My domain can't access other domain's website
Hi experts,
This is a very difficult issue. Or at least it seems like. There is a domain amazingcharts.com, which can be reached via http://amazingcharts or http://www.amazingcharts.com or just www.amazingcharts.com. You can even reach it using .net.
Now here is the issue, and I will try to make it easy to follow.
1. Every other domain or computer I have tried can reach all sites. In other words, I have three friends using their computers or networks, and they can reach the sites. I can reach the sites from my cell phone and from my house using LMI to remote there. So, obviously, the sites are up and running.
2. No computers on my network including the server can access these sites using multiple browsers such as I.E. and Firefox.
3. The same computers can access EVERY other site it tries.
4. I have done a dnsflush on the servers and computers. I have rebooted all computers. I have rebooted the server. I have done an nslookup, although I don't really know what I am looking for. I have rebooted the router and modem. Another office here uses Time-Warner as well, and he can get to the site.
I cannot ping amazingcharts.com
I can ping both google.com and yahoo.com
I am dumbfounded as to why I can't get to the site. I also tried changing the NIC settings so the DNS were the same as Time-Warner.
I appreciate any help.
Bert
This is a very difficult issue. Or at least it seems like. There is a domain amazingcharts.com, which can be reached via http://amazingcharts or http://www.amazingcharts.com or just www.amazingcharts.com. You can even reach it using .net.
Now here is the issue, and I will try to make it easy to follow.
1. Every other domain or computer I have tried can reach all sites. In other words, I have three friends using their computers or networks, and they can reach the sites. I can reach the sites from my cell phone and from my house using LMI to remote there. So, obviously, the sites are up and running.
2. No computers on my network including the server can access these sites using multiple browsers such as I.E. and Firefox.
3. The same computers can access EVERY other site it tries.
4. I have done a dnsflush on the servers and computers. I have rebooted all computers. I have rebooted the server. I have done an nslookup, although I don't really know what I am looking for. I have rebooted the router and modem. Another office here uses Time-Warner as well, and he can get to the site.
I cannot ping amazingcharts.com
I can ping both google.com and yahoo.com
I am dumbfounded as to why I can't get to the site. I also tried changing the NIC settings so the DNS were the same as Time-Warner.
I appreciate any help.
Bert
Is there a router in the office, is there any content filtering enabled.
ASKER
There is a Cisco router. There is no content filtering. I did reboot it. I was able to access these sites on Friday. Thanks Miftaul.
Any firewall blocking it?
Is it blocked in the router?
Check the URL filtering.
Is it blocked in the router?
Check the URL filtering.
ASKER
There is no Windows firewall blocking it. Nor is it blocked in the router. These are sites I go to ten times per day, if not more. May be my most important sites.
Thanks Cathal.
Thanks Cathal.
ASKER
If this helps. when I type in a URL, say for yahoo.com into a browser and click submit. It instantly puts that address in the URL field and it shows it is going to that URL just below it.
With these sites, the address that was there stays there, but it does say it is connecting just below it. But, it times out.
Hope that makes sense.
With these sites, the address that was there stays there, but it does say it is connecting just below it. But, it times out.
Hope that makes sense.
Since no pc can access it then it points to a central point of failure - and that means the router.
Double check it for any IP/URL blocking/filtering
Double check it for any IP/URL blocking/filtering
ASKER
OK
ASKER
There was nothing filtered in the content filter. Nothing blocked in the firewall. Nothing blocked in the Windows Firewall.
The only weird thing that should have nothing to do with it was that the date was 2010.
The only weird thing that should have nothing to do with it was that the date was 2010.
Your computers are on a domain using the server for DNS, which in turn probably uses your ISP for public DNS lookups. Try on one PC changing the DNS to a totally different DNS server such as Google 8.8.8.8, run ipconfig /flush DNS and try again. This will cause internal name resolution issues, but just do it as a test to see if it is internal DNS related or the router or ISP blocking the site.
ASKER
Thanks Rob,
I can get to the Internet such as Yahoo and MSN. But, still not to AC. I will say that it seems faster using Google's DNS.
I can get to the Internet such as Yahoo and MSN. But, still not to AC. I will say that it seems faster using Google's DNS.
Can you ping 216.38.63.60
Maybe their server has blocked you...
Maybe their server has blocked you...
ASKER
Yeah, I had put that in the question only using amazingcharts.com. I am guessing that is the IP address for that domain?
I cannot ping either one of them.
I cannot ping either one of them.
ASKER
That is interesting given I can access AC from home and my cell phone.
I'm guessing your router has a static IP and maybe it is that your IP is blocked.
Wouldn't affect your home etc.
I guess just give them a call and ask...
(Yes that is the IP for the site - rules out any name resolution problems)
Wouldn't affect your home etc.
I guess just give them a call and ask...
(Yes that is the IP for the site - rules out any name resolution problems)
ASKER
I see. Well, I will give them a call in the morning. I would think I would be the last person they'd block, but... who knows. And, yes, I do have a static IP.
Thanks. I will call them.
Thanks. I will call them.
Could be many reasons that their firewall would block you.
You have mentioned before amazing charts has the ability to blacklist IP's connecting to the site, might you have been blacklisted in error?
ASKER
Yes. And, it would have to be in error. I was just talking with the vice-president of sales and operations Friday. :)
ASKER
Sorry so late. This is weird. So, I can get in using a proxy site. I did call today, and they said my IP wasn't blocked. But, this was a call to the VP, and I don't think she is that tech savvy. Besides, they could be blocking my domain, correct? Although, most would block my IP or both?
She got back to me via email rather quickly. So, I don't know how thoroughly she checked. Besides, I don't even know why they would block IPs. I asked her to try to ping my IP, but she didn't. The program, an electronic medical record, does phone home to the company. But, I don't know what reason they would have to block an IP.
The only possibility, and this seems like a long shot, is that when I did a Whois, and looked at the domain information, this one guy was the registrant and admin, etc. So, he would be fairly tech savvy. He SORT of has a reason to not like me given the last few months of asking for access to the cpanel of the user board. But, that doesn't seem like a great reason. 1. He just doesn't give it to me, and 2. He doesn't talk to me. And, if he were caught blocking me, he would likely get fired.
This is all too weird. I suppose I could talk to tech support. My guess is they would have more knowledge about how an IP could be blocked.
She got back to me via email rather quickly. So, I don't know how thoroughly she checked. Besides, I don't even know why they would block IPs. I asked her to try to ping my IP, but she didn't. The program, an electronic medical record, does phone home to the company. But, I don't know what reason they would have to block an IP.
The only possibility, and this seems like a long shot, is that when I did a Whois, and looked at the domain information, this one guy was the registrant and admin, etc. So, he would be fairly tech savvy. He SORT of has a reason to not like me given the last few months of asking for access to the cpanel of the user board. But, that doesn't seem like a great reason. 1. He just doesn't give it to me, and 2. He doesn't talk to me. And, if he were caught blocking me, he would likely get fired.
This is all too weird. I suppose I could talk to tech support. My guess is they would have more knowledge about how an IP could be blocked.
VP - yes very likely not tech savy, and very probably does not have immediate access to the server to even check (he's the VP - ask someone else)
They wouldn't be blocking based on the domain, it would be based on the IP - your internal server might be a domain - but you accessing another website wouldn't know that
We have gone through everything else that may indicate a problem at your end and it is all turning up blank.
They wouldn't be blocking based on the domain, it would be based on the IP - your internal server might be a domain - but you accessing another website wouldn't know that
He SORT of has a reason to not like me given the last few monthsdon't know what to say about that.
I can get in using a proxy siteThis very much indicates your IP is blocked, if it was anything else then even using a proxy IP wouldn't work
We have gone through everything else that may indicate a problem at your end and it is all turning up blank.
ASKER
Thanks. The irony is, she just emailed and Steven, the guy who may not like me, is heading up the team to look into this. Yes, they said, "Heading up the team."
Yes, talking with support or any one of those who maintain the server would be more proficient than talking with the VP, it's just that it isn't always easy to get hold of them, and I have a very close relationship with the VP. Which means she will likely do everything to figure this out.
The weird thing is, it is their best interest to give me access. I am the user board admin and am responsible for quite a few things on there including approving or declining potential applicants. So, they will have to get some other admin to do it. I can use the proxy, but that is just too clumsy to continue to use.
Yes, talking with support or any one of those who maintain the server would be more proficient than talking with the VP, it's just that it isn't always easy to get hold of them, and I have a very close relationship with the VP. Which means she will likely do everything to figure this out.
The weird thing is, it is their best interest to give me access. I am the user board admin and am responsible for quite a few things on there including approving or declining potential applicants. So, they will have to get some other admin to do it. I can use the proxy, but that is just too clumsy to continue to use.
Don't know what else to say or suggest at this moment...
ASKER
Well, I will keep you posted. You have given me a lot of information.
I know I sound pretty naïve, which is why I come here. But, if find that my IP is blocked by their firewall, that would mean that someone would have had to type it in. It doesn't just grab it. Or could they being having a problem with a certain IP and just use two octets or something?
I know I sound pretty naïve, which is why I come here. But, if find that my IP is blocked by their firewall, that would mean that someone would have had to type it in. It doesn't just grab it. Or could they being having a problem with a certain IP and just use two octets or something?
Unless there was a flood of traffic from your IP, it should not be blocked. Generally speaking, yes you would need to specifically block it.
>>"I don't even know why they would block IPs."
You mentioned once, in years past, that there is a system in place to see if a user has multiple accounts by checking IP's. If suspected they are blocked. I was just wondering if you may have somehow triggered that, obviously in error.
>>"I asked her to try to ping my IP, but she didn't."
Your router will not respond to pings. It is disabled by default, unless you have enabled it.
You have multiple public IP's, if you really need access you could change the public IP on your router, which would require you update your public DNS.
You mentioned once, in years past, that there is a system in place to see if a user has multiple accounts by checking IP's. If suspected they are blocked. I was just wondering if you may have somehow triggered that, obviously in error.
>>"I asked her to try to ping my IP, but she didn't."
Your router will not respond to pings. It is disabled by default, unless you have enabled it.
You have multiple public IP's, if you really need access you could change the public IP on your router, which would require you update your public DNS.
ASKER
Not sure on the first. Generally, I, as the admin, get a message from the owner of the board which states there are two people with the same IP. Usually, this is two doctors from the same practice. To be honest, I never knew what to do other than contact both to see what was up. It was mainly in place to make sure someone didn't have two different accounts.
As far as the latter, I thought of that, but everything is working fine with my network, and I would hate to change just due to their error. Not sure, if I can set up another router just for those sites.
I will look further into the first paragraph above. But, I would think if their policy was to block the IP of anyone who had duplicate IPs, then you would expect them to block it in their firewall. And, unknown to those on the thread, Steven said it was not in the firewall. Of course, given his cheery nature, he gave no explanation or ideas for me to troubleshoot it.
@mansrock Thanks for your input.
As far as the latter, I thought of that, but everything is working fine with my network, and I would hate to change just due to their error. Not sure, if I can set up another router just for those sites.
I will look further into the first paragraph above. But, I would think if their policy was to block the IP of anyone who had duplicate IPs, then you would expect them to block it in their firewall. And, unknown to those on the thread, Steven said it was not in the firewall. Of course, given his cheery nature, he gave no explanation or ideas for me to troubleshoot it.
@mansrock Thanks for your input.
You could set up a separate router. If doing so, on the new router; use a different public IP, disable DHCP, set the LAN to the same subnet as your existing network, different LAN IP of course, then on the PC's or in the primary router add a static route:
route -p 216.38.63.60 mask 255.255.255.255 192.168.123.123
216.38.63.60 is the IP for Amazing Charts
192.168.123.123 is just an example, the LAN IP of the new router.
This will send just the Amazing Charts traffic via the new router
route -p 216.38.63.60 mask 255.255.255.255 192.168.123.123
216.38.63.60 is the IP for Amazing Charts
192.168.123.123 is just an example, the LAN IP of the new router.
This will send just the Amazing Charts traffic via the new router
ASKER
Sounds like something you could do over your lunch break and I could do over Thanksgiving weekend, lol.
No, it actually sounds doable.
As you know, given the extra switch and the extra router for the isolated wireless, I would then have a bevy of routers. Is bevy a word.
What does the -p stand for?
As an aside, if I did all that and used the infamous x.98, and it worked, and then two weeks later it was blocked, we would have to assume something fishy was going on. :-)
Thanks Rob.
Oh, and would that router have to be connected to the switch I used to split the two Cisco routers.
Sorry, everyone, I shouldn't get into a whole new question. Last one, I promise.
No, it actually sounds doable.
As you know, given the extra switch and the extra router for the isolated wireless, I would then have a bevy of routers. Is bevy a word.
What does the -p stand for?
As an aside, if I did all that and used the infamous x.98, and it worked, and then two weeks later it was blocked, we would have to assume something fishy was going on. :-)
Thanks Rob.
Oh, and would that router have to be connected to the switch I used to split the two Cisco routers.
Sorry, everyone, I shouldn't get into a whole new question. Last one, I promise.
Yes you would have modem => switch => 3 routers
-p = permanent. Without it the route is removed upon reboot.
-p = permanent. Without it the route is removed upon reboot.
ASKER
This is something I should probably throw out there. When I try to access the www.amazingcharts.com the result is:
This page can't be displayed
Is that what one would see if their IP were blocked? Or would it be something like 404 Forbidden?
This page can't be displayed
Is that what one would see if their IP were blocked? Or would it be something like 404 Forbidden?
Depends on what their server does
Can you do a tracert and see where you are going, from a command prompt.
tracert 216.38.63.60
Should have checked this earlier!
Can you do a tracert and see where you are going, from a command prompt.
tracert 216.38.63.60
Should have checked this earlier!
ASKER
Tracert.txt
I pasted it into a text and found it to format much better. Opening in a new window is really helpful.
Tracing route to ds.amazingcharts.com [216.38.63.60]
over a maximum of 30 hops:
1 2 ms 1 ms <1 ms 192.168.1.1
2 11 ms 9 ms 9 ms 10.230.208.1
3 13 ms 10 ms 11 ms rdc-24-31-156-132.ne.east.
.132]
4 17 ms 15 ms 15 ms rdc-204-210-69-20.ne.north
9.20]
5 41 ms 35 ms 35 ms rdc-204-210-69-49.ne.north
9.49]
6 36 ms 35 ms 36 ms be46.cr0.nyc30.tbone.rr.co
7 43 ms 33 ms 33 ms 107.14.17.216
8 33 ms 33 ms 78 ms unk-426d072a.adelphiacom.n
9 32 ms 35 ms 33 ms xe-8-0-0.cr1.lga5.us.above
10 35 ms 34 ms 35 ms ae1.cr2.lga5.us.above.net [64.125.29.38]
11 41 ms 39 ms 41 ms ae4.cr2.dca2.us.above.net [64.125.26.105]
12 39 ms 39 ms 43 ms xe-1-1-0.mpr4.iad1.us.abov
13 50 ms 39 ms 39 ms xe-1-1-0.mpr4.iad2.us.abov
14 166 ms 43 ms 42 ms 64.125.195.222.t00883-02.a
22]
15 41 ms 39 ms 39 ms sc-sdv2910.servint.net [209.50.234.200]
16 * * * Request timed out.
17 * * * Request timed out.
18 * *
I pasted it into a text and found it to format much better. Opening in a new window is really helpful.
Tracing route to ds.amazingcharts.com [216.38.63.60]
over a maximum of 30 hops:
1 2 ms 1 ms <1 ms 192.168.1.1
2 11 ms 9 ms 9 ms 10.230.208.1
3 13 ms 10 ms 11 ms rdc-24-31-156-132.ne.east.
.132]
4 17 ms 15 ms 15 ms rdc-204-210-69-20.ne.north
9.20]
5 41 ms 35 ms 35 ms rdc-204-210-69-49.ne.north
9.49]
6 36 ms 35 ms 36 ms be46.cr0.nyc30.tbone.rr.co
7 43 ms 33 ms 33 ms 107.14.17.216
8 33 ms 33 ms 78 ms unk-426d072a.adelphiacom.n
9 32 ms 35 ms 33 ms xe-8-0-0.cr1.lga5.us.above
10 35 ms 34 ms 35 ms ae1.cr2.lga5.us.above.net [64.125.29.38]
11 41 ms 39 ms 41 ms ae4.cr2.dca2.us.above.net [64.125.26.105]
12 39 ms 39 ms 43 ms xe-1-1-0.mpr4.iad1.us.abov
13 50 ms 39 ms 39 ms xe-1-1-0.mpr4.iad2.us.abov
14 166 ms 43 ms 42 ms 64.125.195.222.t00883-02.a
22]
15 41 ms 39 ms 39 ms sc-sdv2910.servint.net [209.50.234.200]
16 * * * Request timed out.
17 * * * Request timed out.
18 * *
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I would doubt they know much of anything. I am talking to quite a few of them just now.
Well tell them you've traced the connection and as soon as it hits their server it gets refused (as identified by the tracert above)
ASKER
OK.
ASKER
How do you find where it is blocked. Or show?
sc-sdv2910.servint.net [209.50.234.200] is the last hop before it hits their server.
ASKER
I see
To clarify. That in itself doesn't prove Bert2005 is blocked as many servers and routers do not respond to ICMP requests (pings) for security reasons. But if Cathal or I do a tracert we get a response from amazingcharts.com (216.38.63.60)
ASKER
Thanks. I will have to send a tracert from my computer along with one from an unblocked computer to show them it is blocked. I would think that this would convince them it is blocked by their firewall.
I did a trace from a few servers and that was the last hop before amazingcharts, maybe I am being a bit presumptious in the hops and the tracert, but with everything else it is just pointing to an IP block
ASKER
Should be all set now
Vahan
IT and Special Projects
650 Ten Rod Road, Suite 12
North Kingstown, RI 02852
________________
Email I received at 11:03 pm. This is the guy I have been somewhat suspicious of for quite awhile. I actually told myself if it were to be fixed, it would very late. Of course, I also thought that if it were clear again, that this would be more evidence against them. After Vahan told AC that the firewall was not blocking me this morning, he now says it isn't. So did he spend all evening working to fix it? I doubt it. My guess is he simply was able to get private access to the firewall and unblocked me.
Vahan
IT and Special Projects
650 Ten Rod Road, Suite 12
North Kingstown, RI 02852
________________
Email I received at 11:03 pm. This is the guy I have been somewhat suspicious of for quite awhile. I actually told myself if it were to be fixed, it would very late. Of course, I also thought that if it were clear again, that this would be more evidence against them. After Vahan told AC that the firewall was not blocking me this morning, he now says it isn't. So did he spend all evening working to fix it? I doubt it. My guess is he simply was able to get private access to the firewall and unblocked me.
So all good now?
ASKER
Yep, except for the explanation. I will get back to you when I close the question.
ASKER
So many good comments. But, I think the tracert kind of put things in perspective.
Cathal, I really appreciate your help and being patient with me. I'm not very good with this stuff.
Thank you to everyone else who contributed.
Cathal, I really appreciate your help and being patient with me. I'm not very good with this stuff.
Thank you to everyone else who contributed.