1720 Router issue ?

Hi: Our Qwest T-1 service was down for about 48 hours until just a few hours ago. Our access to the outside worl is fine, but those outside don't seem to be able to hit our site, at

formatting link

Qwest says that all is fine. Network guy is out on a family emergency.

Suggestions for testing?

Thanks.

Reply to
topbs1
Loading thread data ...

When I do a traceroute to the 1720, I get:

traceroute: Warning: Multiple interfaces found; using 132.249.21.59 @ bge0:1 traceroute to 204.132.247.254 (204.132.247.254), 30 hops max, 40 byte packets 1 lightning.sdsc.edu (132.249.20.6) 0.478 ms 0.382 ms 0.216 ms 2 piranha.sdsc.edu (132.249.30.8) 0.344 ms 0.382 ms 0.326 ms 3 inet-lax-isp--sdsc-sdsc2-ge.cenic.net (137.164.24.205) 3.851 ms

4.108 ms 4.107 ms 4 4.71.128.5 (4.71.128.5) 4.101 ms 4.031 ms 3.973 ms 5 ae-2-56.bbr2.LosAngeles1.Level3.net (4.68.102.161) 4.346 ms ae-2-52.bbr2.LosAngeles1.Level3.net (4.68.102.33) 4.424 ms ae-2-56.bbr2.LosAngeles1.Level3.net (4.68.102.161) 4.349 ms 6 as-2-0.bbr2.SanJose1.Level3.net (4.68.128.157) 15.910 ms 15.720 ms ae-0-0.bbr1.SanJose1.Level3.net (64.159.1.129) 13.714 ms 7 so-6-0-0.edge1.SanJose1.Level3.net (209.244.3.138) 26.568 ms 14.516 ms so-7-0-0.edge1.SanJose1.Level3.net (209.244.3.142) 14.508 ms 8 Qwest-Level3-oc48.SanJose1.Level3.net (209.245.146.230) 14.603 ms 16.698 ms 16.460 ms 9 205.171.214.137 (205.171.214.137) 14.210 ms 16.552 ms 16.575 ms 10 * * * 11 205.171.10.90 (205.171.10.90) 51.276 ms 51.153 ms 50.890 ms 12 65.112.201.54 (65.112.201.54) 55.392 ms * 54.964 ms

The last IP is the Routers Serial0 IP

Reply to
topbs1

I can get to that serial IP address but not your web site. Looks more like a local issue.

Chris.

Reply to
chris

Reply to
topbs1
  1. formatting link
    resolves to IP address 204.132.247.5

  1. Using Qwest looking glass (
    formatting link
    can also traceroute to

Qwest IP Network Statistics Looking Glass

Traceroute to 204.132.247.5 from mcc-engr-01.inet.qwest.net

traceroute: Warning: ckecksums disabled traceroute to 204.132.247.5 (204.132.247.5), 30 hops max, 40 byte packets 1 66.77.78.66 (66.77.78.66) 1.116 ms 0.767 ms 0.721 ms 2 cntr-01.mcc.qwest.net (63.150.176.1) 0.726 ms 0.753 ms 0.635 ms 3 205.171.214.9 (205.171.214.9) 3.613 ms 3.662 ms 3.598 ms 4 67.14.1.214 (67.14.1.214) 29.531 ms 29.468 ms 130.636 ms 5 205.171.10.90 (205.171.10.90) 29.284 ms 29.313 ms 29.449 ms 6 65.112.201.54 (65.112.201.54) 33.136 ms 33.053 ms 33.102 ms 7 * * * 8 * * *

from the router with IP address 66.112.201.54 tryin g pinging address

204.132.247.5
Reply to
Merv

OK. Tried Ping'ing 204.132.247.5 from the Router.

5 attempts, 0 success.

Merv wrote:

Reply to
topbs1

You really aren't giving us much info. What we can see on the outside is that your connectivity appears to be working, packets get to your router. It seems to be an issue localized to your router or to your internal network beyond the router.

What we'd need to know more about is do do NAT on the router? Do you have an internal firewall? Is the webserver plugged into the network and answering locally? Is the firewall still properly configured?

Ie. its all a guessing game right now with everybody taking pot shots at what you might have for a configuration. Could be a hundred different things, and most of it requires more knowledge of the inside of your network.

Reply to
Doug McIntyre

I'll do my best.

  1. do do NAT on the router? I'm not certain. How can I determine?
  2. Do you have an internal firewall? Yes, A Cisco PIX 515
  3. Is the webserver plugged into the network and answering locally? YES
  4. Is the firewall still pr> snipped-for-privacy@gmail.com writes:
Reply to
topbs1

If you have a firewall further down the line, its unlikely the router is running NAT.

Can you normally ping the webserver? I remember you saying that you can't now from the router. That would indicate the firewall isn't passing the traffic on.

You could try connecting to your webserver from the router.

(ie. # telnet 123.123.123.123 www Trying 123.123.123.123, 80 ... Open

So, the webserver here on IP 123.123.123.123 is responding on port80.

Other that that, it probably is something beyond what we can do posting on Usenet going back and forth, you might need to bring in somebody local to look at your network.

Reply to
Doug McIntyre

I just tested it, and it came in fine. Of course, I'm 24 hours late in answering your question.

It may have been that during the outage, the DNS entry on Quest's servers got cleared. It usually takes about 48 hours to propagate dns entries throught the internet.

Reply to
nobody

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.