Weird problem, only one port, 80, is blocked. - Networking

This is a discussion on Weird problem, only one port, 80, is blocked. - Networking ; Hi there, This started last Friday, incoming ADSL traffic on port 80 stopped. So I contact the ISP and they say there's no block, after some days today we find they can get to my port 80 only from the ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Weird problem, only one port, 80, is blocked.

  1. Weird problem, only one port, 80, is blocked.

    Hi there,

    This started last Friday, incoming ADSL traffic on port 80 stopped.
    So I contact the ISP and they say there's no block, after some days
    today we find they can get to my port 80 only from the same CIDR
    block (123.2.0.0/15).

    What could cause this? The ISP are clueless.

    I added port 8080 for the web server and that works, as does ftp
    and other low port protocols. But the normal hits from search
    engines and the odd visitor has completely stopped.

    The ADSL modem is bridged to linux box, so it's not a forwarding
    issue, plus I bypassed some existing iptables firewall rules with
    new rules for 80 + 8080 so they follow same path.

    Thanks,
    Grant.
    --
    http://bugsplatter.id.au/

  2. Re: Weird problem, only one port, 80, is blocked.

    On Mon, 29 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
    article , Grant wrote:

    >This started last Friday, incoming ADSL traffic on port 80 stopped.
    >So I contact the ISP and they say there's no block, after some days
    >today we find they can get to my port 80 only from the same CIDR
    >block (123.2.0.0/15).
    >
    >What could cause this? The ISP are clueless.


    Tracing to your posting address port 80, I loose it in Melbourne:

    12 tengigabitethernet8-1.lon55.melbourne.telstra.net (203.50.80.65)
    319.114 ms 309.174 ms 309.141 ms
    13 dodoau7.lnk.telstra.net (139.130.205.18) 309.124 ms 309.282 ms
    309.554 ms
    14 * * *
    15 * * *
    16 * * *

    while a trace to the same address port 8080 continues

    14 dodomel-lns002-ge3-4-2.core.dodo.com.au (123.2.0.43) 319.122 ms
    319.140 ms 319.545 ms
    15 123-2-77-8.static.dsl.dodo.com.au (123.2.77.8) [open] 348.964 ms
    339.390 ms 339.297 ms

    Obviously dodoau7.lnk.telstra.net or dodomel-lns002-ge3-4-2.core.dodo.com.au
    is dropping port 80 inbound. Does your contract with Dodo Oz Pty say
    that you are to have such access? If so, raise hell with them.

    Old guy

  3. Re: Weird problem, only one port, 80, is blocked.

    On Mon, 29 Sep 2008 15:03:39 -0500, ibuprofin@painkiller.example.tld (Moe Trin) wrote:

    >On Mon, 29 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
    >article , Grant wrote:
    >
    >>This started last Friday, incoming ADSL traffic on port 80 stopped.
    >>So I contact the ISP and they say there's no block, after some days
    >>today we find they can get to my port 80 only from the same CIDR
    >>block (123.2.0.0/15).
    >>
    >>What could cause this? The ISP are clueless.

    >
    >Tracing to your posting address port 80, I loose it in Melbourne:
    >
    >12 tengigabitethernet8-1.lon55.melbourne.telstra.net (203.50.80.65)
    > 319.114 ms 309.174 ms 309.141 ms
    >13 dodoau7.lnk.telstra.net (139.130.205.18) 309.124 ms 309.282 ms
    > 309.554 ms
    >14 * * *
    >15 * * *
    >16 * * *
    >
    >while a trace to the same address port 8080 continues
    >
    >14 dodomel-lns002-ge3-4-2.core.dodo.com.au (123.2.0.43) 319.122 ms
    > 319.140 ms 319.545 ms
    >15 123-2-77-8.static.dsl.dodo.com.au (123.2.77.8) [open] 348.964 ms
    > 339.390 ms 339.297 ms
    >
    >Obviously dodoau7.lnk.telstra.net or dodomel-lns002-ge3-4-2.core.dodo.com.au
    >is dropping port 80 inbound. Does your contract with Dodo Oz Pty say
    >that you are to have such access? If so, raise hell with them.


    Hey thanks for that, things looking gloomy yesterday as they trying to
    blame my linux + bridged modem setup. Yes I'm allowed to run servers,
    been with ISP for four years and had web + ftp server up for most of ]
    that time.

    A bit of good news overnight is that another dodo customer noticed the
    same problem and answered my query on a local forum, same symptoms, and
    they're running IIS 6.0.

    What did you use to trace port 80? tcptraceroute?

    Dodo tech seem to have no tools, they're a windoze based company, I'm
    only there for the cheap ADSL plan

    Your trace shows what I've been trying to tell them since Friday, it
    isn't my end playing up, thanks again for this evidence

    Grant.
    --
    http://bugsplatter.id.au/

  4. Re: Weird problem, only one port, 80, is blocked.

    Em Segunda, 29 de Setembro de 2008 23:19, Grant escreveu:
    > What did you use to trace port 80? tcptraceroute?
    >
    > Dodo tech seem to have no tools, they're a windoze based company, I'm
    > only there for the cheap ADSL plan


    Hi, i use this site to test firewalls, it show us what ports we have open
    and acessible... maybe this can help you, maybe not... the intention is
    good

    https://www.grc.com/x/ne.dll?bh0bkyd2

    good luck to you

  5. Re: Weird problem, only one port, 80, is blocked.

    I have the same problem since Fri. The thing is that I run my web
    server on mac. Dodo didnt give me any response to my question. I had
    to do a webhops with dyn DNS but in this case some ads are put on the
    top of my webpage
    Dacian

  6. Re: Weird problem, only one port, 80, is blocked.

    On Tue, 30 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
    article , Grant wrote:

    >ibuprofin@painkiller.example.tld (Moe Trin) wrote:


    >>Obviously dodoau7.lnk.telstra.net or dodomel-lns002-ge3-4-2.core.dodo.com.au
    >>is dropping port 80 inbound. Does your contract with Dodo Oz Pty say
    >>that you are to have such access? If so, raise hell with them.


    >Hey thanks for that, things looking gloomy yesterday as they trying to
    >blame my linux + bridged modem setup. Yes I'm allowed to run servers,
    >been with ISP for four years and had web + ftp server up for most of ]
    >that time.


    OK - I only looked at those two ports, but the results are quite
    obvious. Either dodomel-lns002-ge3-4-2.core.dodo.com.au (most likely)
    or dodoau7.lnk.telstra.net (possible) is silently discarding packets to
    port 80. There were no ICMP errors returned.

    >What did you use to trace port 80? tcptraceroute?


    Yup - that's what it's designed for. You can also use hping2, hping3,
    or nmap to do the same thing. Some ISPs don't like you using those
    type of tools though.

    >Dodo tech seem to have no tools, they're a windoze based company, I'm
    >only there for the cheap ADSL plan


    Melbourne? There are alternatives.

    >Your trace shows what I've been trying to tell them since Friday, it
    >isn't my end playing up, thanks again for this evidence


    Glad to help.

    Old guy

  7. Re: Weird problem, only one port, 80, is blocked.

    On Mon, 29 Sep 2008 23:59:28 -0500, ibuprofin@painkiller.example.tld (Moe Trin) wrote:

    >On Tue, 30 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
    >article , Grant wrote:
    >
    >>ibuprofin@painkiller.example.tld (Moe Trin) wrote:

    >
    >>>Obviously dodoau7.lnk.telstra.net or dodomel-lns002-ge3-4-2.core.dodo.com.au
    >>>is dropping port 80 inbound. Does your contract with Dodo Oz Pty say
    >>>that you are to have such access? If so, raise hell with them.

    >
    >>Hey thanks for that, things looking gloomy yesterday as they trying to
    >>blame my linux + bridged modem setup. Yes I'm allowed to run servers,
    >>been with ISP for four years and had web + ftp server up for most of ]
    >>that time.

    >
    >OK - I only looked at those two ports, but the results are quite
    >obvious. Either dodomel-lns002-ge3-4-2.core.dodo.com.au (most likely)
    >or dodoau7.lnk.telstra.net (possible) is silently discarding packets to
    >port 80. There were no ICMP errors returned.


    I seriously doubt my ISP know the difference between tracert, traceroute
    and tcptraceroute, anyway they fixed it after myself and another customer
    put up web pages showing the tcptraceroute results for 80 vs 8080 from:

    http://serversniff.net/tcptrace.php

    plus numerous phone calls both of us trying to explain to them the nature
    of the issue and where to go look for the discarded packets.

    Fixed now, just had to convince the ISP to go look again at the border
    routers, apparently it was the telstra.net machine discarding the traffic.

    Grant.
    --
    http://bugsplatter.id.au/

  8. Re: Weird problem, only one port, 80, is blocked.

    On Wed, 01 Oct 2008, in the Usenet newsgroup comp.os.linux.networking, in
    article , Grant wrote:

    >ibuprofin@painkiller.example.tld (Moe Trin) wrote:


    >>OK - I only looked at those two ports, but the results are quite
    >>obvious. Either dodomel-lns002-ge3-4-2.core.dodo.com.au (most likely)
    >>or dodoau7.lnk.telstra.net (possible) is silently discarding packets
    >>to port 80. There were no ICMP errors returned.

    >
    >I seriously doubt my ISP know the difference between tracert, traceroute
    >and tcptraceroute,


    I suspect a lot of people don't know the difference between various
    versions of 'traceroute' itself, never mind the other two. BRIEFLY

    Original Van Jacobson traceroute - UDP only
    Van Jacobson traceroute version 1.4 and later - UDP _or_ ICMP echo
    Olaf Kirch (Caldera/SUSE) traceroute - UDP only
    Windoze TRACERT.EXE - ICMP echo only

    The problem with these four is that none use TCP - the networking
    protocol used for nearly everything else on the Internet. The use
    of ICMP echo (ping) may be useless, as many systems on the Internet
    are configured to ignore (or drop) pings because of abuse by windoze
    skript kiddiez and other leet xpUrts. Four tools (tcptraceroute,
    hping2, hping3, and nmap) can do a trace using TCP, which is what is
    needed to expose problems such as this thread reported.

    >anyway they fixed it after myself and another customer put up web
    >pages showing the tcptraceroute results for 80 vs 8080 from:
    >
    > http://serversniff.net/tcptrace.php


    URL noted - thanks

    >Fixed now, just had to convince the ISP to go look again at the border
    >routers, apparently it was the telstra.net machine discarding the
    >traffic.


    Actually, you were probably lucky finding someone at the ISP who had
    even _heard_ of TCP. I hate to say how often I've run into similar
    cluelessness even with the backstage technical types who supposedly
    admin the networking stuff.

    Old guy

+ Reply to Thread