Sites blocked by router firewall

One of my clients is not able to access their website unless they disable their Linksys routers' firewall. They are having this problem both at their home and their office locations. They had a similar issue before, and they changed their home ip addresses and that resolved it. That did not resolve it this time and it seems to be connected to their firewall rules as when the firewall is disabled they can access the site. The concern is that it may be happening for people that could be their potential clients. I have gone through cPanel to check for blacklisted IP addresses for which there was none, and I ran a security site check to check for blacklisting or malware and found none. Of course they are concerned that others might not be able to access their site as well, although I personally have not been able to recreate this issue anywhere other than their locations. With the firewall up they are unable to access anything on the server except for one site. That site had an SSL, so I added an SSL to their site in hopes that it would resolve the issue, but it did not correct it. It is on a Hostgator VPS. I opened a ticket with them and they could not find anything that would cause it. The client does have a VLAN that connects the two locations that cannot access the server with the firewall up. These routers have VERY limited options on their firewall, I have even disabled all options except the firewall itself with no results. It continues to show it as if the server is u reachable as if there wasn't an internet connection (but it only appears on sites on that server except one site). Any help in helping resolve this issue would be much appreciated.
The site they are trying to access is mcwhorterheatingandair.com

Thanks,

Jonathan Herston

  • Adam Czajczyk

    Hey Jonathan,

    I hope you're well today and thank you for your question!

    An in-depth investigation you've run here, which is great because it gives us a lot of information. However, there's a slight chance that the Linsys router itself is the reason for this. Most likely, either the IP (or - in this case - en entire IP range) is blocked by the server, despite what the Hostgator's guys say, or the otherwise: Hostgator server's IP (or entire range) is blocked somewhere in-between. It might be blocked for example by the firewall of the internet provider.

    That being said, first thing I'd do is I would ask Hostgator's support staff to carefully double-check their firewalls because it's not uncommon that the IP's being blocked automatically and the admins don't even know about it until they check server logs.

    The second thing is to try to access the site via a proxy (or VPN) - just to pretend to have an IP from completely another range. If it works, then it's a proof that the IP range has been blocked.

    Can you give it a try? Let me know please how it worked!

    Cheers,
    Adam

  • Jonathan

    Thanks for the response and suggestions. Below was their response when I asked them to check it out (the 3rd time). It's just so odd to me that the primary domain for the server can be accessed while the other ones can not. I was expecting an all or nothing. Any recommendations regarding VPN?

    Thanks,

    Jonathan

    I am not seeing anything on the server side that would cause this problem. The fact that disabling your local firewall resolves the issue, seems to indicate a configuration there. One thing I notice, is that when tracing both IP's, they seem to route to the same place via a vlan, 24.96.153.186. Since you said this is two different locations, it seems to be related to how the vlan is configured. Unfortunately, this is not within out network and some thing that we would be able to trouble shoot for you.

    root@res [/home]# traceroute 75.76.18.62
    traceroute to 75.76.18.62 (75.76.18.62), 30 hops max, 40 byte packets
    1 * * *
    2 162-144-240-28.unifiedlayer.com (162.144.240.28) 0.316 ms 0.273 ms 162-144-240-30.unifiedlayer.com (162.144.240.30) 0.147 ms
    3 162-144-240-166.unifiedlayer.com (162.144.240.166) 0.234 ms 162-144-240-146.unifiedlayer.com (162.144.240.146) 0.258 ms 162-144-240-150.unifiedlayer.com (162.144.240.150) 0.280 ms
    4 tg5-6.ar05.prov.acedc.net (69.27.175.152) 10.058 ms tg5-7.ar04.prov.acedc.net (69.27.175.140) 0.211 ms tg6-2.ar04.prov.acedc.net (69.27.175.146) 10.439 ms
    5 ve131.br01.snju.acedc.net (199.58.196.114) 21.637 ms 21.694 ms ve15.ar04.prov.acedc.net (199.58.196.65) 10.362 ms
    6 ve131.br01.snju.acedc.net (199.58.196.114) 21.727 ms 21.813 ms 10gigabitethernet2-3.core1.sjc2.he.net (206.223.116.37) 21.536 ms
    7 10gigabitethernet2-3.core1.sjc2.he.net (206.223.116.37) 21.681 ms 10ge5-2.core1.pao1.he.net (72.52.92.69) 26.821 ms 10gigabitethernet2-3.core1.sjc2.he.net (206.223.116.37) 24.775 ms
    8 10ge5-2.core1.pao1.he.net (72.52.92.69) 22.307 ms 22.340 ms 22.264 ms
    9 ilchicpo0edgj01.knology.net (206.223.119.191) 76.043 ms 75.982 ms 10ge12-8.core1.chi1.he.net (184.105.222.174) 57.416 ms
    10 user-75-76-127-187.knology.net (75.76.127.187) 94.713 ms ilchicpo0edgj01.knology.net (206.223.119.191) 76.075 ms 76.004 ms
    11 user-75-76-127-187.knology.net (75.76.127.187) 94.598 ms 99.836 ms user-24-96-153-82.knology.net (24.96.153.82) 97.208 ms
    12 vlan155.gs-val.wspt.ga.us.knology.net (24.214.2.250) 102.977 ms 103.000 ms user-24-96-153-82.knology.net (24.96.153.82) 97.256 ms
    13 user-24-96-153-186.knology.net (24.96.153.186) 102.470 ms vlan155.gs-val.wspt.ga.us.knology.net (24.214.2.250) 106.020 ms user-24-96-153-182.knology.net (24.96.153.182) 102.512 ms
    14 * user-24-96-153-182.knology.net (24.96.153.182) 102.452 ms user-24-96-153-186.knology.net (24.96.153.186) 102.513 ms
    15 * * *
    16 * * *
    17 * * *
    18 * * *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * *
    27 * * *
    28 * * *
    29 * * *
    30 * * *

    root@res [/home]# traceroute 24.96.215.31
    traceroute to 24.96.215.31 (24.96.215.31), 30 hops max, 40 byte packets
    1 * * *
    2 162-144-240-36.unifiedlayer.com (162.144.240.36) 0.237 ms 162-144-240-38.unifiedlayer.com (162.144.240.38) 0.167 ms 162-144-240-40.unifiedlayer.com (162.144.240.40) 0.157 ms
    3 162-144-240-164.unifiedlayer.com (162.144.240.164) 0.263 ms 162-144-240-154.unifiedlayer.com (162.144.240.154) 0.254 ms 162-144-240-148.unifiedlayer.com (162.144.240.148) 0.203 ms
    4 tg6-2.ar05.prov.acedc.net (69.27.175.160) 9.315 ms tg5-5.ar05.prov.acedc.net (69.27.175.150) 10.977 ms tg5-7.ar04.prov.acedc.net (69.27.175.140) 0.185 ms
    5 ve15.ar04.prov.acedc.net (199.58.196.65) 4.471 ms 4.499 ms 4.521 ms
    6 10gigabitethernet2-3.core1.sjc2.he.net (206.223.116.37) 21.570 ms 25.625 ms 25.757 ms
    7 10gigabitethernet2-3.core1.sjc2.he.net (206.223.116.37) 21.610 ms 10ge5-2.core1.pao1.he.net (72.52.92.69) 26.545 ms 10gigabitethernet2-3.core1.sjc2.he.net (206.223.116.37) 21.673 ms
    8 10ge5-2.core1.pao1.he.net (72.52.92.69) 22.286 ms 26.538 ms 10ge12-8.core1.chi1.he.net (184.105.222.174) 72.015 ms
    9 10ge12-8.core1.chi1.he.net (184.105.222.174) 54.899 ms 71.955 ms ilchicpo0edgj01.knology.net (206.223.119.191) 76.062 ms
    10 ilchicpo0edgj01.knology.net (206.223.119.191) 75.977 ms 76.128 ms user-75-76-127-187.knology.net (75.76.127.187) 102.976 ms
    11 user-24-96-153-82.knology.net (24.96.153.82) 140.054 ms user-75-76-127-187.knology.net (75.76.127.187) 102.331 ms 99.681 ms
    12 user-24-96-153-82.knology.net (24.96.153.82) 136.138 ms vlan155.gs-val.wspt.ga.us.knology.net (24.214.2.250) 99.033 ms 105.818 ms
    13 vlan155.gs-val.wspt.ga.us.knology.net (24.214.2.250) 98.138 ms user-24-96-153-182.knology.net (24.96.153.182) 102.448 ms user-24-96-153-186.knology.net (24.96.153.186) 97.468 ms
    14 user-24-96-153-186.knology.net (24.96.153.186) 102.462 ms 102.592 ms user-24-96-153-182.knology.net (24.96.153.182) 102.511 ms
    15 * * *
    16 * * *
    17 * * *
    18 * * *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * *
    27 * * *
    28 * * *
    29 * * *
    30 * * *

  • Adam Czajczyk

    Hey Jonathan

    I hope you're well today!

    So basically, they've run a "backward tracerout" from them to the client? That's not very useful as it only indicates that the outgoing traffic from their end-point isn't blocked. However it's a clue. I made exactly the same, all the pings are getting back to me properly. That said, I've checked the IP of the server that responded and I've found some glitches:

    1) There's no reverse DNS for the domain/IP. I'm not sure if this is the case but if Linksys firewall operates under "per domain" policy this might be a reason. Incoming packets do not have any info about the domain so the the router (in this case the firewall script) has to query DNS. If there's no reverse DNS, there'll be no answer, most likely causing the firewall to deny such an incoming packet or even break.

    2) There's no SOA Record for the domain. It should be defined at the "cutover point" for the domain:

    https://support.dnsimple.com/articles/soa-record/

    The latter one should be fixable through your cPanel (advanced DNS settings) but the first one is on the Hostgator's site, imho.

    I'm not saying this to just to "bounce the ball" back to them, I just believe that fixing those issues will resolve the problem or, at least, we'll get us closer to the solution :slight_smile:

    Cheers,
    Adam

  • Adam Czajczyk

    Hey Jonathan,

    I hope you're well today!

    It's good to hear that the issue is partially fixed at the moment. The fact that client is able to access the site via a proxy however gives me a reason to think that the issue is actually hosting-related.

    Would the router's firewall block the site by its address? As the site loads via proxy this is not a case. There's a slight chance that it's somehow blocking the Hostgator's IP but I wouldn't bet on it. The most likely explanation would be that at some level Hostgator is blocking your client's IP (or IP range or even the entire traffic from this particular internet provider).

    From your previous posts I can see that they're not quite willing to dig deeper and perform some more detailed investigation, though I think that it's absolutely necessary on their side to move a bit further beyond the traceroute and ping testing only.

    That said, I'm really curious about what would the effects of such an investigation be!

    Regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.