Solved

My domain can't access other domain's website

Posted on 2014-03-02
46
535 Views
1 Endorsement
Last Modified: 2014-03-05
Hi experts,

This is a very difficult issue. Or at least it seems like. There is a domain amazingcharts.com, which can be reached via http://amazingcharts or http://www.amazingcharts.com or just www.amazingcharts.com. You can even reach it using .net.

Now here is the issue, and I will try to make it easy to follow.

1. Every other domain or computer I have tried can reach all sites. In other words, I have three friends using their computers or networks, and they can reach the sites. I can reach the sites from my cell phone and from my house using LMI to remote there. So, obviously, the sites are up and running.

2. No computers on my network including the server can access these sites using multiple browsers such as I.E. and Firefox.

3. The same computers can access EVERY other site it tries.

4. I have done a dnsflush on the servers and computers. I have rebooted all computers. I have rebooted the server. I have done an nslookup, although I don't really know what I am looking for. I have rebooted the router and modem. Another office here uses Time-Warner as well, and he can get to the site.

I cannot ping amazingcharts.com
I can ping both google.com and yahoo.com

I am dumbfounded as to why I can't get to the site. I also tried changing the NIC settings so the DNS were the same as Time-Warner.

I appreciate any help.

Bert
1
Comment
Question by:Bert2005
  • 25
  • 13
  • 6
  • +2
46 Comments
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
Is there a router in the office, is there any content filtering enabled.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
There is a Cisco router. There is no content filtering. I did reboot it. I was able to access these sites on Friday. Thanks Miftaul.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Any firewall blocking it?
Is it blocked in the router?
Check the URL filtering.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
There is no Windows firewall blocking it. Nor is it blocked in the router. These are sites I go to ten times per day, if not more. May be my most important sites.

Thanks Cathal.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
If this helps. when I type in a URL, say for yahoo.com into a browser and click submit. It instantly puts that address in the URL field and it shows it is going to that URL just below it.

With these sites, the address that was there stays there, but it does say it is connecting just below it. But, it times out.

Hope that makes sense.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Since no pc can access it then it points to a central point of failure - and that means the router.
Double check it for any IP/URL blocking/filtering
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
OK
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
There was nothing filtered in the content filter. Nothing blocked in the firewall. Nothing blocked in the Windows Firewall.

The only weird thing that should have nothing to do with it was that the date was 2010.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Your computers are on a domain using the server for DNS, which in turn probably uses your ISP for public DNS lookups.  Try on one PC changing the DNS to a totally different DNS server such as Google 8.8.8.8, run ipconfig /flush DNS and try again.  This will cause internal name resolution issues, but just do it as a test to see if it is internal DNS related or the router or ISP blocking the site.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Thanks Rob,

I can get to the Internet such as Yahoo and MSN. But, still not to AC. I will say that it seems faster using Google's DNS.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Can you ping 216.38.63.60

Maybe their server has blocked you...
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Yeah, I had put that in the question only using amazingcharts.com. I am guessing that is the IP address for that domain?

I cannot ping either one of them.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
That is interesting given I can access AC from home and my cell phone.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
I'm guessing your router has a static IP and maybe it is that your IP is blocked.
Wouldn't affect your home etc.

I guess just give them a call and ask...

(Yes that is the IP for the site - rules out any name resolution problems)
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
I see. Well, I will give them a call in the morning. I would think I would be the last person they'd block, but... who knows. And, yes, I do have a static IP.

Thanks. I will call them.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Could be many reasons that their firewall would block you.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
You have mentioned before amazing charts has the ability to blacklist IP's connecting to the site, might you have been blacklisted in error?
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Yes. And, it would have to be in error. I was just talking with the vice-president of sales and operations Friday. :)
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Sorry so late. This is weird. So, I can get in using a proxy site. I did call today, and they said my IP wasn't blocked. But, this was a call to the VP, and I don't think she is that tech savvy. Besides, they could be blocking my domain, correct? Although, most would block my IP or both?

She got back to me via email rather quickly. So, I don't know how thoroughly she checked. Besides, I don't even know why they would block IPs. I asked her to try to ping my IP, but she didn't. The program, an electronic medical record, does phone home to the company. But, I don't know what reason they would have to block an IP.

The only possibility, and this seems like a long shot, is that when I did a Whois, and looked at the domain information, this one guy was the registrant and admin, etc. So, he would be fairly tech savvy. He SORT of has a reason to not like me given the last few months of asking for access to the cpanel of the user board. But, that doesn't seem like a great reason. 1. He just doesn't give it to me, and 2. He doesn't talk to me. And, if he were caught blocking me, he would likely get fired.

This is all too weird. I suppose I could talk to tech support. My guess is they would have more knowledge about how an IP could be blocked.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
VP - yes very likely not tech savy, and very probably does not have immediate access to the server to even check (he's the VP - ask someone else)
They wouldn't be blocking based on the domain, it would be based on the IP - your internal server might be a domain - but you accessing another website wouldn't know that
He SORT of has a reason to not like me given the last few months
don't know what to say about that.
I can get in using a proxy site
This very much indicates your IP is blocked, if it was anything else then even using a proxy IP wouldn't work
We have gone through everything else that may indicate a problem at your end and it is all turning up blank.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Thanks. The irony is, she just emailed and Steven, the guy who may not like me, is heading up the team to look into this. Yes, they said, "Heading up the team."

Yes, talking with support or any one of those who maintain the server would be more proficient than talking with the VP, it's just that it isn't always easy to get hold of them, and I have a very close relationship with the VP. Which means she will likely do everything to figure this out.

The weird thing is, it is their best interest to give me access. I am the user board admin and am responsible for quite a few things on there including approving or declining potential applicants. So, they will have to get some other admin to do it. I can use the proxy, but that is just too clumsy to continue to use.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Don't know what else to say or suggest at this moment...
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Well, I will keep you posted. You have given me a lot of information.

I know I sound pretty naïve, which is why I come here. But, if find that my IP is blocked by their firewall, that would mean that someone would have had to type it in. It doesn't just grab it. Or could they being having a problem with a certain IP and just use two octets or something?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 20

Expert Comment

by:masnrock
Comment Utility
Unless there was a flood of traffic from your IP, it should not be blocked. Generally speaking, yes you would need to specifically block it.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>"I don't even know why they would block IPs."
You mentioned once, in years past, that there is a system in place to see if a user has multiple accounts by checking IP's.  If suspected they are blocked.  I was just wondering if you may have somehow triggered that, obviously in error.

>>"I asked her to try to ping my IP, but she didn't."
Your router will not respond to pings.  It is disabled by default, unless you have enabled it.

You have multiple public IP's, if you really need access you could change the public IP on your router, which would require you update your public DNS.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Not sure on the first. Generally, I, as the admin, get a message from the owner of the board which states there are two people with the same IP. Usually, this is two doctors from the same practice. To be honest, I never knew what to do other than contact both to see what was up. It was mainly in place to make sure someone didn't have two different accounts.

As far as the latter, I thought of that, but everything is working fine with my network, and I would hate to change just due to their error. Not sure, if I can set up another router just for those sites.

I will look further into the first paragraph above. But, I would think if their policy was to block the IP of anyone who had duplicate IPs, then you would expect them to block it in their firewall. And, unknown to those on the thread, Steven said it was not in the firewall. Of course, given his cheery nature, he gave no explanation or ideas for me to troubleshoot it.

@mansrock  Thanks for your input.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
You could set up a separate router. If doing so, on the new router; use a different public IP, disable DHCP, set the LAN to the same subnet as your existing network, different LAN IP of course, then on the PC's or in the primary router add a static route:

route  -p  216.38.63.60  mask  255.255.255.255  192.168.123.123

216.38.63.60   is the IP for Amazing Charts
192.168.123.123   is just an example, the LAN IP of the new router.

This will send just the Amazing Charts traffic via the new router
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Sounds like something you could do over your lunch break and I could do over Thanksgiving weekend, lol.

No, it actually sounds doable.

As you know, given the extra switch and the extra router for the isolated wireless, I would then have a bevy of routers. Is bevy a word.

What does the -p stand for?

As an aside, if I did all that and used the infamous x.98, and it worked, and then two weeks later it was blocked, we would have to assume something fishy was going on. :-)

Thanks Rob.

Oh, and would that router have to be connected to the switch I used to split the two Cisco routers.

Sorry, everyone, I shouldn't get into a whole new question. Last one, I promise.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Yes you would have modem => switch => 3 routers
-p = permanent.  Without it the route is removed upon reboot.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
This is something I should probably throw out there. When I try to access the www.amazingcharts.com the result is:

This page can't be displayed

Is that what one would see if their IP were blocked? Or would it be something like 404 Forbidden?
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Depends on what their server does
Can you do a tracert and see where you are going, from a command prompt.

tracert 216.38.63.60

Should have checked this earlier!
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Tracert.txt

I pasted it into a text and found it to format much better. Opening in a new window is really helpful.


Tracing route to ds.amazingcharts.com [216.38.63.60]
over a maximum of 30 hops:

  1     2 ms     1 ms    <1 ms  192.168.1.1
  2    11 ms     9 ms     9 ms  10.230.208.1
  3    13 ms    10 ms    11 ms  rdc-24-31-156-132.ne.east.twcable.com [24.31.156
.132]
  4    17 ms    15 ms    15 ms  rdc-204-210-69-20.ne.northeast.rr.com [204.210.6
9.20]
  5    41 ms    35 ms    35 ms  rdc-204-210-69-49.ne.northeast.rr.com [204.210.6
9.49]
  6    36 ms    35 ms    36 ms  be46.cr0.nyc30.tbone.rr.com [107.14.19.102]
  7    43 ms    33 ms    33 ms  107.14.17.216
  8    33 ms    33 ms    78 ms  unk-426d072a.adelphiacom.net [66.109.7.42]
  9    32 ms    35 ms    33 ms  xe-8-0-0.cr1.lga5.us.above.net [64.125.21.74]
 10    35 ms    34 ms    35 ms  ae1.cr2.lga5.us.above.net [64.125.29.38]
 11    41 ms    39 ms    41 ms  ae4.cr2.dca2.us.above.net [64.125.26.105]
 12    39 ms    39 ms    43 ms  xe-1-1-0.mpr4.iad1.us.above.net [64.125.31.117]

 13    50 ms    39 ms    39 ms  xe-1-1-0.mpr4.iad2.us.above.net [64.125.31.133]

 14   166 ms    43 ms    42 ms  64.125.195.222.t00883-02.above.net [64.125.195.2
22]
 15    41 ms    39 ms    39 ms  sc-sdv2910.servint.net [209.50.234.200]
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *
0
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
Comment Utility
Yep, the request is being blocked at their server.

They do realise we are talking about the server blocking you and not some kind of login block
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
I would doubt they know much of anything. I am talking to quite a few of them just now.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Well tell them you've traced the connection and as soon as it hits their server it gets refused (as identified by the tracert above)
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
OK.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
How do you find where it is blocked. Or show?
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
sc-sdv2910.servint.net [209.50.234.200] is the last hop before it hits their server.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
I see
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
To clarify.  That in itself doesn't prove Bert2005 is blocked as many servers and routers do not respond to ICMP requests (pings) for security reasons.  But if Cathal or I do a tracert we get a response from amazingcharts.com (216.38.63.60)
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Thanks. I will have to send a tracert from my computer along with one from an unblocked computer to show them it is blocked. I would think that this would convince them it is blocked by their firewall.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
I did a trace from a few servers and that was the last hop before amazingcharts, maybe I am being a bit presumptious in the hops and the tracert, but with everything else it is just pointing to an IP block
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Should be all set now

Vahan
 
IT and Special Projects
650 Ten Rod Road, Suite 12
North Kingstown, RI 02852

________________

Email I received at 11:03 pm. This is the guy I have been somewhat suspicious of for quite awhile. I actually told myself if it were to be fixed, it would very late. Of course, I also thought that if it were clear again, that this would be more evidence against them. After Vahan told AC that the firewall was not blocking me this morning, he now says it isn't. So did he spend all evening working to fix it? I doubt it. My guess is he simply was able to get private access to the firewall and unblocked me.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
So all good now?
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Yep, except for the explanation. I will get back to you when I close the question.
0
 
LVL 1

Author Closing Comment

by:Bert2005
Comment Utility
So many good comments. But, I think the tracert kind of put things in perspective.

Cathal, I really appreciate your help and being patient with me. I'm not very good with this stuff.

Thank you to everyone else who contributed.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now