Server not reachable by certain Dutch provider (IP range?)

Discussion in 'General' started by SparkyRih, Jun 12, 2014.

  1. SparkyRih

    SparkyRih New Member

    So I got a complaint that my server is not reachable for users fro ma certain Dutch internet provider (UPC)... I've let them do several tests to find out what's wrong, but I can't find anything....

    Any ideas if my server accidently blocked an IP range somewhere?
     
  2. srijan

    srijan New Member HowtoForge Supporter

    Check your IP tables, may be they will be blocking the ICMP request for Dutch inetrenet providers' IP.
     
  3. SparkyRih

    SparkyRih New Member

    iptables seem to be clean, there are no IP's in there...
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you try to runa traceroute? Maybe it is just a routing problem. Did you inform the support of your provider that access from this other provider is blocked?
     
  5. SparkyRih

    SparkyRih New Member

    I did contact my DC/network provider where my server is hosted, they can't find anything.
    I did ask the UPC customers to do a tracert, but the tracert looks the same as my tracert.

    The UPC customers can reach another server within the same IP range.
    My server has 3 IPs (77.72.148.50, 77.72.146.128, 77.72.146.129), and all 3 are unreachable by the UPC customers (the last two IPs were connected to my server about a week ago)...

    So I think there must be something on the server itself that blocks a certain range, but I don't know where to find it.... IPtables seem to be clean...

    I haven't contacted UPC myself yet, but my customers have, and they are not properly supported in my opinion, they just say run a tracert and that's it...
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Is there no service reachable from your client, e.g. no ping? Or is it a specific service? If iptables is clear, then the ip can only be blocked on application level as far as I know.

    Another option can be that something is blocked on the side of the client, e.g. in his firewall r router. I had a case here in germany were new network routers from German Telekom has a option enabled to block all outgoing emails in the router when the target IP is not in a network of German Telekom.
     
  7. SparkyRih

    SparkyRih New Member

    They complain about not reaching their website, so that's apache, port 80, and I asked them to start a telnet session with 110 (POP3), and they can't connect there either... And it's not just one client, according to him other UPC provider users have the same issue...

    Just to be sure, to check the iptables, which command should I use... iptables -L ?
     
  8. frprim

    frprim New Member

    yes. thats the command. It will list all the rules
     
  9. SparkyRih

    SparkyRih New Member

    Chain INPUT (policy DROP)
    target prot opt source destination
    DROP tcp -- anywhere 127.0.0.0/8
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere
    DROP all -- base-address.mcast.net/4 anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain FORWARD (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    DROP all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere

    Chain INT_IN (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain INT_OUT (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere

    Chain PAROLE (15 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain PUB_IN (5 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere icmp echo-reply
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data
    PAROLE tcp -- anywhere anywhere tcp dpt:ftp
    PAROLE tcp -- anywhere anywhere tcp dpt:finger
    PAROLE tcp -- anywhere anywhere tcp dpt:smtp
    PAROLE tcp -- anywhere anywhere tcp dpt:domain
    PAROLE tcp -- anywhere anywhere tcp dpt:http
    PAROLE tcp -- anywhere anywhere tcp dpt:pop3
    PAROLE tcp -- anywhere anywhere tcp dpt:imap2
    PAROLE tcp -- anywhere anywhere tcp dpt:https
    PAROLE tcp -- anywhere anywhere tcp dpt:imaps
    PAROLE tcp -- anywhere anywhere tcp dpt:pop3s
    PAROLE tcp -- anywhere anywhere tcp dpt:mysql
    PAROLE tcp -- anywhere anywhere tcp dpt:http-alt
    PAROLE tcp -- anywhere anywhere tcp dpt:tproxy
    PAROLE tcp -- anywhere anywhere tcp dpt:webmin
    ACCEPT udp -- anywhere anywhere udp dpt:domain
    ACCEPT udp -- anywhere anywhere udp dpt:mysql
    DROP icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain PUB_OUT (5 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
     
  10. SparkyRih

    SparkyRih New Member

    anyone see something?
     

Share This Page