Unable to access one website from my network: "The connection to the server was reset while the page was loading."

I used to be able to access: mylunchmoney.com from any device on my network. For many months now, I cannot.
1- I've tried from my PC using FF, IE, Chrome (all updated)
2- tried from other PCs, ipad, iphone, my laptop
3- When I connect with my iphone to neighbors wifi (same Optimum online as me) it works so I dont think OOL is blocking their website.
4- I see an outgoing connection in the Router's log (Linksys cisco RV082) :
Jan 6 11:13:27 2012          Connection Accepted          ICMP type 8 code 0 192.168.7.2->66.180.8.198 on ixp1
5- I don't see anything trying to make an incoming connection at all on the incoming log:
Jan 6 11:14:23 2012          Connection Refused - Policy violation          TCP 199.59.163.145:80->24.188.49.109:1234 on ixp1
Jan 6 11:13:23 2012          Connection Refused - Policy violation          TCP 72.14.204.193:443->24.188.49.109:55077 on ixp1
(The incoming traffic should be right in the middle there?
6- I've tried turning off A/V, A/M (MBAM), windows Firewall
7- I've enabled DMZ to point to my PC's IP
8- I've disabled all firewall settings in the router/firewall
9- I was using Dyn DNS's dns servers on my network for some content filtering but I changed that to Google's 8.8.8.8 and 8.8.4.4 dns servers - no joy.

Like I said, it happens on any device on my network so it cant be tied to software on one device. I'm about ready to plug a laptop directly into the cable modem and see if it works just to satisfy my curiosity though.

10- I checked the domain on e-dns.org blacklist report. It came back negative. Not blacklisted.

What am I missing? Is it their website / webserver that doesn't like my network or something? What else can I check?
Next stop... wit's end.
RickNCNAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RickNCNAuthor Commented:
Oh, and I've tried it from other client's PCs on Optimum and RoadRunner and Verizon DSL and it works.
0
RickNCNAuthor Commented:
The system log also shows what the outgoing log shows:
Jan 6 11:13:27 2012          Connection Accepted          ICMP type 8 code 0 192.168.7.2->66.180.8.198 on ixp1

but shows no other record of 66.180.8.198 coming back at me.
0
RickNCNAuthor Commented:
ARRGH!. I should have tried this first, but I plugged a laptop into the cable modem directly and it works. What possible setting in the RV082 could be blocking this website if I've enabled DMZ (pointed it to my PC) and disabled all extra firewall / SPI stuff and it didn't work?
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

RickNCNAuthor Commented:
One interesting thing is that with the laptop connected, it received a 192.168.100.x address from the cable modem, apparently the modem acting as a router/firewall?

With the RV082 connected to the modem, I have the RV082 set for GATEWAY mode, not ROUTER mode, so the WAN1 port on the router shows that it is assigned the public IP from OOL, so the modem must be acting as a BRIDGE?
0
pwindellCommented:
The modem is not going to be both,...it is either bridging,...or it is not.  It is not going to flip back and forth depending on if you plug a laptop into it or not.

The "modem" should be running in Bridge mode only,...you want the thing to be as "stupid as possible" to put that in simple terms.  

Then the RV082 must be running as a full Firewall,...it must NOT be running "bridged".  It MUST have a Public IP# assigned (preferably manually/statically) to its WAN Interface.  It must NOT be running its own DHCP Service because you want that to be done on one of your WIndows Servers (the Domain Controller is the perfect canidate for that).  The RV082 must NOT be running its own DNS or DNS Relay service because all Client need to use the Domain Controller for thier ONLY DNS ans the Domain Controller nees to use some other external DNS as the Forwarder (or leave the Forwarder blank and it will default to Root Hints).

Once all that is done then you will have a properly designed infrastructure to troubleshoot from,...in fact the problem may just "vanish" once all that is done.
0
RickNCNAuthor Commented:
>>The modem is not going to be both,...it is either bridging,...or it is not.  It is not going to flip back and forth depending on if you plug a laptop into it or not.
>>

Yeah, very strange.  But this seems to be what's happening. I was very surprised to see the 192.168.100.XX address on the laptop. I was also more surprised to see that it was working and routing to the Internet. I agree it shouldn't. I've set up and configured, mmm, probably thousands of firewall / routers. Never run across this kind of thing. There must be another explanation for it. I'll double check it to make sure I saw what I thought I saw.

>>The "modem" should be running in Bridge mode only,...you want the thing to be as "stupid as possible" to put that in simple terms.   >>
>>
AFAIK, there's no way to change a Cablevision cable modem from being a dumb bridge to a smart router/firewall. I know Verizon DSL modems do this. I've made the switch over to bridge mode many times on a DSL modem, But cable modems are always bridges, or at least set that way and used that way always. THe RV082 is set to "gateway" mode so it has been assigned the public IP address for my dynamically assigned home cable service. On the RV082, on the "Setup" tab, "WAN Connection type" > "WAN1" is set to "Obtain an IP Automatically"

This is a home system so there is no server or AD.  Therefore, the router *is* acting as DHCP and DNS server. I've also set the dns server IPs under the WAN1 settings so 8.8.8.8 and 8.8.4.4 are given out to every device assigned DHCP addressing by the router.

checking direct-connect laptop again.
0
pwindellCommented:
Ok, sounds good.

I one case I just had to replace the device with something different because neither I nor anyone else (including the tech from the ISP's Support) could ever figure the thing out and get it to behave as we thought it should.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RickNCNAuthor Commented:
I have a feeling that the RV082 is acting flaky. Feelings are not the best things to base a decision on regarding a piece of tech equipment but I can't get any hard facts on these problems. Every so often, client pcs behind the rv082 stop routing to the internet. I think it's usually a dns problem, I can't resolve domains. I have to go into the admin console and make it reset. I have a hunch that it's something to do with my wife's Lenovo laptop from her employer (SAP) and the VPN software they run (maybe). It just seems like when she works from home we have the problem. When she's out of town on business we don't. (also she seems to have trouble with her VPN oftentimes on out network)

This coupled with the other problem.. I think I'll have to ditch it.
 any recommendations on a reasonable dual WAN router/firewall?
0
RickNCNAuthor Commented:
We've had weeks of no router problems and now we have to reboot 4 times a day. We can't pin it to her laptop being on or off the network so that theory is out. It's a nice dual WAN router and I'd hate to get rid of it...
0
pwindellCommented:
This coupled with the other problem.. I think I'll have to ditch it.
 any recommendations on a reasonable dual WAN router/firewall?


I cannot recommend anything.  I do not use consumer grade products like that and don't have any personal familiarity with them beyond the cheap $80 Linksys box I have at home.  The Firewall I have at work cost over $1000 for the software alone and was around $6,000 for the hardware it runs on.   My LAN Router (which has nothing to do with the Internet) we have about $15,000 wrapped up in.  So I just don't deal with things like what you are dealing with.

Are far as a Dual-WAN thing,...when a Dual-WAN is done properly it does not require a "Dual-WAN Firewall" because it is handled upstream of the Firewall by using Dynamic Routing Protocols (like BGP),...and it allows you to keep the same Public IP# no matter which link goes down.   The whole Dual-WAN Firewall idea only has very limited true functionality in real life because of the way the Public IP Range flips when the Line fails-over.
0
RickNCNAuthor Commented:
Well, one more post and then I'm closing this out.

So we've been back to the Internet dropping out every couple of hours and rebooting the router to fix it. I got fed up with it and swapped it out for a Linksys WRT54GSV4. I transferrred all of my settings over and

VOILA: www.mylunchmoney.com popped right up. Unbelievable.

AND furthermore, remember my post about plugging my laptop directly into the router and it got a 192.168.100.xxx address? Well, I watched the new Linksys Router's Setup page and watched the IP address after I restarted my cable modem. Sure enough, it got a 192.168.100. address, but just for a minute or two. I kept watching and all of a sudden it flipped over to a public IP address from Optimum. So that modem is doing some fancy footwork of some kind after a new dhcp client is attached to it.

So, problem solved. I see about 2-3 routers go bad per year. This year, it happened to be one of my own.
0
pwindellCommented:
Very good!
Thanks for the update.
0
RickNCNAuthor Commented:
bingo. sometimes you just have to dump equipment. take your stuff to a recycling place though!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.