PDA

View Full Version : Randomly blocking ports and IPs


zen63
23-05-2009, 12:54
I just found this forum last night and wow its a good one - cheers to the owner and moderators - good job.

Im getting quite frustrated with Virgin BB, over the past two months their service has been unable to reach a data center in Holland which I use for development purposes. No problem I thought, and shifted to another datacentre (yes I know thats stupid - but I couldnt face dealing with tech support who generally know nothing other than how to power cycle a modem)

The server was of course available on any other ISP connection, globally and in the UK.

Last night, I couldnt access any of my proxy servers - I need to use these to test my Google advertising campaigns in different countries. I have numerous proxies in numerous countries all in different server farms, all with different IP ranges - and all for my own private use.

Once again these are all working on services other than Virgin Cable.

It seems like these muppets have decided that port 3128 is a bad one and simply stopped traffic to it - no warning, just a network time out.

So in the past two months, my work has been seriously impacted by a cable company that randomly takes action without informing their customer.

Has any one else been affected by these types of blockages? Do they resolve over time? Is there a useful method for getting Virgin to fix their over zealous port blocking?

I am seriously considering getting an alternate supplier as their service is not fit for the purpose I purchased it for.

Any help appreciated.........

Peter_
23-05-2009, 12:58
Virgin do not block any ports but the are occasional glitches so they use the proxy below when that happens.

------------------------------------------------------------------------------

Proxy for IE

------------------------------------------------------------------------------
The proxy goes in your browser.

The proxy to use is : webcache.virginmedia.com

The port number is : 8080


How to set up proxy in Internet Explorer 6/7

Step 1 � On the Tools menu in Internet Explorer, click Internet Options, click the Connections tab, and then click LAN Settings.
Step 2 � Under Proxy server, click to select the Use a proxy server for your LAN check box.
Step 3 � In the Address box, type the IP address of the proxy server. (e.g. proxy.abc.com or 202.188.17.24)
Step 4 � In the Port box, type the port number that is used by the proxy server for client connections (by default, 8080).
Step 5 � You can click to select the Bypass proxy server for local addresses check box if you do not want the proxy server computer to be used when you connect to a computer on the local network.
Step 6 � Click OK to close the LAN Settings dialog box.
Step 7 � Click OK again to close the Internet Options dialog box.

Proxy for Firefox

Here is a proxy add on for Firefox https://addons.mozilla.org/en-US/firefox/addon/2464

To enable proxy settings in Firefox 3.0

Select Tools -> Options. ( In some Firefox browser's you have to go to Edit>Preferences usually in LInux )
Select Advanced.
Open the Network tab.
In 'Connections' area click 'Settings' button.
Select Manual Proxy Configuration radio button.
In the necessary proxy field(s), put the same settings in the HTTP field then
Click 'OK'

Joxer
23-05-2009, 13:01
Traceroutes to the proxies would be useful, as would the proxy addresses.

I would also hazard a guess that your IP address begins with 92.

Kymmy
23-05-2009, 13:01
How can a web proxy (8080 to 80) help with blocked ports like 3128????

Toto
23-05-2009, 13:08
Yawn, another "VM are muppets" thread when the O/P would never question their own technical skills.

Honestly zen63 if you had sincerely asked for help rather than blame anyone but yourself, you may get some very good support here from people who know what they are talking about.

zen63
23-05-2009, 13:09
Thanks Moldova - but I want to use my own proxies not virgins - I cant test a US geolocated advertising campaign from a UK ip (which the virgin proxy is).

Joxer my IP on virgin is 86.1.73.***. The traceroutes complete with no problems. I use a variety of different NOCs for my proxies (many different IP ranges and suppliers) so I dont think its a simple routing issue. It seems to be that the port has become unavailable/blocked. I am able to use proxies on other ports.

Zhadnost
23-05-2009, 13:12
A quick test here shows that 3128 isn't blocked from here.

Are you sure it's not that the proxy you are trying to use is down?

zen63
23-05-2009, 13:14
Toto, with the greatest of respect - if you have nothing to contribute, perhaps go back to bed?

I was asking for suggestions and possible reasons. I have performed numerous tests, and have even went so far as to get a network engineer to remotely test my machine and setups. I dont pretend to know everything - that why I'm asking for help.

Simply put - on any other ISP I have no problems - with Virgin media I do.

Kymmy
23-05-2009, 13:17
Behave please people... Let's stick to the topic and not each others comments

---------- Post added at 12:17 ---------- Previous post was at 12:17 ----------

Zen63, VM do NOT block ports...Yet!!!

zen63
23-05-2009, 13:18
Zhadnost - thanks for checking. This would be my first guess also, but I have ruled it out as I have 7 US private proxies across different providers, IP classes, and different locations/NOC's. They are all working correctly when tested by freinds on other ISP's :(

From your post, the block seems to be limited to my connection (but I was never suggesting this was a Virgin wide issue).

I wonder could it be something on my own router thats causing the problem (restarted it multiple times - no joy).

Toto
23-05-2009, 13:19
Toto, with the greatest of respect - if you have nothing to contribute, perhaps go back to bed?

I was asking for suggestions and possible reasons. I have performed numerous tests, and have even went so far as to get a network engineer to remotely test my machine and setups. I dont pretend to know everything - that why I'm asking for help.

Simply put - on any other ISP I have no problems - with Virgin media I do.

Well I just did a very simple update to my FF settings, and have been able to connect to a Malaysia proxy on port 3128 in less then 2 minutes, and that includes the search to find one.

I didn't need a network engineer.

Rather than rely on your own proxies using that port, try these (http://www.aliveproxy.com/proxy-list-port-3128/), they may actually work.

zen63
23-05-2009, 13:27
Toto - Sorry for going off at you - frustration on my part.

I understand that Virgin is not blocking the port in general. I was able to use my proxies until yesterday night. I have tested the following:

1. Used proxyfirewall to test other non private proxies on the same port - FAIL
2. Restarting router - FAIL
3. Testing my private proxies from alternate ISP's - PASS
4. Testing other computers/browsers on my virgin connection - FAIL

I'm out of other things to try :(

Joxer
23-05-2009, 13:27
Have you tried running a trace on that port?

---------- Post added at 12:27 ---------- Previous post was at 12:27 ----------

Or bypassing the router and connecting direct to the modem?

zen63
23-05-2009, 13:30
Toto - I just tried the five newest proxies on the page you gave - all not working for me. I would be willing to bet that they will all work for you.

Its something on my specific account, or local network - but I cant for the life of me figue out what it would be :( Could the netgear router be causing this?

Joxer
23-05-2009, 13:34
It certainly could be the router, if bypassing it isn't easy you could try disabling it's firewall.

My router appears to block traceroutes, which is odd.

Toto
23-05-2009, 13:36
Toto - I just tried the five newest proxies on the page you gave - all not working for me. I would be willing to bet that they will all work for you.

Its something on my specific account, or local network - but I cant for the life of me figue out what it would be :( Could the netgear router be causing this?

Router.....doubt it, but one thing I have learned is never ignore doubts. Try a direct connection to the modem first, that saves any port triggering changes needed to be performed in the router to try and resolve this, no point in all that work if a direct connection can confirm its a router issue.

The server I used was cdn-kmr-c2100-01.tm.net.my:3128, try using that as an HTTP proxy, then visit http://www.whatsmyip.org/ to test it.

zen63
23-05-2009, 13:47
Joxer - Tried a direct connection - that didnt weork either, but it was a good simple suggestion thats eliminated one possible issue

---------- Post added at 12:47 ---------- Previous post was at 12:44 ----------

Hi Toto, thanks for giving me the proxy you were able to use. This doest connect for me - same as all the others.

Proxies are working on ports other than 3128.

I also tested another computer on a direct connection, just in case it was something on the computer.

Im running out of possible solutions :(

Joxer
23-05-2009, 14:01
Hmm, a quick google suggests that tracert won't allow you to specify port or protocol - you are stuck with ICMP - I take it you are using windows? You could try telnet it allows you to specify the port.

telnet webcache.blueyonder.co.uk 8080
Trying 195.188.152.6...
Connected to webcache.blueyonder.co.uk (195.188.152.6).
Escape character is '^]'.
quit

Obviously using your own proxy and port number, just to see if it will connect - you won't be able to do anything if it does - type quit to exit.

Trying this on the above proxy and a random port just times out eventually so I doubt you will get any useful error message if it fails unfortunately, but you never know.

zen63
23-05-2009, 14:23
Hi Joxer,

Telnets and raw connections time out on any connection I have tried to port 3128.

Connections to other ports on the same IP's work fine.

At this stage I beleive the following (feel free to correct me):

1. The proxies are not at fault (tested externally working 3rd party ones they also fail - and my private ones work for other users)
2. Only port 3128 is blocked, 80, 8080, 25 etc etc all work
3. Computer setup is not at fault (tried multiple computers)
4. Router is not at fault (bypassed it)

I dont see where else the problem could be other than with Virgin - any one have further suggestions?

Joxer
23-05-2009, 14:49
webcache.blueyonder.co.uk usually uses port 8080 but allows connections from here on 3128. It runs on squid and 3128 is the standard port for squid, it may be worth checking if your proxies allow use of other ports.

Interestingly webcache.virginmedia.com also allows connections on 8080 and 3128 but outputs an invalid request on exit however webcache.blueyonder.co.uk only outputs the message on port 8080 only. I am assuming that this means that the VM webcache allows use of both ports but the BY one doesn't, but I am guessing.

I am almost bored enough to test this theory.

Hugh
23-05-2009, 15:01
zen, do you have a business or residential account?

If business, would this count as breaching the SLA? (if it is in the VM network).

Peter_
23-05-2009, 15:24
webcache.blueyonder.co.uk usually uses port 8080 but allows connections from here on 3128. It runs on squid and 3128 is the standard port for squid, it may be worth checking if your proxies allow use of other ports.

Interestingly webcache.virginmedia.com also allows connections on 8080 and 3128 but outputs an invalid request on exit however webcache.blueyonder.co.uk only outputs the message on port 8080 only. I am assuming that this means that the VM webcache allows use of both ports but the BY one doesn't, but I am guessing.

I am almost bored enough to test this theory.
He is EX-NTL going by the 86 IP so webcache.blueyonder.co.uk will probably not work.

zen63
23-05-2009, 15:25
Residential :(

I will test setting up a new squid proxy later today on an alternate port. Such a hassle for something that should just work.

Its also a terrible shame that my experiences with support thus far have been polite but reasonably useless. I miss the days of tech support staff actually knowing something.

Moldova is excluded from the previous statement - his reply to my post was great :)

Joxer
23-05-2009, 15:39
He is EX-NTL going by the 86 IP so webcache.blueyonder.co.uk will probably not work.

I had spotted that, I wasn't suggesting he used them - he needs the proxy in a foreign country, merely suggesting that since another squid proxy worked on port 8080 and 3128 it may be worth trying port 8080 since this is not blocked.

I tested the blueyonder proxy and it works on 3128 as well so bang goes above theory.

Peter_
23-05-2009, 15:52
I had spotted that, I wasn't suggesting he used them - he needs the proxy in a foreign country, merely suggesting that since another squid proxy worked on port 8080 and 3128 it may be worth trying port 8080 since this is not blocked.

I tested the blueyonder proxy and it works on 3128 as well so bang goes above theory.
I think the blueyonder one just redirects to the virginmedia one anyway.

Joxer
23-05-2009, 16:01
D'oh, so it does, and getting consistent errors now too.

Toto
23-05-2009, 16:25
I guess the other thing to test then are the Proxies that zen63 has set up, any chance of one we could look at?

---------- Post added at 15:25 ---------- Previous post was at 15:16 ----------

zen, do you have a business or residential account?

If business, would this count as breaching the SLA? (if it is in the VM network).

That actually is a good point, if there is the remote possibility that even at the local CMTS level there is some port blocking in place, on a business account this wouldn't be acceptable.

dev
23-05-2009, 16:40
Hmm, a quick google suggests that tracert won't allow you to specify port or protocol - you are stuck with ICMP - I take it you are using windows? You could try telnet it allows you to specify the port.


If he access to a linux box on his home connection he can use tcptraceroute which uses TCP instead and lets you set the port to use too.

Joxer
23-05-2009, 17:19
No need for tcptraceroute latest traceroute has -T for tcp and -p to specify the port. I would suggest trying a live linux cd but can't gaurantee traceroute to be installed - fairly sure it isn't in Mandriva (which I use), I jsut tested Puppy linux and the version of traceroute is the one in busybox and only allows UDP pings though you can specify the port. Knoppix STD would prbably do it (STD stands for Security Tools Distribution) as it has a whole bunch of network tools.

zen63
23-05-2009, 23:40
Went out for the afternoon - came back - and like magic the proxies work once more. Didnt restart computer or anything.

Strange problem, I think i will invest in a second bb line - i like virgins speed, but if a problem like this happens at the wrong time - its a major headache.

Thanks all of you for the help.

Hugh
23-05-2009, 23:49
Or if you go for a Business connection (as it would appear from your posts that's its purpose), that may resolve it.