sort of OT: Linksys router blocking certain sites
Jason Hayes
jason at jasonhayes.org
Sun Aug 2 12:07:41 MST 2009
I guess that this must be a Linksys thing then. Everything works fine for a few
years and then it digs in its heels and refuses to load the site(s) that you
have to be able to access.
No solutions for the Linksys router, but I had a D-Link WBR-1310 sitting in a
box new and unused here at home. I fired it up and, at least at first blush,
everything seems to be back to normal. The sites are loading (a little slow,
but they're loading.)
No idea what caused that problem.
Thanks to everyone who commented!
Jason
On Sunday 02 August 2009 09:58:11 am Steve Phariss wrote:
> I had an old Linksys wired router that was acting the same way. I was able
> to access all sites I tried, but one (the web site was was actively working
> on) I could access from a direct connect to the modem, but not from the
> router. I had Cox reset my modem, I even had them reprovision me and
> assign a new IP but nothing worked (hmmm now that I think about it, the
> reprovision MAY have worked for a couple times, don;t remember). On the
> router side I reflashed the firmware, and moved the ports I was using. I
> even reloaded my network drivers on the PC. I eventually got a new router
> and all was well again. the funny thing was I could access the other
> domain on hte same host (used bluehost.com with several domains attached)
>
>
> I do not remember if I could connect using the IP, may not have even tried.
>
> On Sat, Aug 1, 2009 at 11:27 PM, Bryan O'Neal
<boneal at cornerstonehome.com>wrote:
> > I am sure this is a stupid question, but have you flashed your router? Or
> > tried accessing on a different port? You may have a nat lock, though I
> > have never heard of one lasting through a power cycle on a Linksys, I
> > would not put it past it. Flashing (Or even doing a full factory reset)
> > should clear that.
> >
> > On Sat, Aug 1, 2009 at 8:39 PM, Jason Hayes <jason at jasonhayes.org> wrote:
> >> On Saturday 01 August 2009 04:45:02 pm Lisa Kachold wrote:
> >> > On 8/1/09, Jason Hayes <jason at jasonhayes.org> wrote:
> >> > > Not sure why this is happening.
> >> > >
> >> > > My Linksys WRT54GS router just suddenly (yesterday a.m.) started
> >>
> >> blocking
> >>
> >> > > a group of sites that I administer. I was working on one of the
> >> > > sites
> >>
> >> and
> >>
> >> > > it started getting slower and slower, then finally cut out.
> >> >
> >> > Are you possibly locked out at that hosting provider? Ask that they
> >> > "escalate your ticket" to the highest level you can to rule out system
> >> > firewall lockouts?
> >>
> >> Can't be that because if I bypass the router and plug my main computer
> >> directly into the Cox modem, I can access the sites without any
> >> problems. When
> >> I do that I can view the site and sign in as admin, add content, etc.
> >>
> >> > How are you accessing these sites? Port 22? VNC? http/https through
> >> > auth processes?
> >>
> >> Nothing terribly complex -- Just http. These are simple drupal websites
> >> that I
> >> have set up for clients. I was working on a new theme for one of the
> >> websites
> >> (www.bonnydann.com), when the router started acting up.
> >>
> >> Also noticed that when I'm running through the Linksys router, I can log
> >> in to
> >> the ftp portion of the site for file uploads, etc. without any problems.
> >> I'm
> >> also getting email from the accounts on that hosting package. So I know
> >> it is
> >> just the web portion (http) that is acting up.
> >>
> >> > > I know the sites are working because if I plug straight into the
> >>
> >> modem, I
> >>
> >> > > can
> >> > > access them. (Also family in Canada can access them without any
> >>
> >> issues.)
> >>
> >> > > Also,
> >> > > the rest of the Internet is still out there - I can access pretty
> >> > > much any other site.
> >> >
> >> > So, you possibly can't get a new cox IP address but you can request
> >> > they verify you did not get into one of their traps?
> >> >
> >> > Let's look further:
> >> >
> >> > 1) Can you traceroute from the command line to the server? If not
> >> > where does it fail?
> >>
> >> From the router Administration --> Diagnostics page on the WRT54GS, I
> >> can ping
> >> to the site, no packets lost
> >>
> >> PING bonnydann.com ( 66.116.193.208 ) : 56 data bytes
> >> 64 bytes from 66.116.193.208: icmp_seq=0, ttl=52 times=70. ms
> >> 64 bytes from 66.116.193.208: icmp_seq=1, ttl=52 times=70. ms
> >> 64 bytes from 66.116.193.208: icmp_seq=2, ttl=52 times=70. ms
> >> 64 bytes from 66.116.193.208: icmp_seq=3, ttl=52 times=70. ms
> >> 64 bytes from 66.116.193.208: icmp_seq=4, ttl=52 times=80. ms
> >> --- bonnydann.com ping statistics ---
> >> packets transmitted = 5 , packets received = 5 packet loss = 0%
> >> round-trip min/avg/max = 70/72/80
> >>
> >> Can also traceroute to the site
> >>
> >> traceroute to bonnydann.com (66.116.193.208) ,30 hops max,40 byte packet
> >> 1 10.35.128.1 (10.35.128.1) 10. 0 ms <10.0 ms <10.0 ms
> >> 2 68.2.1.253 (68.2.1.253) <10.0 ms <10.0 ms <10.0 ms
> >> 3 70.169.73.45 (70.169.73.45) 10. 0 ms 10. 0 ms <10.0 ms
> >> 4 68.1.0.165 (68.1.0.165) 10. 0 ms 10. 0 ms 10. 0 ms
> >> 5 4.69.133.34 (4.69.133.34) 10. 0 ms 10. 0 ms 10. 0 ms
> >> 6 4.69.133.38 (4.69.133.38) 20. 0 ms 30. 0 ms 20. 0 ms
> >> 7 4.69.144.138 (4.69.144.138) 20. 0 ms * 20. 0 ms
> >> 8 63.146.27.33 (63.146.27.33) 20. 0 ms 20. 0 ms 30. 0 ms
> >> 9 * * * Request timed out.
> >> 10 63.144.63.214 (63.144.63.214) 70. 0 ms 80. 0 ms 70. 0 ms
> >> 11 * * * Request timed out.
> >> 12 66.116.193.208 (66.116.193.208) 70. 0 ms 80. 0 ms 70. 0 ms
> >> Traceroute Complete.
> >>
> >> > 2) If you limit icmp, can you netcat trace to that port?
> >> > http://www.jfranken.de/homepages/johannes/vortraege/netcat.en.html
> >>
> >> Looking at his "querying webservers" section and using
> >>
> >> printf 'GET / HTTP/1.0\n\n' | nc -w 10 www.bonnydann.com 80
> >>
> >> I get
> >>
> >> www.bonnydann.com [66.116.193.208] 80 (www) : Connection timed out
> >>
> >> When I unplug the WRT54GS and plug straight into the modem, I get
> >>
> >> HTTP/1.1 503
> >> Date: Sun, 02 Aug 2009 03:15:40 GMT
> >> Server: Apache
> >> Cache-Control: store, no-cache, must-revalidate, post-check=0,
> >> pre-check=0 Expires: Sun, 19 Nov 1978 05:00:00 GMT
> >> X-Powered-By: PHP/4.4.9
> >> Set-Cookie:
> >> SESSd41d8cd98f00b204e9800998ecf8427e=bfe600d5c18c137cd565b33c1be80cd0;
> >> expires=Tuesday, 25-Aug-09 06:49:00 GMT; path=/
> >> Cache-Control: max-age=1209600
> >> Expires: Sun, 16 Aug 2009 03:15:40 GMT
> >> Last-Modified: Sun, 02 Aug 2009 03:15:40 GMT
> >> Connection: close
> >> Content-Type: text/html; charset=utf-8
> >>
> >> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
> >> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> >> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
> >> dir="ltr">
> >> <head>
> >>
> >> and the rest of the main page, down to ...
> >>
> >> </div> <!-- /container -->
> >> </div>
> >> <!-- /layout -->
> >>
> >> </body>
> >> </html>
> >>
> >> > http://www.textfiles.com/hacking/INTERNET/netcat.txt
> >> >
> >> > 3) Or nmap the server?
> >> >
> >> > # nmap -P0 servername
> >>
> >> Through the WRT54GS
> >>
> >> Starting Nmap 4.76 ( http://nmap.org ) at 2009-08-01 19:09 MST
> >> Interesting ports on 66.116.193.208:
> >> Not shown: 999 closed ports
> >> PORT STATE SERVICE
> >> 21/tcp open ftp
> >>
> >> Nmap done: 1 IP address (1 host up) scanned in 41.80 seconds
> >>
> >> Pulling the WRT54GS out of the loop,
> >>
> >> Starting Nmap 4.76 ( http://nmap.org ) at 2009-08-01 20:17 MST
> >> Interesting ports on 66.116.193.208:
> >> Not shown: 995 filtered ports
> >> PORT STATE SERVICE
> >> 20/tcp closed ftp-data
> >> 21/tcp open ftp
> >> 80/tcp open http
> >> 443/tcp open https
> >> 873/tcp closed rsync
> >>
> >> Nmap done: 1 IP address (1 host up) scanned in 22.29 seconds
> >>
> >> > > I've talked with my hosting company and they swear up and down that
> >> > > nothing has changed and the sites are working as normal.
> >> >
> >> > Do you have cookies in place - clear your browser cookies? Try
> >> > another browser?
> >> >
> >> > Netcat, traceroute and nmap will bypass the browser, but just in
> >> > case...
> >>
> >> Have tried clearing the browser cache several times and have tried
> >> Kubuntu,
> >> Windows XP, and Windows Vista. For browsers, I've tried Firefox, IE 7
> >> and 8,
> >> Konqueror, and Google Chrome.
> >>
> >> > Also did you change your dns server settings in your /etc/resolv.conf?
> >> > Check to make sure your nslookup is the same.
> >> >
> >> > Did you possibly setup a hosts file hack to work on a mock up of the
> >> > website and forget it on your own box? Verify /etc/hosts file...
> >>
> >> Have not touched either the /etc/resolve.conf.
> >>
> >> No special hosts files, or anything like that.
> >>
> >> So I'm completely at a loss to explain why only a certain group of
> >> websites
> >> would be shut down by this router (that has been reset to factory
> >> defaults and
> >> has just had the latest firmware installed).
> >>
> >> Jason Hayes
> >>
> >> > > While fighting with this, I've updated the firmware (to the latest
> >> > > version - V
> >> > > 7.2.06), reset all the settings to factory default, and re-set up my
> >>
> >> home
> >>
> >> > > network.
> >> >
> >> > Are other machines on your network doing the same thing?
> >> > Have someone come over and fire up their laptop to rule out XSS
> >> > plugins and other hacks?
> >> >
> >> > > Everything is fine except for those few websites. Anyone ever seen
> >> > > anything like this?
> >> > > --
> >> > > Jason Hayes
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list