[clue-tech] IP routing problems
Angelo Bertolli
angelo at freeshell.org
Fri Nov 18 22:35:34 MST 2005
David L. Anselmi wrote:
> Angelo Bertolli wrote:
>
>> I'm running my own box as a server at home, that I like to log into
>> remotely. In particular, at one location I am unable to reach it.
>> Is there any way for me to figure out what the problem is? Both
>> sides of the connection are the same ISP. When I do a traceroute, I
>> get:
>
> [...]
>
>> 10 te-8-1-ur01.chillum.dc.bad.comcast.net (68.87.128.209) 16.318
>> ms 18.804 ms 17.167 ms
>> 11 te-9-2-ur01.rockville.md.bad.comcast.net (68.87.128.218) 21.317
>> ms 17.867 ms 16.167 ms
>> 12 * * *
>> 13 pcp04370002pcs.nrockv01.md.comcast.net (69.140.216.27) 28.722 ms
>
>
> A traceroute through Qwest winds up following this path too. Probably
> there's a filter dropping traceroute after #13. Doesn't really tell
> you anything unless you know the hops between 13 and your server.
>
> Various ports I tried aren't open so I'd say your problem is getting
> to the server from anywhere, not just one location. What's traceroute
> say from a place that works?
I can get to it from anywhere else I've tried, and apparently everyone
else so far I've asked can also. I usually try to ssh in, and I host
some web pages. Here's a traceroute from a location that allows access:
traceroute to descartes.homelinux.org (68.33.44.255), 64 hops max, 52
byte packets
1 gw.freeshell.org (192.94.73.62) 0.700 ms 0.563 ms 0.547 ms
2 sl-gw28-fw-6-1-0-22-TS0.sprintlink.net (160.81.88.169) 4.705 ms
4.308 ms 4.117 ms
3 sl-bb21-fw-2-0.sprintlink.net (144.232.12.165) 4.851 ms 4.614 ms
6.311 ms
4 sprint-gw.dlstx.ip.att.net (192.205.32.69) 22.289 ms 9.341 ms
52.554 ms
5 12.122.82.230 (12.122.82.230) 39.700 ms 39.921 ms 44.446 ms
6 tbr1-cl6.sl9mo.ip.att.net (12.122.10.89) 42.032 ms 39.775 ms
39.723 ms
7 tbr1-cl4.wswdc.ip.att.net (12.122.10.29) 40.306 ms 39.687 ms
39.345 ms
8 gar5-p300.wswdc.ip.att.net (12.123.9.105) 40.613 ms 37.870 ms
49.915 ms
9 12.118.122.6 (12.118.122.6) 69.158 ms 45.897 ms 38.470 ms
10 68.87.16.158 (68.87.16.158) 41.508 ms 53.320 ms 38.515 ms
11 te-9-3-ur01.bowie.md.bad.comcast.net (68.87.128.181) 52.662 ms
38.790 ms 39.863 ms
12 te-9-3-ur01.lanham.md.bad.comcast.net (68.87.128.178) 44.721 ms
53.785 ms 39.577 ms
13 te-9-1-ur02.lanham.md.bad.comcast.net (68.87.129.62) 43.696 ms
39.824 ms 39.020 ms
14 te-9-3-ur01.hyattsville.md.bad.comcast.net (68.87.129.45) 46.963
ms 50.110 ms 49.970 ms
15 * * *
16 pcp0011638909pcs.hyatsv01.md.comcast.net (68.33.44.255) 58.573 ms
48.622 ms 47.887 ms
>
> Most likely you have a filter (firewall, NAT) blocking you from the
> server--what port do you think is open and where should it be open from?
at least 22 and 80. I know 25 is blocked by comcast. Portsentry is
running a few others. Here is nmap from the same location above (after
turning portsentry off):
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
113/tcp open auth
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
707/tcp open unknown
993/tcp open imaps
1080/tcp filtered socks
8080/tcp filtered http-proxy
_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list