Unable to access one website from my network: "The connection to the server was reset while the page was loading."
I used to be able to access: mylunchmoney.com from any device on my network. For many months now, I cannot.
1- I've tried from my PC using FF, IE, Chrome (all updated)
2- tried from other PCs, ipad, iphone, my laptop
3- When I connect with my iphone to neighbors wifi (same Optimum online as me) it works so I dont think OOL is blocking their website.
4- I see an outgoing connection in the Router's log (Linksys cisco RV082) :
Jan 6 11:13:27 2012 Connection Accepted ICMP type 8 code 0 192.168.7.2->66.180.8.198 on ixp1
5- I don't see anything trying to make an incoming connection at all on the incoming log:
Jan 6 11:14:23 2012 Connection Refused - Policy violation TCP 199.59.163.145:80->24.188.
Jan 6 11:13:23 2012 Connection Refused - Policy violation TCP 72.14.204.193:443->24.188.
(The incoming traffic should be right in the middle there?
6- I've tried turning off A/V, A/M (MBAM), windows Firewall
7- I've enabled DMZ to point to my PC's IP
8- I've disabled all firewall settings in the router/firewall
9- I was using Dyn DNS's dns servers on my network for some content filtering but I changed that to Google's 8.8.8.8 and 8.8.4.4 dns servers - no joy.
Like I said, it happens on any device on my network so it cant be tied to software on one device. I'm about ready to plug a laptop directly into the cable modem and see if it works just to satisfy my curiosity though.
10- I checked the domain on e-dns.org blacklist report. It came back negative. Not blacklisted.
What am I missing? Is it their website / webserver that doesn't like my network or something? What else can I check?
Next stop... wit's end.
1- I've tried from my PC using FF, IE, Chrome (all updated)
2- tried from other PCs, ipad, iphone, my laptop
3- When I connect with my iphone to neighbors wifi (same Optimum online as me) it works so I dont think OOL is blocking their website.
4- I see an outgoing connection in the Router's log (Linksys cisco RV082) :
Jan 6 11:13:27 2012 Connection Accepted ICMP type 8 code 0 192.168.7.2->66.180.8.198 on ixp1
5- I don't see anything trying to make an incoming connection at all on the incoming log:
Jan 6 11:14:23 2012 Connection Refused - Policy violation TCP 199.59.163.145:80->24.188.
Jan 6 11:13:23 2012 Connection Refused - Policy violation TCP 72.14.204.193:443->24.188.
(The incoming traffic should be right in the middle there?
6- I've tried turning off A/V, A/M (MBAM), windows Firewall
7- I've enabled DMZ to point to my PC's IP
8- I've disabled all firewall settings in the router/firewall
9- I was using Dyn DNS's dns servers on my network for some content filtering but I changed that to Google's 8.8.8.8 and 8.8.4.4 dns servers - no joy.
Like I said, it happens on any device on my network so it cant be tied to software on one device. I'm about ready to plug a laptop directly into the cable modem and see if it works just to satisfy my curiosity though.
10- I checked the domain on e-dns.org blacklist report. It came back negative. Not blacklisted.
What am I missing? Is it their website / webserver that doesn't like my network or something? What else can I check?
Next stop... wit's end.
ASKER
The system log also shows what the outgoing log shows:
Jan 6 11:13:27 2012 Connection Accepted ICMP type 8 code 0 192.168.7.2->66.180.8.198 on ixp1
but shows no other record of 66.180.8.198 coming back at me.
Jan 6 11:13:27 2012 Connection Accepted ICMP type 8 code 0 192.168.7.2->66.180.8.198 on ixp1
but shows no other record of 66.180.8.198 coming back at me.
ASKER
ARRGH!. I should have tried this first, but I plugged a laptop into the cable modem directly and it works. What possible setting in the RV082 could be blocking this website if I've enabled DMZ (pointed it to my PC) and disabled all extra firewall / SPI stuff and it didn't work?
ASKER
One interesting thing is that with the laptop connected, it received a 192.168.100.x address from the cable modem, apparently the modem acting as a router/firewall?
With the RV082 connected to the modem, I have the RV082 set for GATEWAY mode, not ROUTER mode, so the WAN1 port on the router shows that it is assigned the public IP from OOL, so the modem must be acting as a BRIDGE?
With the RV082 connected to the modem, I have the RV082 set for GATEWAY mode, not ROUTER mode, so the WAN1 port on the router shows that it is assigned the public IP from OOL, so the modem must be acting as a BRIDGE?
The modem is not going to be both,...it is either bridging,...or it is not. It is not going to flip back and forth depending on if you plug a laptop into it or not.
The "modem" should be running in Bridge mode only,...you want the thing to be as "stupid as possible" to put that in simple terms.
Then the RV082 must be running as a full Firewall,...it must NOT be running "bridged". It MUST have a Public IP# assigned (preferably manually/statically) to its WAN Interface. It must NOT be running its own DHCP Service because you want that to be done on one of your WIndows Servers (the Domain Controller is the perfect canidate for that). The RV082 must NOT be running its own DNS or DNS Relay service because all Client need to use the Domain Controller for thier ONLY DNS ans the Domain Controller nees to use some other external DNS as the Forwarder (or leave the Forwarder blank and it will default to Root Hints).
Once all that is done then you will have a properly designed infrastructure to troubleshoot from,...in fact the problem may just "vanish" once all that is done.
The "modem" should be running in Bridge mode only,...you want the thing to be as "stupid as possible" to put that in simple terms.
Then the RV082 must be running as a full Firewall,...it must NOT be running "bridged". It MUST have a Public IP# assigned (preferably manually/statically) to its WAN Interface. It must NOT be running its own DHCP Service because you want that to be done on one of your WIndows Servers (the Domain Controller is the perfect canidate for that). The RV082 must NOT be running its own DNS or DNS Relay service because all Client need to use the Domain Controller for thier ONLY DNS ans the Domain Controller nees to use some other external DNS as the Forwarder (or leave the Forwarder blank and it will default to Root Hints).
Once all that is done then you will have a properly designed infrastructure to troubleshoot from,...in fact the problem may just "vanish" once all that is done.
ASKER
>>The modem is not going to be both,...it is either bridging,...or it is not. It is not going to flip back and forth depending on if you plug a laptop into it or not.
>>
Yeah, very strange. But this seems to be what's happening. I was very surprised to see the 192.168.100.XX address on the laptop. I was also more surprised to see that it was working and routing to the Internet. I agree it shouldn't. I've set up and configured, mmm, probably thousands of firewall / routers. Never run across this kind of thing. There must be another explanation for it. I'll double check it to make sure I saw what I thought I saw.
>>The "modem" should be running in Bridge mode only,...you want the thing to be as "stupid as possible" to put that in simple terms. >>
>>
AFAIK, there's no way to change a Cablevision cable modem from being a dumb bridge to a smart router/firewall. I know Verizon DSL modems do this. I've made the switch over to bridge mode many times on a DSL modem, But cable modems are always bridges, or at least set that way and used that way always. THe RV082 is set to "gateway" mode so it has been assigned the public IP address for my dynamically assigned home cable service. On the RV082, on the "Setup" tab, "WAN Connection type" > "WAN1" is set to "Obtain an IP Automatically"
This is a home system so there is no server or AD. Therefore, the router *is* acting as DHCP and DNS server. I've also set the dns server IPs under the WAN1 settings so 8.8.8.8 and 8.8.4.4 are given out to every device assigned DHCP addressing by the router.
checking direct-connect laptop again.
>>
Yeah, very strange. But this seems to be what's happening. I was very surprised to see the 192.168.100.XX address on the laptop. I was also more surprised to see that it was working and routing to the Internet. I agree it shouldn't. I've set up and configured, mmm, probably thousands of firewall / routers. Never run across this kind of thing. There must be another explanation for it. I'll double check it to make sure I saw what I thought I saw.
>>The "modem" should be running in Bridge mode only,...you want the thing to be as "stupid as possible" to put that in simple terms. >>
>>
AFAIK, there's no way to change a Cablevision cable modem from being a dumb bridge to a smart router/firewall. I know Verizon DSL modems do this. I've made the switch over to bridge mode many times on a DSL modem, But cable modems are always bridges, or at least set that way and used that way always. THe RV082 is set to "gateway" mode so it has been assigned the public IP address for my dynamically assigned home cable service. On the RV082, on the "Setup" tab, "WAN Connection type" > "WAN1" is set to "Obtain an IP Automatically"
This is a home system so there is no server or AD. Therefore, the router *is* acting as DHCP and DNS server. I've also set the dns server IPs under the WAN1 settings so 8.8.8.8 and 8.8.4.4 are given out to every device assigned DHCP addressing by the router.
checking direct-connect laptop again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have a feeling that the RV082 is acting flaky. Feelings are not the best things to base a decision on regarding a piece of tech equipment but I can't get any hard facts on these problems. Every so often, client pcs behind the rv082 stop routing to the internet. I think it's usually a dns problem, I can't resolve domains. I have to go into the admin console and make it reset. I have a hunch that it's something to do with my wife's Lenovo laptop from her employer (SAP) and the VPN software they run (maybe). It just seems like when she works from home we have the problem. When she's out of town on business we don't. (also she seems to have trouble with her VPN oftentimes on out network)
This coupled with the other problem.. I think I'll have to ditch it.
any recommendations on a reasonable dual WAN router/firewall?
This coupled with the other problem.. I think I'll have to ditch it.
any recommendations on a reasonable dual WAN router/firewall?
ASKER
We've had weeks of no router problems and now we have to reboot 4 times a day. We can't pin it to her laptop being on or off the network so that theory is out. It's a nice dual WAN router and I'd hate to get rid of it...
This coupled with the other problem.. I think I'll have to ditch it.
any recommendations on a reasonable dual WAN router/firewall?
I cannot recommend anything. I do not use consumer grade products like that and don't have any personal familiarity with them beyond the cheap $80 Linksys box I have at home. The Firewall I have at work cost over $1000 for the software alone and was around $6,000 for the hardware it runs on. My LAN Router (which has nothing to do with the Internet) we have about $15,000 wrapped up in. So I just don't deal with things like what you are dealing with.
Are far as a Dual-WAN thing,...when a Dual-WAN is done properly it does not require a "Dual-WAN Firewall" because it is handled upstream of the Firewall by using Dynamic Routing Protocols (like BGP),...and it allows you to keep the same Public IP# no matter which link goes down. The whole Dual-WAN Firewall idea only has very limited true functionality in real life because of the way the Public IP Range flips when the Line fails-over.
any recommendations on a reasonable dual WAN router/firewall?
I cannot recommend anything. I do not use consumer grade products like that and don't have any personal familiarity with them beyond the cheap $80 Linksys box I have at home. The Firewall I have at work cost over $1000 for the software alone and was around $6,000 for the hardware it runs on. My LAN Router (which has nothing to do with the Internet) we have about $15,000 wrapped up in. So I just don't deal with things like what you are dealing with.
Are far as a Dual-WAN thing,...when a Dual-WAN is done properly it does not require a "Dual-WAN Firewall" because it is handled upstream of the Firewall by using Dynamic Routing Protocols (like BGP),...and it allows you to keep the same Public IP# no matter which link goes down. The whole Dual-WAN Firewall idea only has very limited true functionality in real life because of the way the Public IP Range flips when the Line fails-over.
ASKER
Well, one more post and then I'm closing this out.
So we've been back to the Internet dropping out every couple of hours and rebooting the router to fix it. I got fed up with it and swapped it out for a Linksys WRT54GSV4. I transferrred all of my settings over and
VOILA: www.mylunchmoney.com popped right up. Unbelievable.
AND furthermore, remember my post about plugging my laptop directly into the router and it got a 192.168.100.xxx address? Well, I watched the new Linksys Router's Setup page and watched the IP address after I restarted my cable modem. Sure enough, it got a 192.168.100. address, but just for a minute or two. I kept watching and all of a sudden it flipped over to a public IP address from Optimum. So that modem is doing some fancy footwork of some kind after a new dhcp client is attached to it.
So, problem solved. I see about 2-3 routers go bad per year. This year, it happened to be one of my own.
So we've been back to the Internet dropping out every couple of hours and rebooting the router to fix it. I got fed up with it and swapped it out for a Linksys WRT54GSV4. I transferrred all of my settings over and
VOILA: www.mylunchmoney.com popped right up. Unbelievable.
AND furthermore, remember my post about plugging my laptop directly into the router and it got a 192.168.100.xxx address? Well, I watched the new Linksys Router's Setup page and watched the IP address after I restarted my cable modem. Sure enough, it got a 192.168.100. address, but just for a minute or two. I kept watching and all of a sudden it flipped over to a public IP address from Optimum. So that modem is doing some fancy footwork of some kind after a new dhcp client is attached to it.
So, problem solved. I see about 2-3 routers go bad per year. This year, it happened to be one of my own.
Very good!
Thanks for the update.
Thanks for the update.
ASKER
bingo. sometimes you just have to dump equipment. take your stuff to a recycling place though!
ASKER