www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Can't access a particular site

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
Shiv



Joined: 29 Oct 2013
Posts: 28

PostPosted: Wed Jan 15, 2014 10:46 am    Post subject: Can't access a particular site Reply with quote

Hi, I am unable to access a particular site through my Zeroshell network. While it is accessible from out of ZS with the same ISP. Please help someone regarding this.
Back to top
View user's profile Send private message
Shiv



Joined: 29 Oct 2013
Posts: 28

PostPosted: Wed Jan 15, 2014 10:54 am    Post subject: Re: Can't access a particular site Reply with quote

Shiv wrote:
Hi, I am unable to access a particular site through my Zeroshell network. While it is accessible from out of ZS with the same ISP. Please help someone regarding this.

I disabled the firewall and checked but still it's not working. I added an IP to firewall with privileges to access all the site but this one also not working. How to fix the issue now??
Back to top
View user's profile Send private message
DrmCa



Joined: 12 Apr 2011
Posts: 224

PostPosted: Thu Jan 16, 2014 9:22 pm    Post subject: Reply with quote

You would have to perform some diagnostics to troubleshoot this.

1. Can you resolve that site's name from behind ZS (by the way, are you using ZS as a DNS server)?

on Windows try nslookup or tracert
on Linux try nslookup or traceroute

2. Can you ping the site by name and IP address from behind ZS?

3. Can you telnet into port 80 of the site, once in telnet type ? and you should see something like

Code:

 HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Back to top
View user's profile Send private message
Shiv



Joined: 29 Oct 2013
Posts: 28

PostPosted: Fri Jan 17, 2014 5:20 am    Post subject: Reply with quote

DrmCa wrote:
You would have to perform some diagnostics to troubleshoot this.

1. Can you resolve that site's name from behind ZS (by the way, are you using ZS as a DNS server)?

on Windows try nslookup or tracert
on Linux try nslookup or traceroute

2. Can you ping the site by name and IP address from behind ZS?

3. Can you telnet into port 80 of the site, once in telnet type ? and you should see something like

Code:

 HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii


#1. Yes, I configured this connection directly (not on ZS) and tried the link is accessible from same connection. In ZS>DNS>OPTIONS> 208.67.222.222 AND 208.67.220.220 ARE SET. Is that right one for DNS??
On Linux I tried traceroute and the below two lines are the result-
1 192.168.0.75 (192.168.0.75) 0.181 ms 0.112 ms 0.106 ms
2 192.168.0.75 (192.168.0.75) 2621.616 ms !H 2621.590 ms !H 2621.560 ms !H

On windows the tracert shows the result -
1 <1 ms <1 ms <1 ms 192.168.0.75
2 192.168.0.75 reports: Destination host unreachable.

#2. When I ping this site without using www from ZS the result is -> From 192.168.0.75 icmp_seq=6 Destination Host Unreachable. And once I tried ping with www.site name and the result is ->
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=72 ttl=51 time=378 ms
Back to top
View user's profile Send private message
DrmCa



Joined: 12 Apr 2011
Posts: 224

PostPosted: Fri Jan 17, 2014 4:47 pm    Post subject: Reply with quote

Shiv wrote:

#1. Yes, I configured this connection directly (not on ZS) and tried the link is accessible from same connection. In ZS>DNS>OPTIONS> 208.67.222.222 AND 208.67.220.220 ARE SET. Is that right one for DNS??
On Linux I tried traceroute and the below two lines are the result-
1 192.168.0.75 (192.168.0.75) 0.181 ms 0.112 ms 0.106 ms
2 192.168.0.75 (192.168.0.75) 2621.616 ms !H 2621.590 ms !H 2621.560 ms !H

On windows the tracert shows the result -
1 <1 ms <1 ms <1 ms 192.168.0.75
2 192.168.0.75 reports: Destination host unreachable.

#2. When I ping this site without using www from ZS the result is -> From 192.168.0.75 icmp_seq=6 Destination Host Unreachable. And once I tried ping with www.site name and the result is ->
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=72 ttl=51 time=378 ms


So you want to use OpenDNS, looks like your configuration for ZS DNS is correct.

Is the address you are trying to reach 192.168.0.75? This address belongs to a local block of addresses, it's not routable and can only be used on the LAN. I am not sure why you want to access that IP address, as it seems that in reality you want to use hit-nxdomain.opendns.com

This is what I can see:

Code:
D:\>nslookup hit-nxdomain.opendns.com
Server:  ****************
Address:  10.1.3.3

Non-authoritative answer:
Name:    hit-nxdomain.opendns.com
Address:  67.215.65.132


67.215.65.132 is the external IP that you should use if you need to access host hit-nxdomain.opendns.com by IP address.
Try to ping it and it most likely is going to work.
Back to top
View user's profile Send private message
Shiv



Joined: 29 Oct 2013
Posts: 28

PostPosted: Sat Jan 18, 2014 4:51 am    Post subject: Reply with quote

DrmCa wrote:
Shiv wrote:

#1. Yes, I configured this connection directly (not on ZS) and tried the link is accessible from same connection. In ZS>DNS>OPTIONS> 208.67.222.222 AND 208.67.220.220 ARE SET. Is that right one for DNS??
On Linux I tried traceroute and the below two lines are the result-
1 192.168.0.75 (192.168.0.75) 0.181 ms 0.112 ms 0.106 ms
2 192.168.0.75 (192.168.0.75) 2621.616 ms !H 2621.590 ms !H 2621.560 ms !H

On windows the tracert shows the result -
1 <1 ms <1 ms <1 ms 192.168.0.75
2 192.168.0.75 reports: Destination host unreachable.

#2. When I ping this site without using www from ZS the result is -> From 192.168.0.75 icmp_seq=6 Destination Host Unreachable. And once I tried ping with www.site name and the result is ->
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=72 ttl=51 time=378 ms


So you want to use OpenDNS, looks like your configuration for ZS DNS is correct.

Is the address you are trying to reach 192.168.0.75? This address belongs to a local block of addresses, it's not routable and can only be used on the LAN. I am not sure why you want to access that IP address, as it seems that in reality you want to use hit-nxdomain.opendns.com

his is what I can see:

Code:
D:\>nslookup hit-nxdomain.opendns.com
Server:  ****************
Address:  10.1.3.3

Non-authoritative answer:
Name:    hit-nxdomain.opendns.com
Address:  67.215.65.132


67.215.65.132 is the external IP that you should use if you need to access host hit-nxdomain.opendns.com by IP address.
Try to ping it and it most likely is going to work.


I am not trying to reach 192.168.0.75 i am trying for 67.215.65.132 but it is not reachable from browser. and shared you the ping results for same as above.
Back to top
View user's profile Send private message
Shiv



Joined: 29 Oct 2013
Posts: 28

PostPosted: Sat Jan 18, 2014 6:13 am    Post subject: Reply with quote

DrmCa wrote:
Shiv wrote:

#1. Yes, I configured this connection directly (not on ZS) and tried the link is accessible from same connection. In ZS>DNS>OPTIONS> 208.67.222.222 AND 208.67.220.220 ARE SET. Is that right one for DNS??
On Linux I tried traceroute and the below two lines are the result-
1 192.168.0.75 (192.168.0.75) 0.181 ms 0.112 ms 0.106 ms
2 192.168.0.75 (192.168.0.75) 2621.616 ms !H 2621.590 ms !H 2621.560 ms !H

On windows the tracert shows the result -
1 <1 ms <1 ms <1 ms 192.168.0.75
2 192.168.0.75 reports: Destination host unreachable.

#2. When I ping this site without using www from ZS the result is -> From 192.168.0.75 icmp_seq=6 Destination Host Unreachable. And once I tried ping with www.site name and the result is ->
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=72 ttl=51 time=378 ms


So you want to use OpenDNS, looks like your configuration for ZS DNS is correct.

Is the address you are trying to reach 192.168.0.75? This address belongs to a local block of addresses, it's not routable and can only be used on the LAN. I am not sure why you want to access that IP address, as it seems that in reality you want to use hit-nxdomain.opendns.com

This is what I can see:

Code:
D:\>nslookup hit-nxdomain.opendns.com
Server:  ****************
Address:  10.1.3.3

Non-authoritative answer:
Name:    hit-nxdomain.opendns.com
Address:  67.215.65.132


67.215.65.132 is the external IP that you should use if you need to access host hit-nxdomain.opendns.com by IP address.
Try to ping it and it most likely is going to work.


I reinstalled the ZS and checked without adding any rule to firewall and found it's working. But I am going to observe step by step where the issue is.


Last edited by Shiv on Sat Jan 18, 2014 8:07 am; edited 1 time in total
Back to top
View user's profile Send private message
Shiv



Joined: 29 Oct 2013
Posts: 28

PostPosted: Sat Jan 18, 2014 6:51 am    Post subject: Reply with quote

DrmCa wrote:
Shiv wrote:

#1. Yes, I configured this connection directly (not on ZS) and tried the link is accessible from same connection. In ZS>DNS>OPTIONS> 208.67.222.222 AND 208.67.220.220 ARE SET. Is that right one for DNS??
On Linux I tried traceroute and the below two lines are the result-
1 192.168.0.75 (192.168.0.75) 0.181 ms 0.112 ms 0.106 ms
2 192.168.0.75 (192.168.0.75) 2621.616 ms !H 2621.590 ms !H 2621.560 ms !H

On windows the tracert shows the result -
1 <1 ms <1 ms <1 ms 192.168.0.75
2 192.168.0.75 reports: Destination host unreachable.

#2. When I ping this site without using www from ZS the result is -> From 192.168.0.75 icmp_seq=6 Destination Host Unreachable. And once I tried ping with www.site name and the result is ->
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=72 ttl=51 time=378 ms


So you want to use OpenDNS, looks like your configuration for ZS DNS is correct.

Is the address you are trying to reach 192.168.0.75? This address belongs to a local block of addresses, it's not routable and can only be used on the LAN. I am not sure why you want to access that IP address, as it seems that in reality you want to use hit-nxdomain.opendns.com

This is what I can see:

Code:
D:\>nslookup hit-nxdomain.opendns.com
Server:  ****************
Address:  10.1.3.3

Non-authoritative answer:
Name:    hit-nxdomain.opendns.com
Address:  67.215.65.132


67.215.65.132 is the external IP that you should use if you need to access host hit-nxdomain.opendns.com by IP address.
Try to ping it and it most likely is going to work.


A new thing I have observed. We have three interfaces and one of them has static IP so I added static IP to the relative ETH. This site is not accessible after adding the static IP and when I remove the IP, it is. I checked with balancing rules also but this issue persists. So suggest for this one now.
Back to top
View user's profile Send private message
DrmCa



Joined: 12 Apr 2011
Posts: 224

PostPosted: Mon Jan 20, 2014 7:24 pm    Post subject: Reply with quote

Not sure why setting one of your uplinks to a static IP prevents you from pinging an address on the Internet.

I have 2 uplinks and both use static IPs assigned by the provider and everything works fine with or without firewall.

Are you doing all these diagnostics in ZS console or from a machine on your LAN? I would run diags on ZS directly using ssh first.
Back to top
View user's profile Send private message
Shiv



Joined: 29 Oct 2013
Posts: 28

PostPosted: Tue Jan 21, 2014 5:14 am    Post subject: Reply with quote

DrmCa wrote:
Not sure why setting one of your uplinks to a static IP prevents you from pinging an address on the Internet.

I have 2 uplinks and both use static IPs assigned by the provider and everything works fine with or without firewall.

Are you doing all these diagnostics in ZS console or from a machine on your LAN? I would run diags on ZS directly using ssh first.

I am accessing ZS console from a machine in LAN (web access). And I diagnosed all these on some machines in LAN which have Linux MAC and Windows OS. They are showing same results, the issue is with Static IP no firewall issue.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group