ms    61 ms  10.34.2.1

  2    61 ms    60 ms    60 ms  so-0-1-1-0.CORE-RTR1.CHI01.verizon-gni.net [130.81.16.100]

  3    61 ms    61 ms    61 ms  so-7-2-0-0.BB-RTR1.CHI01.verizon-gni.net [130.81.20.56]

  4    61 ms    61 ms    61 ms  0.so-0-0-0.XT1.CHI4.ALTER.NET [152.63.0.229]

  5    85 ms    85 ms    85 ms  0.so-7-1-0.XL1.EWR6.ALTER.NET [152.63.16.193]

  6    85 ms    85 ms    84 ms  POS6-0.GW1.EWR17.ALTER.NET [152.63.28.82]

  7    85 ms    85 ms    86 ms  datapipe-gw.customer.alter.net [157.130.254.162]

  8    86 ms    85 ms    85 ms  vl12.dist1-4.ewr.datapipe.net [64.106.128.22]

  9    87 ms    87 ms   202 ms  vl61.dist1-2.smq.datapipe.net [64.106.128.236]

 10    86 ms    87 ms    85 ms  64.106.208.167



Trace complete.


tracert.txt
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21877313
Try to delete the http 8443 port triggering for testing purposes.
0
 
LVL 14

Accepted Solution

by:
agriesser earned 125 total points
ID: 21877333
Or try to change it to read https 8443 8443.
0
 

Author Comment

by:wndata
ID: 21877363
Okay - then try the telnet again ?
0
 

Author Comment

by:wndata
ID: 21877378
I changed the entry to https and tried the telnet myaccount.wildblue.net 8443 - it was same as before.

0
 
LVL 14

Expert Comment

by:agriesser
ID: 21877485
Try to access the site with your webbrowser now. The telnet command was just a debugging thing.
In the end, you should be able to access this site with your webbrowser, so do the modifications as suggested above and after each modification, try to browse to this website.
0
 

Author Comment

by:wndata
ID: 21877550
Agriesser - Whoohoo! - I can go to myaccount.wildblue.net!  I will have the other users try the other unreachable websites but maybe it's fixed!  I'll award you the points and lots of appreciation from me for your help!

0
 

Author Closing Comment

by:wndata
ID: 31469330
Thanks again!
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21877679
If it's not absolutely necessary, try to remove this entry.

If another site has to be accessed with http://aaa.com:443 it will fail again.
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21877700
Sorry, I meant http://aaa.com:8443
0
 

Author Comment

by:wndata
ID: 21877789
Sorry ... not sure what you mean.
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21877852
The problem is that with the old configuration, the router accepted only http traffic to port 8443 (whyever this was configured that way).
myaccount.wildblue.net used an SSL connection (https) on port 8443 to work properly and the route recognized, that the traffic directed to port 8443 on the other end was not HTTP but HTTPS and therefore the connection didn't work out.

If you now change it to https 8443 8443, it allows for outgoing HTTPS traffic to port 8443, but if you ever encounter a webiste which URL is http://somesite.com:8443, it refuses again to load on your clients, because it isn't  HTTPS (that's what the router would have expected).

I don't know why this port triggering configuration has been established in your environment, but I'd roll that issue up with the guy who setup this VPN and ask him about the details why this configuration has been made.

You will definetly be more flexible if you simply remove this line in case of troubles.
If it's desired to control what traffic goes to what port, it's perfectly fine, but please keep in mind (read: write down) what you need to do in such a case because the same issue might arise in the future again.
0
 

Author Comment

by:wndata
ID: 21877952
I would like to follow up on your detailed explanation to make sure I understand but I am about to be late to another appointment.  I think I have a question but don't have time to really read your post.  If it's okay I will read it again later and respond.  Thanks!

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now