[Discuss] Problem accessing blu.org

Jerry Feldman gaf.linux at gmail.com
Fri May 22 07:46:31 EDT 2020 

I think I solved the problem. Xfinity moved port forwarding out of the
gateway and onto the web site. The issue seems to be their "Advanced
Security". Turned it off and I was able to access blu.org. Unfortunately
there is no detail stuff. It is just on or off. With "Advanced Security"
turned on, port forwarding is also turned off :-(

On Wed, May 20, 2020 at 3:21 PM Derek Atkins <derek at ihtfp.com> wrote:

> Interesting, "communication administratively prohibited".
>
> Does BLU run Fail2ban?  Maybe your Comcast IP Address got banned/blocked?
> Although that wouldn't explain why traceroutes would stop so quickly.
>
> If you run traceroute again can you still get that far or does it stop at
> the first hop?
>
> Note, from
>
> https://serverfault.com/questions/434211/what-does-z-and-x-mean-in-a-traceroute
>
> Since Linux uses UDP for trace-routes, this can originate from a
> --reject-with icmp-host-prohibited rule at the destination. Some Linux
> distros have this as a default configuration. To fix this you need to
> reply with --reject-with icmp-port-unreachable on UDP ports 33434 through
> 33534.
>
> -derek
>
>
> On Wed, May 20, 2020 3:08 pm, Jerry Feldman wrote:
> > This is my current traceroute about 5 mins after resetting my cable modem
> > Note the !X. Note that vranix is a cname for driftwood.blu.org
> > [gaf at gaf ~]$ traceroute blu.org
> > traceroute to blu.org (216.235.254.230), 30 hops max, 60 byte packets
> >  1  * * *
> >  2  96.120.64.29 (96.120.64.29)  20.949 ms  22.637 ms  22.027 ms
> >  3  162.151.169.205 (162.151.169.205)  21.398 ms  22.473 ms  22.657 ms
> >  4  be-310-ar01.woburn.ma.boston.comcast.net (96.108.44.221)  22.884 ms
> >  34.046 ms  35.013 ms
> >  5  96.108.71.30 (96.108.71.30)  35.387 ms  36.020 ms  35.471 ms
> >  6  50.231.30.210 (50.231.30.210)  36.075 ms  17.799 ms  18.689 ms
> >  7  vranix.blu.org (216.235.254.230)  17.894 ms !X  16.698 ms !X  30.475
> > ms
> > !X
> >
> > On Wed, May 20, 2020 at 3:01 PM Jerry Feldman <gaf.linux at gmail.com>
> wrote:
> >
> >> Thanks Derek.
> >> I've spent hours chatting and speaking with Comcast. They elevated me to
> >> 'advanced repair'. The first advanced guy I chatted with seemed to be
> >> pretty sharp, but resetting the modem broke off the chat. The second guy
> >> I
> >> spoke to over the phone elevated me to  'advanced repair' and this guy
> >> wasn't too sharp. First he always went to the browser, and I told him it
> >> was on the terminal. He finally said it wasn't comcast. One thing I
> >> wanted
> >> to do was to have comcast reset dhcp so I could get a different IP
> >> address.
> >>
> >> I reset the cable modem/gateway a few minutes ago and I am able to
> >> access
> >> blu.org. I did this so I could display the meeting page. As long as I
> >> don't refresh that tab, I can display it on jitsi so if I lose
> >> connectivity
> >> with blu, I can still display the web site.
> >>
> >> On Wed, May 20, 2020 at 8:41 AM Derek Atkins <derek at ihtfp.com> wrote:
> >>
> >>> Here is another question for you:  what is your local network
> >>> configuration?  Are you using Comcast's modem/router directly or do you
> >>> have your own router behind their modem?  If the latter, what happens
> >>> if
> >>> you try to "remove" your own router?  Does that change anything?
> >>>
> >>> Another avenue to look at is whether you might be filling up the
> >>> modem's
> >>> NAT table?  A very unlikely scenario, but it's certainly one I've hit
> >>> (on
> >>> AT&T).
> >>>
> >>> IF you can display the problem with only comcast equipment I'd phone
> >>> into
> >>> their tech support.
> >>>
> >>> -derek
> >>>
> >>> On Wed, May 20, 2020 8:11 am, Jerry Feldman wrote:
> >>> > I've rebooted the router a few times. After I reboot the router, I am
> >>> able
> >>> > to access the site for about 5 minutes. I am certain the blocking is
> >>> > relatively local.
> >>> >
> >>> > On Tue, May 19, 2020 at 2:41 PM Joe Polcari <Joe at polcari.com> wrote:
> >>> >
> >>> >> FYI – I am inside Comcast’s network – so not blocked in any manner,
> >>> in
> >>> >> fact nothing is blocked in any manner in the ISP part of the
> >>> network.
> >>> >>
> >>> >> – let me see how much of this I can paste here
> >>> >>
> >>> >>
> >>> >>
> >>> >> $ traceroute blu.org
> >>> >>
> >>> >> traceroute to blu.org (216.235.254.230), 64 hops max, 52 byte
> >>> packets
> >>> >>
> >>> >>  1  * * *
> >>> >>
> >>> >>  2  192.168.1.1 (192.168.1.1)  3.825 ms  3.507 ms  4.291 ms
> >>> >>
> >>> >>
> >>> >>
> >>> >> Suffice it to say that from Florida it routes through Georgia, to
> >>> >> Chicago,
> >>> >> to Woburn to blu.org.
> >>> >>
> >>> >>
> >>> >>
> >>> >> 22  50.231.30.210 (50.231.30.210)  72.456 ms  71.796 ms  70.346 ms
> >>> >>
> >>> >> 23  vranix.blu.org (216.235.254.230)  71.067 ms !Z  79.478 ms !Z
> >>> 71.794
> >>> >> ms !Z
> >>> >>
> >>> >>
> >>> >>
> >>> >> $ ping blu.org
> >>> >>
> >>> >> PING blu.org (216.235.254.230): 56 data bytes
> >>> >>
> >>> >> 64 bytes from 216.235.254.230: icmp_seq=0 ttl=45 time=70.776 ms
> >>> >>
> >>> >> 64 bytes from 216.235.254.230: icmp_seq=1 ttl=45 time=69.724 ms
> >>> >>
> >>> >> 64 bytes from 216.235.254.230: icmp_seq=2 ttl=45 time=70.567 ms
> >>> >>
> >>> >> 64 bytes from 216.235.254.230: icmp_seq=3 ttl=45 time=70.714 ms
> >>> >>
> >>> >> ^C
> >>> >>
> >>> >> --- blu.org ping statistics ---
> >>> >>
> >>> >> 4 packets transmitted, 4 packets received, 0.0% packet loss
> >>> >>
> >>> >> round-trip min/avg/max/stddev = 69.724/70.445/70.776/0.423 ms
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >> From: Discuss <discuss-bounces+joe=polcari.com at lists.blu.org> on
> >>> behalf
> >>> >> of Bill Ricker <bill.n1vux at gmail.com>
> >>> >> Date: Tuesday, May 19, 2020 at 11:22 AM
> >>> >> To: Derek Atkins <derek at ihtfp.com>
> >>> >> Cc: "discuss at blu.org" <discuss at blu.org>
> >>> >> Subject: Re: [Discuss] Problem accessing blu.org
> >>> >>
> >>> >>
> >>> >>
> >>> >> One wonders if COMCAST is an ISP or just an infotainment company
> >>> >> providing
> >>> >>
> >>> >> Web access to related media properties only.
> >>> >>
> >>> >>
> >>> >>
> >>> >> Perhaps COMCAST has blackholed the BLU IP address because it has a
> >>> >>
> >>> >> mailserver/Listserve and isn't named Google or Yahoo or AOL and thus
> >>> is
> >>> >>
> >>> >> misdiagnosed as an infected site or worm control node :-/  .
> >>> >>
> >>> >>
> >>> >>
> >>> >> If it helps, from VZ FIOS
> >>> >>
> >>> >> traceroute to 216.235.254.230 (216.235.254.230), 30 hops max, 60
> >>> byte
> >>> >>
> >>> >> packets
> >>> >>
> >>> >> 1  172.17.2.1 (172.17.2.1)  0.573 ms  2.032 ms  2.167 ms
> >>> >>
> >>> >> 2  * * *
> >>> >>
> >>> >> 3  B3367.BSTNMA-LCR-21.verizon-gni.net (100.41.9.174)  9.625 ms
> >>> >>
> >>> >> B3367.BSTNMA-LCR-22.verizon-gni.net (100.41.9.176)  13.575 ms
> >>> >>
> >>> >> B3367.BSTNMA-LCR-21.verizon-gni.net (100.41.9.174)  11.152 ms
> >>> >>
> >>> >> 4  * * *
> >>> >>
> >>> >> 5  * * *
> >>> >>
> >>> >> 6  0.ae13.GW13.NYC1.ALTER.NET (140.222.234.193)  24.780 ms  11.364
> >>> ms
> >>> >>
> >>> >> 0.ae11.GW13.NYC1.ALTER.NET (140.222.234.191)  17.289 ms
> >>> >>
> >>> >> 7  windstream-gw.customer.alter.net (204.148.1.234)  17.595 ms
> >>> 17.132
> >>> >> ms
> >>> >>
> >>> >> 17.585 ms
> >>> >>
> >>> >> 8  ae10-0.cr01.nycm01-ny.us.windstream.net (40.129.35.248)  15.832
> >>> ms
> >>> >>
> >>> >> 14.770 ms  15.087 ms
> >>> >>
> >>> >> 9  h255.81.138.40.static.ip.windstream.net (40.138.81.255)  15.009
> >>> ms
> >>> >>
> >>> >> 14.565 ms  13.248 ms
> >>> >>
> >>> >> 10  te-0-4-0-0.wrcmankgs04.onecommunications.net (64.69.99.239)
> >>> 15.371
> >>> >> ms
> >>> >>
> >>> >> 15.149 ms  17.693 ms
> >>> >>
> >>> >> 11  te-3-1.wrcsmank-r76-02.onecommunications.net (64.69.99.234)
> >>> 15.472
> >>> >> ms
> >>> >>
> >>> >> 22.063 ms  22.031 ms
> >>> >>
> >>> >> 12  static-72-248-107-33.mas.onecommunications.net (72.248.107.33)
> >>> >> 17.148
> >>> >>
> >>> >> ms  15.806 ms  15.384 ms
> >>> >>
> >>> >> 13  vranix.blu.org (216.235.254.230)  11.826 ms !X  16.396 ms !X
> >>> 9.762
> >>> >> ms
> >>> >>
> >>> >> !X
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >> I do like how an HTTP connection to the real hostname or IP address
> >>> >>
> >>> >> provides a choice page to select the virtual site ! Nice touch.
> >>> >>
> >>> >>
> >>> >>
> >>> >> 216.235.254.230
> >>> >>
> >>> >>
> >>> >>
> >>> >> This server belongs to Boston Linux & UNIX <http://blu.org>, a
> Linux
> >>> and
> >>> >>
> >>> >> UNIX user group.
> >>> >>
> >>> >> ------------------------------
> >>> >>
> >>> >> Guest Websites
> >>> >>
> >>> >>
> >>> >>
> >>> >>     1. BUGC <http://www.bugc.org>
> >>> >>
> >>> >>     2. HeliVets <http://www.heli-vets.net>
> >>> >>
> >>> >>     3. VHCMA <http://www.vhcma.org>
> >>> >>
> >>> >>     4. VHFCN <http://www.vhfcn.org>
> >>> >>
> >>> >>     5. VHPAF <http://www.vhpaf.org>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >> _______________________________________________
> >>> >>
> >>> >> Discuss mailing list
> >>> >>
> >>> >> Discuss at lists.blu.org
> >>> >>
> >>> >> http://lists.blu.org/mailman/listinfo/discuss
> >>> >>
> >>> >>
> >>> >>
> >>> >> _______________________________________________
> >>> >> Discuss mailing list
> >>> >> Discuss at lists.blu.org
> >>> >> http://lists.blu.org/mailman/listinfo/discuss
> >>> >>
> >>> >
> >>> >
> >>> > --
> >>> > --
> >>> > Jerry Feldman <gaf.linux at gmail.com>
> >>> > Boston Linux and Unix
> >>> > PGP key id: 6F6BB6E7
> >>> > Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6B B6E7
> >>> >
> >>>
> >>>
> >>> --
> >>>        Derek Atkins                 617-623-3745
> >>>        derek at ihtfp.com             www.ihtfp.com
> >>>        Computer and Internet Security Consultant
> >>>
> >>>
> >>
> >> --
> >> --
> >> Jerry Feldman <gaf.linux at gmail.com>
> >> Boston Linux and Unix
> >> PGP key id: 6F6BB6E7
> >> Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6B B6E7
> >>
> >
> >
> > --
> > --
> > Jerry Feldman <gaf.linux at gmail.com>
> > Boston Linux and Unix
> > PGP key id: 6F6BB6E7
> > Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6B B6E7
> >
>
>
> --
>        Derek Atkins                 617-623-3745
>        derek at ihtfp.com             www.ihtfp.com
>        Computer and Internet Security Consultant
>
>

-- 
--
Jerry Feldman <gaf.linux at gmail.com>
Boston Linux and Unix
PGP key id: 6F6BB6E7
Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6B B6E7

More information about the Discuss mailing list