Hi gang,
I have a website (acthouston.com) hosted on dathorn. The website is for teachers so mainly teachers access it from their school computers. A large school district's teachers cannot access acthouston.com from school computers. We contacted the school districts web dept and they said the website is not blocked. I have never had problems with this site before and it seems everyone else can access it. Apparently the teachers are getting some kind of "proxy error" message.
Here is the response from the school district IT:
can anyone help before I bug dathorn tech about this? thanks
I have a website (acthouston.com) hosted on dathorn. The website is for teachers so mainly teachers access it from their school computers. A large school district's teachers cannot access acthouston.com from school computers. We contacted the school districts web dept and they said the website is not blocked. I have never had problems with this site before and it seems everyone else can access it. Apparently the teachers are getting some kind of "proxy error" message.
Here is the response from the school district IT:
I have looked at our firewall and we are not blocking port 80, which is where most websites operate.
It is weird that I can ping acthouston.com, but cannot access it via port 80.
Do you have an IDS or subscribe to any blacklists? As a school district, occasionally we end up on DNS blacklists or trigger a IDS who does not understand PAT (Port Address Translation.)
While unlikely, it is possible that Service Provider between us and you is dropping our port 80 traffic.
And to counter, I am 99.9% that its not something on our side, but would be happy to work with someone on your side who might be able to do a packet capture on your firewall to see what is happening to this traffic.
We currently resolve www.acthouston.com to 69.56.183.114. Please verify that is the correct IP.
I have included a packet capture from the outside interface of our firewall.
You will notice that I send out a TCP SYN packet to 69.56.183.114 on port 80, but I receive no reply to complete the three-way handshake and get data. Also notice that the sequence number on the SYN packet does not change, meaning it transmitted the same packet three times.
fbisdfirewall# sh access-list natecap
access-list natecap; 2 elements
access-list natecap line 1 extended permit ip host 69.56.183.114 any (hitcnt=1)
access-list natecap line 2 extended permit ip any host 69.56.183.114 (hitcnt=1)
fbisdfirewall#
fbisdfirewall#sh cap
capture natecap type raw-data access-list natecap interface outside
fbisdfirewall# sh cap natecap
3 packets captured
1: 13:53:20.079646 166.102.136.109.32350 > 69.56.183.114.80: S 1851179473:1851179473(0) win 64512 <mss 1380,nop,nop,sackOK>
2: 13:53:22.973231 166.102.136.109.32350 > 69.56.183.114.80: S 1851179473:1851179473(0) win 64512 <mss 1380,nop,nop,sackOK>
3: 13:53:28.989054 166.102.136.109.32350 > 69.56.183.114.80: S 1851179473:1851179473(0) win 64512 <mss 1380,nop,nop,sackOK>
3 packets shown
fbisdfirewall#
It is weird that I can ping acthouston.com, but cannot access it via port 80.
Do you have an IDS or subscribe to any blacklists? As a school district, occasionally we end up on DNS blacklists or trigger a IDS who does not understand PAT (Port Address Translation.)
While unlikely, it is possible that Service Provider between us and you is dropping our port 80 traffic.
And to counter, I am 99.9% that its not something on our side, but would be happy to work with someone on your side who might be able to do a packet capture on your firewall to see what is happening to this traffic.
We currently resolve www.acthouston.com to 69.56.183.114. Please verify that is the correct IP.
I have included a packet capture from the outside interface of our firewall.
You will notice that I send out a TCP SYN packet to 69.56.183.114 on port 80, but I receive no reply to complete the three-way handshake and get data. Also notice that the sequence number on the SYN packet does not change, meaning it transmitted the same packet three times.
fbisdfirewall# sh access-list natecap
access-list natecap; 2 elements
access-list natecap line 1 extended permit ip host 69.56.183.114 any (hitcnt=1)
access-list natecap line 2 extended permit ip any host 69.56.183.114 (hitcnt=1)
fbisdfirewall#
fbisdfirewall#sh cap
capture natecap type raw-data access-list natecap interface outside
fbisdfirewall# sh cap natecap
3 packets captured
1: 13:53:20.079646 166.102.136.109.32350 > 69.56.183.114.80: S 1851179473:1851179473(0) win 64512 <mss 1380,nop,nop,sackOK>
2: 13:53:22.973231 166.102.136.109.32350 > 69.56.183.114.80: S 1851179473:1851179473(0) win 64512 <mss 1380,nop,nop,sackOK>
3: 13:53:28.989054 166.102.136.109.32350 > 69.56.183.114.80: S 1851179473:1851179473(0) win 64512 <mss 1380,nop,nop,sackOK>
3 packets shown
fbisdfirewall#
can anyone help before I bug dathorn tech about this? thanks
Comment