I can't connect to an internet address from work

[chemwiz]

I work for an appraisal firm, and I can't connect to http://www.dupageco.org/ from any of the work computers. It's not blocked in the router, and I've tried OpenDNS, GoogleDNS, and Comcasts own DNS but still can't get through. When I try to ping it the IP is resolved but it says it's unreachable. It works fine from any other location, and I pinged it from a computer with no firewall or AV set up. I'm really at a loss here, I've rebooted all the networking equipment but still can't can't get through. Our connection is Comcast mid-tier business.

I can access the site through vtunnel and from anywhere else I've tried.

TIA for any ideas!

I'm going to be gone for about 2 hours, so please don't take me not answering as disinterest, I just have to run to a job.

 

[SecurityTheatre]

can you do a traceroute to the IP address from work?

In DOS:

tracert www.dupageco.org

Is it resolving to 68.73.241.10?

If so, does the trace die somewhere in transit? What is the last visible hop?

 

[chemwiz]

Great idea, thanks!

I directed it to a text file:

Tracing route to dupageco.org [68.73.241.10] over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.1.1
2 42 ms 17 ms 22 ms c-67-184-0-1.hsd1.il.comcast.net [67.184.0.1]
3 10 ms 9 ms 10 ms te-0-3-0-15-sur04.wchicago.il.chicago.comcast.net [68.86.119.49]
4 14 ms 15 ms 16 ms te-0-11-0-6-ar01.area4.il.chicago.comcast.net [69.139.234.73]
5 17 ms 18 ms 13 ms he-3-10-0-0-cr01.350ecermak.il.ibone.comcast.net [68.86.93.181]
6 14 ms 14 ms 14 ms pos-1-4-0-0-pe01.350ecermak.il.ibone.comcast.net [68.86.86.162]
7 17 ms 15 ms 15 ms 192.205.37.21
8 18 ms 15 ms 16 ms cr2.cgcil.ip.att.net [12.122.132.158]
9 16 ms 15 ms 16 ms cr81.okbil.ip.att.net [12.122.1.193]
10 15 ms 21 ms 15 ms ggr2.cgcil.ip.att.net [12.122.132.133]
11 15 ms 16 ms 16 ms 12.251.24.182
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

Interestingly enough, that's where the trace dies on my computer at home, too. But I can access the site just fine.

 

[Fardringle]

What happens when you try to access the web page in a browser? Do you get an error message or does it just sit there 'thinking' without any progress? If you get an error, what is the exact error message?

 

[John Connor]

Try flushing the DNS Cache. In Dos: ipconfig/flushdns

 

[chemwiz]

I flushed it right away, each time I've changed the DNS servers. Right now one is FreeDNS and one is Google, but it was FreeDNS for a couple of years with no problems (until this).

Right now they're at 208.67.222.222 (FreeDNS) and 8.8.8.8 (Google DNS).

I tried the Comcast servers too, but it's made no difference.

I can't ping it internally from the Comcast modem, either, although it resolves the IP correctly.

 

[seepy83]

This is not a DNS problem. The traceroute that you posted shows that you're resolving the correct IP:

...Tracing route to dupageco.org [68.73.241.10]...

And all of the "Request Timed Out" in your traceroute just means that they're blocking ICMP...that's not really indicative of a problem either.

 

[chemwiz]

Sorry Fardringle, I didn't see your reply. It just times out in Firefox and in IE it sends me to Bing to search for results.

I hate to do it, but I should I just call Comcast tech support? Their support for business is a lot better than for home users. I have no clue where to go from here. Thanks to everyone who's helped so far, I really appreciate the ideas!

 

[cheez]

It might be internet settings in the browser. I would try adding this site to trusted site and check restricted sites while you are there.

Do you have group policy set for the users (including yourself)? If no workie try taking the computer off the domain and put to WORKGROUP and log on as local admin. Try again and see if you can get to it.


cheez

 

[chemwiz]

They're all actually on as a workgroup, the server is for file sharing only. I did try adding it to trusted sites but it still just times out. It does it in Chrome, Firefox, and IE.

 

[gsaldivar]

Is this website for your own company? Open a command window and do ipconfig. Do you see the domain displayed in the output?

 

[cheez]

Pickup the phone and contact COMCAST and tell them the site you try to get to ain't working.


cheez

 

[chemwiz]

No, it's an appraisal company and they need to use the site in order to get tax information on businesses. As a temporary workaround I'm having them use http://www.usawebproxy.net so they can get on the site, lol. I'm going in there Thursday so I'll call Comcastic then and see wtf is up. I'm assuming it's got to be something on their end. I don't know anybody else with Comcast in the area or I'd have them try, too. Anybody in or near St. Charles, IL with Comcast want to give it a go?

 

[QuietDad]

You can also pin down where the problem is by entering the IP address in the browser. Try http:\\68.73.241.10 instead of www.dupageco.org. If it works, then there is an issue with DNS. If it doesn't then there is an issue with the net.

In fooling around here, I can get to it in a browser either way, but tracert either way fails at the same place. A WHOIS search on 12.251.24.182 identifies it as an ATT location in Kansas.

 

[chemwiz]

Thanks, Quietdad, but I tried that already too. I did the whois myself, too! Looks like we think alike.

 

[seepy83]

Are you sure that the admins of dupageco.org haven't blocked access from the appraisal company's IP? Personally, I would be calling their IT dept at 630-407-5000 (number listed at http://www.dupageco.org/it/) before I would bother with Comcast. Based on DNS resolution working correctly, I would suspect the problem is at the web server and not on Comcast's end.

I have no idea how big the company is that you're troubleshooting the problem for, but I'm wondering if the Appraiser's office was sending a lot of traffic to their website, and they blocked access thinking that it was malicious.

 

[chemwiz]

I love this forum, I wouldn't even have thought of that! I just called but they don't block anyone, so I'm still thinking it's gotta be Comcast. There's about 25 people in the office, it's not huge and they don't access the site that often.

 

[SecurityTheatre]

Are you sure that the admins of dupageco.org haven't blocked access from the appraisal company's IP? Personally, I would be calling their IT dept at 630-407-5000 (number listed at http://www.dupageco.org/it/) before I would bother with Comcast. Based on DNS resolution working correctly, I would suspect the problem is at the web server and not on Comcast's end.

I have no idea how big the company is that you're troubleshooting the problem for, but I'm wondering if the Appraiser's office was sending a lot of traffic to their website, and they blocked access thinking that it was malicious.

Good thought. From the traceroute, you ARE reaching their network and you ARE resolving the IP correctly, so it's certainly not a DNS issue and probably not a routing issue.

I suspect you're being blocked on the server-side.

Edit: Looks like you replied while I was posting. I'm not sure Comcast is going to help you, because the traffic looks like it's leaving their network without issues and being blocked downstream.

Here is something to try.

telnet 68.73.241.10 80

Then type a random word (like "Test") and hit Enter. See if you get an HTTP message in return.

If you get "Connection timed out" or something similar, you aren't reaching it. If you get "HTTP/1.1 400 Bad Request" then you are talking to the web server and you may have a browser settings issue, or a proxy issue.

 

[chemwiz]

Interesting. It failed from there, but worked from my house. So you think the issue really is with dupageco.org blocking them somehow?

From there it was "could not open connection to the host".

 

[SecurityTheatre]

Interesting. It failed from there, but worked from my house. So you think the issue really is with dupageco.org blocking them somehow?

From there it was "could not open connection to the host".

Well, it looks that way, but it's hard to confirm further from there.

Try this...

When you visit this page:

http://68.73.241.5/

Do you get an "under construction" page? Or does it also time out?

 

[chemwiz]

Times out from there, under construction from my house.

 

[QuietDad]

It's going to be a routing issue from ATT. The tracert shows:
9 16 ms 15 ms 16 ms cr81.okbil.ip.att.net [12.122.1.193]
10 15 ms 21 ms 15 ms ggr2.cgcil.ip.att.net [12.122.132.133]
11 15 ms 16 ms 16 ms 12.251.24.182

Hops 9 and 10 show a domain name ending in att.net, while hop 11 just shows the IP address. For some reason it's not resolving.

 

[chemwiz]

That's what it does from home, too, but I can connect fine. I asked one of the employees who lives nearby and has Comcast to try from home tonight to see if it's just them or the whole area.

 

[Fardringle]

It's going to be a routing issue from ATT. The tracert shows:
9 16 ms 15 ms 16 ms cr81.okbil.ip.att.net [12.122.1.193]
10 15 ms 21 ms 15 ms ggr2.cgcil.ip.att.net [12.122.132.133]
11 15 ms 16 ms 16 ms 12.251.24.182

Hops 9 and 10 show a domain name ending in att.net, while hop 11 just shows the IP address. For some reason it's not resolving.

Not necessarily. I don't get a name for the hop at 12.251.24.182 either, but the web page loads just fine for me. I agree with others that the issue is most likely that something on the web server is blocking access for users at that location.

 

[SecurityTheatre]

It's going to be a routing issue from ATT. The tracert shows:
9 16 ms 15 ms 16 ms cr81.okbil.ip.att.net [12.122.1.193]
10 15 ms 21 ms 15 ms ggr2.cgcil.ip.att.net [12.122.132.133]
11 15 ms 16 ms 16 ms 12.251.24.182

Hops 9 and 10 show a domain name ending in att.net, while hop 11 just shows the IP address. For some reason it's not resolving.

Nahhh.. The name resolution of an intermediate hop has really nothing to do with whether or not the endpoint is reachable. You're just seeing where ICMP is blocked in the path.

I get the same last 4 hops and I'm off in another country, that's just probably the last hop before their modem, which makes sense since it geolocates to Illinois.

By confirming that you can't reach the .5 address as well (their mail gateway), you are sure it's not the single host.

See if you can ping 68.73.241.1. You should get responses from it (works for me).

That will rule out routing issues if you can.