Unable to access restricted websites - possible firewall issue?
Posted on 2009-02-18
I've got a puzzling problem that I hope someone can help with.
My organisation's Internet access is provided through our connection to the Irish Government Network (IGN)
Two websites that we need to access are restricted to those within the IGN. We were previously able to access these sites (and should still be able to do so) but for the past few months have been unable to do so. I have been liaising with IGN tech support but they say that, as nothing has changed at their end, that it must be a local issue. Nothing (that I am aware of) has changed at this end either. However I just discovered an exception to the rule - I am able to access the restricted websites on one of our client PCs. Having examined all the network settings I can't see anything differant except:
- The primary DNS is differant -actaully incorrect. It is 126.96.36.199 instead of 192.168.10.11. For some reason this seems to work. The alternate DNS server is the same as other clients (this points to the IGN). However, if I change the primary DNS back to 192.168.10.11 then I can no longer accces the restricted websites. If I change the primary DNS on other clients to 188.8.131.52 I can't access any websites.
Things I've tried:
- Using a differant network card with standard default settings
- Turning Windows firewall on/off (normally on for all clients). Makes no differance either way.
- Telnetting to the sites. For one I get blank black screen (indicating a connection) and the other I get "Could not open connection 0: Connect failed"
- A tracerte indicates that the trace for one of these sites is not even getting to our router. It seems like our Firewall may be blocking it but I cannot locate anything in the firewall logs relating to these IP addresses of these websites and, as one client PC CAN access these websites then I don't think it's a firewall issue (I am the only one with access to the firewall and I didn't set/change any rules relating to these sites or the one client that can access the sites)
- Changing the IP address on the working client. The IP address (even though dynamic) is not reserved for this PC and even after releasing/ renewing the address it still works on that one PC.
- All clients are DHCP. No static IP addresses. NAT addressing. We don't use a proxy server.