Can't access certain sites

If you are on cable, then it's not MTU. If you can ping but you can't HTTP or FTP, do you have a firewall application on either/both computers?

Can you get to other websites at the hosting company - like their support page?

What happens if you browse to the IP address instead of the domain name?

If you can browse to other sites, but you can't reach ANY sites hosted at the vendors location, including their support site, then you need to call them - it sounds like their webserver has stopped or something has compromised their offerings.

Maybe then this server has problems. Or it can be a problem with your site - i.e., this could be the problem that the MTU is configured too big (if I'm right, that you're having a DSL connection or something like that).

Yours, VB.

Rock wrote in news:43541ded$0$20378$afc38c87 @news.optusnet.com.au:

I had a similar kind of problem with my WatchGuard SOHO 6 where the machines just would not connect to certain sites. I noticed the problem when the ISP went through some kind of maintained/diagnostics on their network. Yes, I got on the phone with them and we went around and around with them telling me the problem was on my end. It wasn't on my end and I knew it. It was with the DHCP IP from them that was the problem. So, finally, finally after several phone calls with the ISP Tech Support, I convinced them to give me a new IP and they did it and the problems went away with them saying it must be something with the IP and it would be disabled and looked into whatever that means.

Duane :)

Then this perhaps is a filtering problem. Anything is filtering out traffic in between your site and the Websites.

Which sites we're talking about?

Yours, VB.

This sounds like a routing problem.

Yours, VB.

Hi this is a strange one.

I have an XP computer going through a Netgear WGT624 Gateway/router to a LAN hub and our other computers.

Also attached to that Gateway/router is an Optus cable modem to the net.

Our web IP number is DHCP from Optus.

I have had no problems getting to the web until 2 days ago.

Whilst all computers on the LAN can access 99.99% of the web, there are some sites that we cannot get to. They all sit on the same Linux server at an ISP data building and they all have the same IP number there.

The ISP says they have no blocks on our computer or gateway IP and that they have flushed their firewall in case. They say it must be my firewall or other problem.

Optus cable also say they have no blocks and can get to those sites from their end so it must be in my set up.

I have turned off the modem, gateway and computer in that order then on again, yet I still have the same DHCP served IP number and still the same problem.

The only thing I can think of that happened around the time of it falling over, is I received a new DHCP number. Seemingly from then on I have this problem, altho' this is only guessing.

Is there any help please?

Thanks

Rock

Thanks,

My connection is via cable and the server I am trying to reach has many of my sites on it using the same IP number. I cannot http or ftp to that IP number.

In NeoTrace I can ping to the number and get to the site names okay.

Thanks

Rock

The answers from a very confused person..

No I don't have any extra firewalls on any of the XP boxes on the LAN.

No I can't get to any of their sites including support let alone my own sites on my hired server.

Same thing browsing to the IP number - it times out.

I can get to everything okay outside of my LAN thru my Dial Up laptop but not through my gateway.

I appreciate all the suggestions.. thank you.

I will lower the MTU to see that as well.

Rock

No it didn't nmake any difference. Thanks

i.e. not a DNS problem

Probably not a routing issue - but ping (ICMP) and DNS (UDP) are not the same as grabbing the web page (TCP). Does the windoze version of ping have a packet size option? If so, try packet sizes of 1450, 1480, and 1500 (the latter is the "default" size of "large" packets on the Internet).

's OK - you seem to have hit one of the more interesting ones.

It would _really_ be helpful to have a packet dump (ethereal or equal) of the packet connection.

OK

No - he can get to the sites on dialup - but not through his cable ISP. I think this have been identified as optusnet.com.au. I wonder if this might be 'ECN' (Explicit Congestion Notification). Short explanation:

The Linux 2.4.0 kernel added ECN by default. This changes the flags in the TCP header (see RFC3168). Some routers _still_ haven't been updated to understand this 2001 change, and drop packets with this flag set without a trace.

To the O/P: Ask the hosting company to turn off ECN (syntax "echo 0 > /proc/sys/net/ipv4/tcp_ecn" and there is no need to reboot). See if that makes the difference.

If this fixes the problem, the cause is a router between the hosting company and your cable setup - could be _anywhere_ between the endpoints - that hasn't had it's software updated in the past 3 years. You could attempt to use traceroute (or TRACERT) to compare the route taken by the packets from the hosting company to the dialin and the cable box.

Old guy

Well, what you could do if the ISP has a static IP and static DNS IP(s) is take the router out of its DHCP setup and use those static IP(s) in an attempt to prove that there is nothing wrong with the router. Then if you switch the router back to DHCP IP mode and get the same IP from the ISP and again you have the problem, then you might be able to prove your point.

If this is done on some kind MAC authentication with the ISP and the router can clone a MAC or has the MAC cloning feature, then clone the MAC of the computer's NIC that you got a good connection (another DHCP IP was issued) into the router and see if the router gets a different IP.

I think you're talking to a low-level Support person that doesn't know what he or she is talking about and you need to get pissed about it like I did with my ISP and escalate the issue to someone higher. It's BS that the ISP cannot issue a new IP to the router while it's connected to their network. My ISP gave me the same song and dance and I finally went off on them and took it higher up the chain and I got that new IP from them while the WG firewall appliance was connected to their network using DHCP to obtain an IP from the ISP.

Dis you re-flash the router with the current version of the firmware it is using? That too has cleared problems where machines behind the router couldn't access certain sites.

Duane :)

Change the MAC address on your routers WAN interface and you will be issued a different IP right away - you will have to cycle power on the unit first.

Thank you guys for all your help. This is an update..

I called Optus again.. got the same guy.. He told they could get to the sites and that it must either be my host or my router setup.

My host flushed their firewalls and said they had no block on my IPs and all other clients are fine, so check with Optus again or check my setup.

With NeoTrace I could ping all sites and their shared IP number fine altho' I noticed all packets were dropped at Node 8 of a 9 node route to the server. That IP is 61.88.151.54. The ping halted there every time for a while then went off to the last node without the 2 packets it dropped.

I called Optus again and told them this. They said it was not there concern and no one else had complained about that IP #. It still must be my problem. Suggested I unplug the router and go cable modem direct to a XP box which I did.

I got a new DHCP IP number of course and could get to all my sites fine. I tried NeoTrace again to see if that 61. IP halted the ping again. It didn't as the ping screamed thru at 1000 miles an hour.

So, there must be something at that IP # that doesn't like the DHCP ID that is causing my problems.

I called Optus again... same guy (?) and he said they could do nothing.. and after all I got a new IP anyway. Leave the router off for 24 hours the reconnect and it will get a new number too.

I did that for 26 hours but when I started everything up again with the router reconnected, I am still stuck with that same bloddy IP number that is causing me the problems and guess what? I can't get to my sites again!

I am up to here about this! I cannot get any glee from Optus, my host can't do anything from his end and I am here with a router that is stuck with a DHCP IP number which I can't seem to change.

Any help please?

Thanks

A very very frustrated 'Rock'. :)

No problem we are here to help.

Duane :)

Thanks Duane..

Boy I was pissed and asked to go higher but he just said there is no higher. If it went on much longer I would have definately gone up the food chain.

Yes as you said.. the firmware..

Well I decided I would update the firmware to the latest and reset the router then closed everything down for a couple of hours.

When I rebooted the modem, for 30 mins the the router the the XP box with the Netgear program on it.

Whammo - At last I got my new IP !

Seems like the 2-3 mins they talk about between the modem and the router turn on was not enough as I had done this 4 or 5 times with no result. Maybe the firmware up helped and then I'm sure the reset cleared any reference to the old IP.

Anyway - I'm back in air!

Thanks for your help - you're a charm!

Rock :)

You don't - you make one up and use it. The MAC only goes as far as the first network device it's connected to.

If you change the MAC to something, only the router/modem it's connected to will care. If you were to change the MAC on a large network it might be a problem, but what you're doing should not matter than much.

How do you make sure you choose a unique MAC address? Who do you register that MAC address with to make sure it doesn't get assigned to someone else?

Andrew

It doesn't really matter *that* much -- you just have to be unique among the devices connecting to whatever your next hop router is, because that's the only thing that will see the MAC. You could take the first 6 digits from the device that worked and leave the last 6 the same, that would identify your router's NIC as coming from the same manufacturer as the device that worked.

Another trick if you just want them to be different but are very concerned about being unique, would be to swap MACs from your inside and outside interfaces. That way, from the world's point of view you are consuming the same unique MACs, but the router will see a different number come by.

-Russ.