Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't view websites?? 1

Status
Not open for further replies.

mUtech

Technical User
Sep 4, 2001
13
GB
Hi,
Until a couple of days ago our web access was fine, we use a 1603r router over a 2meg line. Then suddenly we were unable to view any websites. I could still ping and traceroute, and dns was fine.
The isp say that everything is ok as far as thay are concerned because thay can ping ok.
I have completely reinstalled the router and set it up with a basic config. Again ping and trace but no access from a browser.
Any ideas folks? I am getting desparate!

Ta,
ric.
 
You can ping a website or to the ISP?
via DNS & IP?

 
have you looked at the DNS, ip domain-name ? Jeter@LasVegas.com
J.Fisher CCNA
 
i can ping and trace any site or address, both with and without using dns.

ric
 
Lets think it through..

something changed two days ago..

ping/traceroute works which means A- the routes work and B- UDP is working. I'm assuming you can say PING and it works from the workstation, not just the router?

Web sites come in on TCP port 80. So even if ping works, the website might not. So ping is just a gross indicator that the wires are good.. not that the network is fine.

Who runs the firewall? 'cause I'm guessing the issue is there at the firewall or where ever a access list is. It would be handy to hang a sniffer on the wire to see if there are any clues. Also, on your own router, you could place an access list for TCP port 80 and then log it... this would show if the packets for port 80 actually make it your router.

MikeS
Find me at
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
The strange thing is i changed nothing that day, and since i have completely reinstalled the router, same problem. i am thinking that maybe it is a hardware problem, as i am not running any access lists at the moment, and the isp says everything is ok at their end.
The only other thing that i can think of is that nat may be affecting it?
What would you recommend as the best way to write the access list for logging port 80 requests?

ric
 
I can not think of a hardware failure that would only block port 80 http requests. Not saying it's impossible but I would it's very unlikely.

acess-list 130 permit tcp any any eq 80 log ; does nothing except log port 80 traffic.

acces-list 130 permit IP any any; permits anything else IP to go through the router

Apply the list to the interface facing the ISP.. I would try outbound first.. just to see of any port 80 traffic is coming through the router before it gets to the ISP link.

interface s0 ; or whatver the interface is
access-group 130 out

if you get traffic outbound on port 80.. apply the list as inbound.. if no traffic back.. then kick it back to the ISP with the log file.

I'm writing this from memory and I *think* it's right.. but check my work first :)

MikeS
Find me at
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Thanks Mike,
By logging the I was able to show the ISP that there was indeed nothing wrong at our end. And overnight theyt seem to have misteriously solved the problem....

ric.
:)
 
Funny how that *magic* happens when nobody is looking ;-)

Glad it worked out for you.

MikeS
Find me at
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top