Weird problem, only one port, 80, is blocked.

Hi there,

This started last Friday, incoming ADSL traffic on port 80 stopped.
So I contact the ISP and they say there's no block, after some days
today we find they can get to my port 80 only from the same CIDR
block (123.2.0.0/15).

What could cause this? The ISP are clueless.

I added port 8080 for the web server and that works, as does ftp
and other low port protocols. But the normal hits from search
engines and the odd visitor has completely stopped.

The ADSL modem is bridged to linux box, so it's not a forwarding
issue, plus I bypassed some existing iptables firewall rules with
new rules for 80 + 8080 so they follow same path.

Thanks,
Grant.
--
http://bugsplatter.id.au/

On Mon, 29 Sep 2008 15:03:39 -0500, (E-Mail Removed) (Moe Trin) wrote:

>On Mon, 29 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
>article <(E-Mail Removed)>, Grant wrote:
>
>>This started last Friday, incoming ADSL traffic on port 80 stopped.
>>So I contact the ISP and they say there's no block, after some days
>>today we find they can get to my port 80 only from the same CIDR
>>block (123.2.0.0/15).
>>
>>What could cause this? The ISP are clueless.
>
>Tracing to your posting address port 80, I loose it in Melbourne:
>
>12 tengigabitethernet8-1.lon55.melbourne.telstra.net (203.50.80.65)
> 319.114 ms 309.174 ms 309.141 ms
>13 dodoau7.lnk.telstra.net (139.130.205.18) 309.124 ms 309.282 ms
> 309.554 ms
>14 * * *
>15 * * *
>16 * * *
>
>while a trace to the same address port 8080 continues
>
>14 dodomel-lns002-ge3-4-2.core.dodo.com.au (123.2.0.43) 319.122 ms
> 319.140 ms 319.545 ms
>15 123-2-77-8.static.dsl.dodo.com.au (123.2.77.8) [open] 348.964 ms
> 339.390 ms 339.297 ms
>
>Obviously dodoau7.lnk.telstra.net or dodomel-lns002-ge3-4-2.core.dodo.com.au
>is dropping port 80 inbound. Does your contract with Dodo Oz Pty say
>that you are to have such access? If so, raise hell with them.

Hey thanks for that, things looking gloomy yesterday as they trying to
blame my linux + bridged modem setup. Yes I'm allowed to run servers,
been with ISP for four years and had web + ftp server up for most of ]
that time.

A bit of good news overnight is that another dodo customer noticed the
same problem and answered my query on a local forum, same symptoms, and
they're running IIS 6.0.

What did you use to trace port 80? tcptraceroute?

Dodo tech seem to have no tools, they're a windoze based company, I'm
only there for the cheap ADSL plan

Your trace shows what I've been trying to tell them since Friday, it
isn't my end playing up, thanks again for this evidence

Grant.
--
http://bugsplatter.id.au/

Em Segunda, 29 de Setembro de 2008 23:19, Grant escreveu:
> What did you use to trace port 80? tcptraceroute?
>
> Dodo tech seem to have no tools, they're a windoze based company, I'm
> only there for the cheap ADSL plan

Hi, i use this site to test firewalls, it show us what ports we have open
and acessible... maybe this can help you, maybe not... the intention is
good

https://www.grc.com/x/ne.dll?bh0bkyd2

good luck to you

I have the same problem since Fri. The thing is that I run my web
server on mac. Dodo didnt give me any response to my question. I had
to do a webhops with dyn DNS but in this case some ads are put on the
top of my webpage
Dacian

On Mon, 29 Sep 2008 23:59:28 -0500, (E-Mail Removed) (Moe Trin) wrote:

>On Tue, 30 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
>article <(E-Mail Removed)>, Grant wrote:
>
>>(E-Mail Removed) (Moe Trin) wrote:
>
>>>Obviously dodoau7.lnk.telstra.net or dodomel-lns002-ge3-4-2.core.dodo.com.au
>>>is dropping port 80 inbound. Does your contract with Dodo Oz Pty say
>>>that you are to have such access? If so, raise hell with them.
>
>>Hey thanks for that, things looking gloomy yesterday as they trying to
>>blame my linux + bridged modem setup. Yes I'm allowed to run servers,
>>been with ISP for four years and had web + ftp server up for most of ]
>>that time.
>
>OK - I only looked at those two ports, but the results are quite
>obvious. Either dodomel-lns002-ge3-4-2.core.dodo.com.au (most likely)
>or dodoau7.lnk.telstra.net (possible) is silently discarding packets to
>port 80. There were no ICMP errors returned.

I seriously doubt my ISP know the difference between tracert, traceroute
and tcptraceroute, anyway they fixed it after myself and another customer
put up web pages showing the tcptraceroute results for 80 vs 8080 from:

http://serversniff.net/tcptrace.php

plus numerous phone calls both of us trying to explain to them the nature
of the issue and where to go look for the discarded packets.

Fixed now, just had to convince the ISP to go look again at the border
routers, apparently it was the telstra.net machine discarding the traffic.

Grant.
--
http://bugsplatter.id.au/