Cannot reach http:// sites, but https:// sites are ok
I had this strange situation whereby I was able to establish DSL sync and could surf "https:// sites without issue, but I could not reach any "http:// sites. I called DSL support not expecting much because I didn't know what else to do and I couldn't get on this forum because it wasn't "https://. I had rebooted everything several times, changed the DNS servers to OpenDNS, etc. removed all security apps... and more. As a last resort, I swapped out the 2wire for a plain modem and voila, »
sites were working again. Not wanting to leave it that way, I put the 2wire back in (did the registration thing again) and finally it was back to normal. There were no errors given other than server could not be found... The CS rep didn't understand it either, so I'm still without an explanation.
Anyone have any ideas as to what could caused this strange situation? I'd sure like to proactively avoid it in the future.
I have been having network trouble for a week. See post in att southwest. If it comes back, you need tier two. Actually the back room network engineers, but I lost my number for them. I am sure another U.S. support center got moved to India.
One of these jokers said his name was Nikita. Twice I spoke what little Russian I know with no response either time.
|reply to bbear2 |
In the 2wire modems, there is a check box in the firewall advanced settings page that will not allow outbound HTTP traffic if not checked. There is also one for HTTPS and several other common protocols.
Did you check that page and make sure HTTP was not unchecked for some reason? I'm not aware of anything that would uncheck that automatically unless you have remote access enabled on your 2wire and someone gained access to it from outside.
When you ran the modem through the registration process again, it would have set those values back to their defaults which is to allow that traffic of course.
That's the only thing I can think of.
I bridge my 2Wires and use an external router as I never liked the firewall built into the 2Wire modems. They seem flaky and sometimes custom port forwards just go missing for no reason so I gave up on them for that and bridged them. I still use them for their excellent stats page in the MDC. Can't beat the info the 2Wires give when troubleshooting DSL line problems. Plus they have the built in DMT chart which is very handy when trying to narrow down local noise that falls within the DSL passband.
I did forget about that page, so no, I don't know how it was set when I was having the issue. Funny thing is, after I saw your message I went to that page to try and uncheck that box and a few others, but it would not let me save it. All I wanted to do was to test that theory. There are a few check boxes that it will let me save, so I'm wondering what's up with this? I even tried to uncheck remote support and it's locked down so that it too cannot be changed. Anyone know if there is a way around this?
That's odd that it would not let you save the changes.
I wonder if they blocked the changes in firmware due to them getting changed and causing support calls.
Mine have not had new firmware since the day they were new due to being bridged.
Maybe someone that is more in the know will chime in and offer some advice.
I do think I recall a post quite some time back where a user could no longer disable the remote support box. That had to be over a year ago though.
At least you are back up and running!
Turns out the problem is back. I also was able to verify that the allow http outbound was indeed checked. I also went to the GUI instead of the MDC and from there I was able to check/uncheck everything I wanted to. So while I figured that out, I'm back to ground zero on check box thing.
I also noticed that this time the issue came and went on its own with only a few minutes or so in between. Meaning, one moment it was working then 5-10 mins later or so it wasn't, etc. And I have no idea what's causing it. I'm doing full virus scans, etc. but still running.
The only thing that I've seen of interest is in the detailed firewall info where by I see this over and over: sess: bkt 21, flags: 0x000001a1, proto: 17, cnt: 2
l: 192.168.1.6:54456, f: 126.96.36.199:53, n: xxx.xxx.xxx.xxx:nnnnn
lnd: (51,0), fnd: (44,0)
last used 4616, max_idle: 360
Where nnnnn is a different port each listing. And there are about 850/1024 session table entries available. Seems a bit high, but not sure. Is there a place to change the session timeout?
Any ideas are appreciated.
Not using the firewall feature, I really don't have any for sure ideas. I can only offer suggestions from this point.
The one example you posted appears to be an inbound DNS request or ACK originating on port 53.
I know a Microsoft security patch many months ago changed the way DNS requests are sent and they can now use a very wide range of ports. I think you will still see a lot of port 53 traffic in your logs though. That should be the DNS server responding to your requests. So those logs may be fine.
Maybe you could post a link to this thread and some of your logs in the 2wire forum.
I know there are some users there that know a lot more about interpreting the 2wire logs.
Most below this line is just suggestions that may help you or others determine the cause.
How many computers do you have that connect via the 2wire?
And is wireless on? Disable that in the GUI if not needed in case someone has hijacked that connection.
Check external wireless routers or access points also and maybe disable them if you can run without them for however long it takes for this problem to occur.
I don't know what the 2wire does when it sees excessive traffic.
I use a Zyxel product for my firewall and it can lock certain traffic out for an amount of time if it sees excessive traffic. I would guess the 2wire can do the same.
Have you tried playing with the check boxes under the advanced tab in the GUI for the firewall? The ones in the Attack Detection box under that tab. While that may get things working, I'd be careful as unchecking some of them may be letting things out/in that should not be allowed. The 2wire may really be blocking something that it should be if unchecking some of those boxes seems to get things working again! So be careful with that.
If more than one computer, try and watch the logs for one with a higher amount of activity and kill it for a while and see if HTTP traffic is restored after a few minutes.
Also, if more than one computer, does this problem occur on all computers when it happens?
What model is your 2wire?
If you only have the one computer, I'd be tempted to swap the 2wire for your other modem and let it run for a day or two and see if the problem recurs.
What model is your spare modem?
Just make sure you have any security apps up and running as you may only have NAT protection depending on what model your spare modem is.
Thanks for the additional ideas. I'm working on a few things following the dreaded factory reset. I did request the mods to move this to 2wire; if that doesn't happen I'll probabaly start one over there.