Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Remote Connectivity
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Remote Connectivity
Remote Connectivity
09-03-2014 3:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi,
I have been trying for some time to setup a VPN between two SonicWalls. However, there appear to be issues with specific ports traversing the Metronet/Plusnet network.
Initially I thought this might have been a problem with the Vigor2710 ADSL router catching and blocking the VPN traffic. To test I configured a DMZ ip address on the router and pointed this to a laptop running wireshark. I then purchased an Amazon EC2 VPS instance and ran nmap against a variety of ports.
TCP ports 80 and 443 did not reach the promiscuous laptop, neither did UDP port 500. What was interesting is that TCP 3389 and UDP 4500 did.
I figured that without much debugging output on the router, it could still be responsible for blocking this traffic. So, I swapped it with a Cisco 877 router and configured the following basic access lists and NAT rules:
ip nat inside source list acl-NAT interface Dialer0 overload
ip nat inside source static tcp 192.168.15.254 443 interface Dialer0 80
ip nat inside source static tcp 192.168.15.254 443 interface Dialer0 443
ip nat inside source static tcp 192.168.15.254 443 interface Dialer0 3389
ip nat inside source static udp 192.168.15.254 500 interface Dialer0 500
ip nat inside source static udp 192.168.15.254 500 interface Dialer0 4500
ip access-list standard acl-NAT
permit 192.168.0.0 0.0.255.255
ip access-list extended atm-in
remark - Access Rule - ATM IN - From WAN to LAN
permit tcp any eq www any
permit tcp any eq 443 any
permit tcp any eq 3389 any
permit udp any eq 500 any
permit udp any eq 4500 any
permit udp any eq bootps host 255.255.255.255 eq bootpc log
deny icmp any any fragments log
deny icmp any any time-exceeded log
deny icmp any any host-unreachable log
permit icmp any any echo-reply log
permit icmp any any packet-too-big log
deny icmp any any log
permit udp any eq domain any
permit udp any eq ntp any
evaluate tcptraffic
deny tcp any any log
deny udp any any log
deny ip any any log
ip access-list extended atm-out
remark - Access Rule - ATM OUT - From LAN to WAN
permit tcp any any eq www reflect tcptraffic timeout 30
permit tcp any any eq 443 reflect tcptraffic timeout 30
permit tcp any any eq ftp reflect tcptraffic timeout 30
permit tcp any any eq 22 reflect tcptraffic timeout 30
permit tcp any any eq 587 reflect tcptraffic timeout 30
permit tcp any any eq 873 reflect tcptraffic timeout 30
permit tcp any any eq 993 reflect tcptraffic timeout 30
permit tcp any any eq 3389 reflect tcptraffic timeout 30
permit udp any any eq ntp
permit udp any any eq domain
permit udp any any eq 500
permit udp any any eq 4500
deny tcp any any log
deny udp any any log
Looking at the nat translations I can see outbound traffic hitting these rules and I can browse the internet without issue. From my amazon instance I ran a number of traceroute commands, which gave the following outputs:
[root@ip-172-31-xx ~]# traceroute -T -p 443 84.51.xx.xx
traceroute to 84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 0.728 ms 0.730 ms 0.560 ms
2 205.251.232.39 (205.251.232.39) 6.239 ms 205.251.232.223 (205.251.232.223) 6.255 ms 205.251.232.39 (205.251.232.39) 6.030 ms
3 205.251.232.216 (205.251.232.216) 0.707 ms 205.251.232.204 (205.251.232.204) 0.937 ms 205.251.232.210 (205.251.232.210) 1.187 ms
4 205.251.232.76 (205.251.232.76) 6.409 ms 13.145 ms 205.251.232.75 (205.251.232.75) 6.748 ms
5 205.251.225.161 (205.251.225.161) 13.135 ms 205.251.225.167 (205.251.225.167) 6.441 ms 205.251.225.161 (205.251.225.161) 13.011 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 13.244 ms 13.353 ms 13.312 ms
7 xe-10-0-0.sea23.ip4.tinet.net (89.149.184.166) 13.210 ms xe-11-0-2.sea23.ip4.tinet.net (89.149.184.142) 13.220 ms xe-11-0-1.sea23.ip4.tinet.net (89.149.184.110) 6.402 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 27.569 ms 27.440 ms 27.519 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 158.518 ms 157.527 ms 157.539 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 158.006 ms 157.842 ms 157.079 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 157.347 ms 156.521 ms 157.640 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 156.555 ms 156.276 ms 157.615 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 157.342 ms 157.822 ms 158.504 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 157.336 ms 158.110 ms 157.975 ms
15 ae-46-46.ebr1.NewYork1.Level3.net (4.69.201.41) 157.087 ms ae-4-4.ebr1.NewYork1.Level3.net (4.69.141.17) 157.901 ms ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 159.006 ms
16 ae-41-41.ebr2.London1.Level3.net (4.69.137.65) 157.843 ms ae-42-42.ebr2.London1.Level3.net (4.69.137.69) 156.847 ms ae-41-41.ebr2.London1.Level3.net (4.69.137.65) 156.652 ms
17 ae-57-222.csw2.London1.Level3.net (4.69.153.134) 157.558 ms ae-59-224.csw2.London1.Level3.net (4.69.153.142) 158.263 ms ae-56-221.csw2.London1.Level3.net (4.69.153.130) 157.196 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 159.407 ms 158.417 ms 164.057 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 154.204 ms 145.276 ms 156.536 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 144.579 ms 144.770 ms 145.364 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 152.032 ms 145.442 ms 152.065 ms
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
FAIL
[root@ip-172-31-** ~]# traceroute -T -p 22 84.51.xx.xx
traceroute to 84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 0.589 ms 0.778 ms 0.747 ms
2 205.251.232.39 (205.251.232.39) 1.195 ms 5.508 ms 1.017 ms
3 205.251.232.216 (205.251.232.216) 1.949 ms 205.251.232.204 (205.251.232.204) 1.811 ms 205.251.232.210 (205.251.232.210) 40.231 ms
4 205.251.232.78 (205.251.232.78) 6.602 ms 205.251.232.76 (205.251.232.76) 6.650 ms 205.251.232.75 (205.251.232.75) 29.499 ms
5 205.251.225.167 (205.251.225.167) 6.526 ms 205.251.225.165 (205.251.225.165) 13.039 ms 13.241 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 13.389 ms 13.275 ms 13.222 ms
7 xe-11-0-0.sea23.ip4.tinet.net (89.149.184.190) 6.543 ms xe-11-0-1.sea23.ip4.tinet.net (89.149.184.110) 6.581 ms xe-11-0-2.sea23.ip4.tinet.net (89.149.184.142) 13.310 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 27.492 ms 27.447 ms 27.214 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 157.605 ms 157.587 ms 157.560 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 157.883 ms 157.128 ms 157.529 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 157.216 ms 156.817 ms 157.549 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 156.011 ms 157.091 ms 156.713 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 156.484 ms 156.898 ms 157.047 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 157.532 ms 157.107 ms 156.964 ms
15 ae-46-46.ebr1.NewYork1.Level3.net (4.69.201.41) 157.661 ms 156.379 ms ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 157.849 ms
16 ae-43-43.ebr2.London1.Level3.net (4.69.137.73) 157.043 ms ae-41-41.ebr2.London1.Level3.net (4.69.137.65) 158.523 ms ae-44-44.ebr2.London1.Level3.net (4.69.137.77) 156.803 ms
17 ae-57-222.csw2.London1.Level3.net (4.69.153.134) 157.470 ms 157.189 ms ae-56-221.csw2.London1.Level3.net (4.69.153.130) 156.890 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 157.061 ms 156.503 ms 157.313 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 147.586 ms 162.177 ms 144.025 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 144.162 ms 143.914 ms 145.144 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 311.703 ms 325.580 ms 401.343 ms
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
FAIL
[root@ip-172-31-xx ~]# traceroute -T -p 3389 84.51.xx.xx
traceroute to 84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 1.000 ms 0.850 ms 0.738 ms
2 205.251.232.223 (205.251.232.223) 0.751 ms 0.973 ms 0.778 ms
3 205.251.232.210 (205.251.232.210) 1.121 ms 205.251.232.198 (205.251.232.198) 3.147 ms 205.251.232.216 (205.251.232.216) 1.284 ms
4 205.251.232.73 (205.251.232.73) 13.227 ms 205.251.232.78 (205.251.232.78) 13.387 ms 205.251.232.75 (205.251.232.75) 13.239 ms
5 205.251.225.161 (205.251.225.161) 13.052 ms 12.948 ms 205.251.225.163 (205.251.225.163) 13.185 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 31.507 ms 13.303 ms 13.315 ms
7 xe-10-0-0.sea23.ip4.tinet.net (89.149.184.166) 13.197 ms xe-11-0-2.sea23.ip4.tinet.net (89.149.184.142) 13.287 ms xe-11-0-1.sea23.ip4.tinet.net (89.149.184.110) 6.702 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 27.499 ms 27.544 ms 27.420 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 157.515 ms 157.657 ms 157.282 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 157.209 ms 157.561 ms 157.143 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 157.330 ms 155.939 ms 155.952 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 158.073 ms 171.580 ms 157.579 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 156.406 ms 157.249 ms 157.545 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 156.446 ms 157.868 ms 157.012 ms
15 ae-48-48.ebr1.NewYork1.Level3.net (4.69.201.49) 157.749 ms ae-46-46.ebr1.NewYork1.Level3.net (4.69.201.41) 156.856 ms ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 157.637 ms
16 ae-44-44.ebr2.London1.Level3.net (4.69.137.77) 157.522 ms 157.310 ms ae-42-42.ebr2.London1.Level3.net (4.69.137.69) 156.141 ms
17 ae-56-221.csw2.London1.Level3.net (4.69.153.130) 157.947 ms ae-58-223.csw2.London1.Level3.net (4.69.153.138) 165.049 ms ae-57-222.csw2.London1.Level3.net (4.69.153.134) 164.496 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 195.437 ms 195.440 ms 195.054 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 148.364 ms 150.752 ms 154.817 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 144.893 ms 144.113 ms 145.191 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 149.224 ms 169.848 ms 157.888 ms
22 84.51.xx.xx.xxxxx850.adsl.metronet.co.uk (84.51.xx.xx) 170.008 ms 172.847 ms 170.069 ms
SUCCESS
[root@ip-172-31-xx ~]# traceroute -U 84.51.xx.xx
traceroute to 84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 0.824 ms 0.687 ms 0.793 ms
2 205.251.232.39 (205.251.232.39) 0.843 ms 0.736 ms 205.251.232.223 (205.251.232.223) 0.816 ms
3 205.251.232.210 (205.251.232.210) 0.762 ms 205.251.232.216 (205.251.232.216) 0.896 ms 205.251.232.198 (205.251.232.198) 0.945 ms
4 205.251.232.73 (205.251.232.73) 13.250 ms 205.251.232.76 (205.251.232.76) 13.477 ms 205.251.232.73 (205.251.232.73) 6.669 ms
5 205.251.225.161 (205.251.225.161) 12.985 ms 205.251.225.163 (205.251.225.163) 13.115 ms 205.251.225.165 (205.251.225.165) 13.091 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 13.263 ms 13.286 ms 13.184 ms
7 xe-10-0-0.sea23.ip4.tinet.net (89.149.184.166) 13.395 ms xe-11-0-2.sea23.ip4.tinet.net (89.149.184.142) 13.232 ms xe-11-0-1.sea23.ip4.tinet.net (89.149.184.110) 6.337 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 27.257 ms 27.426 ms 27.335 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 157.328 ms 157.531 ms 157.432 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 157.634 ms 157.278 ms 157.481 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 157.445 ms 158.896 ms 156.700 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 157.548 ms 158.489 ms 157.567 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 157.040 ms 163.615 ms 156.230 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 157.045 ms 157.770 ms 157.128 ms
15 ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 157.255 ms 156.907 ms ae-46-46.ebr1.NewYork1.Level3.net (4.69.201.41) 157.861 ms
16 ae-42-42.ebr2.London1.Level3.net (4.69.137.69) 157.033 ms 157.557 ms ae-43-43.ebr2.London1.Level3.net (4.69.137.73) 157.383 ms
17 ae-57-222.csw2.London1.Level3.net (4.69.153.134) 157.174 ms ae-59-224.csw2.London1.Level3.net (4.69.153.142) 158.480 ms ae-58-223.csw2.London1.Level3.net (4.69.153.138) 157.297 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 223.244 ms 222.380 ms 211.209 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 150.541 ms 151.417 ms 150.911 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 152.123 ms 152.046 ms 151.246 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 176.127 ms 176.710 ms 175.574 ms
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
FAIL
[root@ip-172-31-xx ~]# traceroute -I 84.51.xx.xx
traceroute to84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 0.764 ms 0.849 ms 0.776 ms
2 205.251.232.39 (205.251.232.39) 0.745 ms 0.911 ms 0.829 ms
3 205.251.232.210 (205.251.232.210) 0.961 ms 0.920 ms 1.040 ms
4 205.251.232.76 (205.251.232.76) 13.094 ms 6.646 ms 13.548 ms
5 205.251.225.165 (205.251.225.165) 13.184 ms 13.072 ms 13.171 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 12.987 ms 13.184 ms 12.984 ms
7 xe-10-0-0.sea23.ip4.tinet.net (89.149.184.166) 13.138 ms 13.511 ms 13.302 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 35.566 ms 34.949 ms 34.722 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 157.316 ms 157.651 ms 157.440 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 156.982 ms 157.080 ms 157.219 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 156.987 ms 156.902 ms 156.940 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 157.036 ms 157.194 ms 157.005 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 156.980 ms 156.773 ms 156.799 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 157.338 ms 157.293 ms 157.057 ms
15 ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 156.992 ms 157.235 ms ae-4-4.ebr1.NewYork1.Level3.net (4.69.141.17) 157.266 ms
16 ae-44-44.ebr2.London1.Level3.net (4.69.137.77) 156.919 ms 156.874 ms 156.855 ms
17 ae-59-224.csw2.London1.Level3.net (4.69.153.142) 157.433 ms 157.444 ms 157.500 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 191.268 ms 190.619 ms 169.979 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 162.101 ms 161.691 ms 162.178 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 146.028 ms 145.981 ms 146.013 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 154.785 ms 154.442 ms 154.747 ms
22 84-51-xx-xx.xxxxx850.adsl.metronet.co.uk (84.51.xx.xx) 170.010 ms !X * *
SUCCESS
This is also confirmed by the nmap results
From looking at these results it implies that there is some sort of filtering being applied at link-a-central10.ptn-ag01.plus.net. Has anyone else experienced this?
I tried to raise this with technical support; however, I received the following response.
---------
Dear Adam,
Thank you for getting back in touch, regarding your query in to port blocking.
I would like to begin by assuring you that we are not blocking any ports on the network as this does not benefit us in any way.
Please allow this to put your mind at rest, as I am part of the second line support team and can confirm that the information supplied so far is correct. Also that any kind of networking issues, Port forwarding, VPN etc are not supported by the teams working these tickets.
I do not wish to waste your time any further on this matter and ask that you direct any further support requirements to the Community pages or a 3rd party support team.
---------
Although this is affecting my VPN setup, I think this is more of a networking issue. Grateful for any assistance you might be able to offer.
Many thanks,
Adam
I have been trying for some time to setup a VPN between two SonicWalls. However, there appear to be issues with specific ports traversing the Metronet/Plusnet network.
Initially I thought this might have been a problem with the Vigor2710 ADSL router catching and blocking the VPN traffic. To test I configured a DMZ ip address on the router and pointed this to a laptop running wireshark. I then purchased an Amazon EC2 VPS instance and ran nmap against a variety of ports.
TCP ports 80 and 443 did not reach the promiscuous laptop, neither did UDP port 500. What was interesting is that TCP 3389 and UDP 4500 did.
I figured that without much debugging output on the router, it could still be responsible for blocking this traffic. So, I swapped it with a Cisco 877 router and configured the following basic access lists and NAT rules:
ip nat inside source list acl-NAT interface Dialer0 overload
ip nat inside source static tcp 192.168.15.254 443 interface Dialer0 80
ip nat inside source static tcp 192.168.15.254 443 interface Dialer0 443
ip nat inside source static tcp 192.168.15.254 443 interface Dialer0 3389
ip nat inside source static udp 192.168.15.254 500 interface Dialer0 500
ip nat inside source static udp 192.168.15.254 500 interface Dialer0 4500
ip access-list standard acl-NAT
permit 192.168.0.0 0.0.255.255
ip access-list extended atm-in
remark - Access Rule - ATM IN - From WAN to LAN
permit tcp any eq www any
permit tcp any eq 443 any
permit tcp any eq 3389 any
permit udp any eq 500 any
permit udp any eq 4500 any
permit udp any eq bootps host 255.255.255.255 eq bootpc log
deny icmp any any fragments log
deny icmp any any time-exceeded log
deny icmp any any host-unreachable log
permit icmp any any echo-reply log
permit icmp any any packet-too-big log
deny icmp any any log
permit udp any eq domain any
permit udp any eq ntp any
evaluate tcptraffic
deny tcp any any log
deny udp any any log
deny ip any any log
ip access-list extended atm-out
remark - Access Rule - ATM OUT - From LAN to WAN
permit tcp any any eq www reflect tcptraffic timeout 30
permit tcp any any eq 443 reflect tcptraffic timeout 30
permit tcp any any eq ftp reflect tcptraffic timeout 30
permit tcp any any eq 22 reflect tcptraffic timeout 30
permit tcp any any eq 587 reflect tcptraffic timeout 30
permit tcp any any eq 873 reflect tcptraffic timeout 30
permit tcp any any eq 993 reflect tcptraffic timeout 30
permit tcp any any eq 3389 reflect tcptraffic timeout 30
permit udp any any eq ntp
permit udp any any eq domain
permit udp any any eq 500
permit udp any any eq 4500
deny tcp any any log
deny udp any any log
Looking at the nat translations I can see outbound traffic hitting these rules and I can browse the internet without issue. From my amazon instance I ran a number of traceroute commands, which gave the following outputs:
[root@ip-172-31-xx ~]# traceroute -T -p 443 84.51.xx.xx
traceroute to 84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 0.728 ms 0.730 ms 0.560 ms
2 205.251.232.39 (205.251.232.39) 6.239 ms 205.251.232.223 (205.251.232.223) 6.255 ms 205.251.232.39 (205.251.232.39) 6.030 ms
3 205.251.232.216 (205.251.232.216) 0.707 ms 205.251.232.204 (205.251.232.204) 0.937 ms 205.251.232.210 (205.251.232.210) 1.187 ms
4 205.251.232.76 (205.251.232.76) 6.409 ms 13.145 ms 205.251.232.75 (205.251.232.75) 6.748 ms
5 205.251.225.161 (205.251.225.161) 13.135 ms 205.251.225.167 (205.251.225.167) 6.441 ms 205.251.225.161 (205.251.225.161) 13.011 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 13.244 ms 13.353 ms 13.312 ms
7 xe-10-0-0.sea23.ip4.tinet.net (89.149.184.166) 13.210 ms xe-11-0-2.sea23.ip4.tinet.net (89.149.184.142) 13.220 ms xe-11-0-1.sea23.ip4.tinet.net (89.149.184.110) 6.402 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 27.569 ms 27.440 ms 27.519 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 158.518 ms 157.527 ms 157.539 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 158.006 ms 157.842 ms 157.079 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 157.347 ms 156.521 ms 157.640 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 156.555 ms 156.276 ms 157.615 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 157.342 ms 157.822 ms 158.504 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 157.336 ms 158.110 ms 157.975 ms
15 ae-46-46.ebr1.NewYork1.Level3.net (4.69.201.41) 157.087 ms ae-4-4.ebr1.NewYork1.Level3.net (4.69.141.17) 157.901 ms ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 159.006 ms
16 ae-41-41.ebr2.London1.Level3.net (4.69.137.65) 157.843 ms ae-42-42.ebr2.London1.Level3.net (4.69.137.69) 156.847 ms ae-41-41.ebr2.London1.Level3.net (4.69.137.65) 156.652 ms
17 ae-57-222.csw2.London1.Level3.net (4.69.153.134) 157.558 ms ae-59-224.csw2.London1.Level3.net (4.69.153.142) 158.263 ms ae-56-221.csw2.London1.Level3.net (4.69.153.130) 157.196 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 159.407 ms 158.417 ms 164.057 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 154.204 ms 145.276 ms 156.536 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 144.579 ms 144.770 ms 145.364 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 152.032 ms 145.442 ms 152.065 ms
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
FAIL
[root@ip-172-31-** ~]# traceroute -T -p 22 84.51.xx.xx
traceroute to 84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 0.589 ms 0.778 ms 0.747 ms
2 205.251.232.39 (205.251.232.39) 1.195 ms 5.508 ms 1.017 ms
3 205.251.232.216 (205.251.232.216) 1.949 ms 205.251.232.204 (205.251.232.204) 1.811 ms 205.251.232.210 (205.251.232.210) 40.231 ms
4 205.251.232.78 (205.251.232.78) 6.602 ms 205.251.232.76 (205.251.232.76) 6.650 ms 205.251.232.75 (205.251.232.75) 29.499 ms
5 205.251.225.167 (205.251.225.167) 6.526 ms 205.251.225.165 (205.251.225.165) 13.039 ms 13.241 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 13.389 ms 13.275 ms 13.222 ms
7 xe-11-0-0.sea23.ip4.tinet.net (89.149.184.190) 6.543 ms xe-11-0-1.sea23.ip4.tinet.net (89.149.184.110) 6.581 ms xe-11-0-2.sea23.ip4.tinet.net (89.149.184.142) 13.310 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 27.492 ms 27.447 ms 27.214 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 157.605 ms 157.587 ms 157.560 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 157.883 ms 157.128 ms 157.529 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 157.216 ms 156.817 ms 157.549 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 156.011 ms 157.091 ms 156.713 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 156.484 ms 156.898 ms 157.047 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 157.532 ms 157.107 ms 156.964 ms
15 ae-46-46.ebr1.NewYork1.Level3.net (4.69.201.41) 157.661 ms 156.379 ms ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 157.849 ms
16 ae-43-43.ebr2.London1.Level3.net (4.69.137.73) 157.043 ms ae-41-41.ebr2.London1.Level3.net (4.69.137.65) 158.523 ms ae-44-44.ebr2.London1.Level3.net (4.69.137.77) 156.803 ms
17 ae-57-222.csw2.London1.Level3.net (4.69.153.134) 157.470 ms 157.189 ms ae-56-221.csw2.London1.Level3.net (4.69.153.130) 156.890 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 157.061 ms 156.503 ms 157.313 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 147.586 ms 162.177 ms 144.025 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 144.162 ms 143.914 ms 145.144 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 311.703 ms 325.580 ms 401.343 ms
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
FAIL
[root@ip-172-31-xx ~]# traceroute -T -p 3389 84.51.xx.xx
traceroute to 84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 1.000 ms 0.850 ms 0.738 ms
2 205.251.232.223 (205.251.232.223) 0.751 ms 0.973 ms 0.778 ms
3 205.251.232.210 (205.251.232.210) 1.121 ms 205.251.232.198 (205.251.232.198) 3.147 ms 205.251.232.216 (205.251.232.216) 1.284 ms
4 205.251.232.73 (205.251.232.73) 13.227 ms 205.251.232.78 (205.251.232.78) 13.387 ms 205.251.232.75 (205.251.232.75) 13.239 ms
5 205.251.225.161 (205.251.225.161) 13.052 ms 12.948 ms 205.251.225.163 (205.251.225.163) 13.185 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 31.507 ms 13.303 ms 13.315 ms
7 xe-10-0-0.sea23.ip4.tinet.net (89.149.184.166) 13.197 ms xe-11-0-2.sea23.ip4.tinet.net (89.149.184.142) 13.287 ms xe-11-0-1.sea23.ip4.tinet.net (89.149.184.110) 6.702 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 27.499 ms 27.544 ms 27.420 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 157.515 ms 157.657 ms 157.282 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 157.209 ms 157.561 ms 157.143 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 157.330 ms 155.939 ms 155.952 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 158.073 ms 171.580 ms 157.579 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 156.406 ms 157.249 ms 157.545 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 156.446 ms 157.868 ms 157.012 ms
15 ae-48-48.ebr1.NewYork1.Level3.net (4.69.201.49) 157.749 ms ae-46-46.ebr1.NewYork1.Level3.net (4.69.201.41) 156.856 ms ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 157.637 ms
16 ae-44-44.ebr2.London1.Level3.net (4.69.137.77) 157.522 ms 157.310 ms ae-42-42.ebr2.London1.Level3.net (4.69.137.69) 156.141 ms
17 ae-56-221.csw2.London1.Level3.net (4.69.153.130) 157.947 ms ae-58-223.csw2.London1.Level3.net (4.69.153.138) 165.049 ms ae-57-222.csw2.London1.Level3.net (4.69.153.134) 164.496 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 195.437 ms 195.440 ms 195.054 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 148.364 ms 150.752 ms 154.817 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 144.893 ms 144.113 ms 145.191 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 149.224 ms 169.848 ms 157.888 ms
22 84.51.xx.xx.xxxxx850.adsl.metronet.co.uk (84.51.xx.xx) 170.008 ms 172.847 ms 170.069 ms
SUCCESS
[root@ip-172-31-xx ~]# traceroute -U 84.51.xx.xx
traceroute to 84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 0.824 ms 0.687 ms 0.793 ms
2 205.251.232.39 (205.251.232.39) 0.843 ms 0.736 ms 205.251.232.223 (205.251.232.223) 0.816 ms
3 205.251.232.210 (205.251.232.210) 0.762 ms 205.251.232.216 (205.251.232.216) 0.896 ms 205.251.232.198 (205.251.232.198) 0.945 ms
4 205.251.232.73 (205.251.232.73) 13.250 ms 205.251.232.76 (205.251.232.76) 13.477 ms 205.251.232.73 (205.251.232.73) 6.669 ms
5 205.251.225.161 (205.251.225.161) 12.985 ms 205.251.225.163 (205.251.225.163) 13.115 ms 205.251.225.165 (205.251.225.165) 13.091 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 13.263 ms 13.286 ms 13.184 ms
7 xe-10-0-0.sea23.ip4.tinet.net (89.149.184.166) 13.395 ms xe-11-0-2.sea23.ip4.tinet.net (89.149.184.142) 13.232 ms xe-11-0-1.sea23.ip4.tinet.net (89.149.184.110) 6.337 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 27.257 ms 27.426 ms 27.335 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 157.328 ms 157.531 ms 157.432 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 157.634 ms 157.278 ms 157.481 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 157.445 ms 158.896 ms 156.700 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 157.548 ms 158.489 ms 157.567 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 157.040 ms 163.615 ms 156.230 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 157.045 ms 157.770 ms 157.128 ms
15 ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 157.255 ms 156.907 ms ae-46-46.ebr1.NewYork1.Level3.net (4.69.201.41) 157.861 ms
16 ae-42-42.ebr2.London1.Level3.net (4.69.137.69) 157.033 ms 157.557 ms ae-43-43.ebr2.London1.Level3.net (4.69.137.73) 157.383 ms
17 ae-57-222.csw2.London1.Level3.net (4.69.153.134) 157.174 ms ae-59-224.csw2.London1.Level3.net (4.69.153.142) 158.480 ms ae-58-223.csw2.London1.Level3.net (4.69.153.138) 157.297 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 223.244 ms 222.380 ms 211.209 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 150.541 ms 151.417 ms 150.911 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 152.123 ms 152.046 ms 151.246 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 176.127 ms 176.710 ms 175.574 ms
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
FAIL
[root@ip-172-31-xx ~]# traceroute -I 84.51.xx.xx
traceroute to84.51.xx.xx (84.51.xx.xx), 30 hops max, 60 byte packets
1 ec2-50-112-0-198.us-west-2.compute.amazonaws.com (50.112.0.198) 0.764 ms 0.849 ms 0.776 ms
2 205.251.232.39 (205.251.232.39) 0.745 ms 0.911 ms 0.829 ms
3 205.251.232.210 (205.251.232.210) 0.961 ms 0.920 ms 1.040 ms
4 205.251.232.76 (205.251.232.76) 13.094 ms 6.646 ms 13.548 ms
5 205.251.225.165 (205.251.225.165) 13.184 ms 13.072 ms 13.171 ms
6 ae0-3.sea22.ip4.tinet.net (77.67.68.161) 12.987 ms 13.184 ms 12.984 ms
7 xe-10-0-0.sea23.ip4.tinet.net (89.149.184.166) 13.138 ms 13.511 ms 13.302 ms
8 as3356.sea21.ip4.tinet.net (199.229.231.186) 35.566 ms 34.949 ms 34.722 ms
9 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 157.316 ms 157.651 ms 157.440 ms
10 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 156.982 ms 157.080 ms 157.219 ms
11 ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62) 156.987 ms 156.902 ms 156.940 ms
12 ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 157.036 ms 157.194 ms 157.005 ms
13 ae-2-2.ebr2.NewYork2.Level3.net (4.69.132.66) 156.980 ms 156.773 ms 156.799 ms
14 ae-1-100.ebr1.NewYork2.Level3.net (4.69.135.253) 157.338 ms 157.293 ms 157.057 ms
15 ae-47-47.ebr1.NewYork1.Level3.net (4.69.201.45) 156.992 ms 157.235 ms ae-4-4.ebr1.NewYork1.Level3.net (4.69.141.17) 157.266 ms
16 ae-44-44.ebr2.London1.Level3.net (4.69.137.77) 156.919 ms 156.874 ms 156.855 ms
17 ae-59-224.csw2.London1.Level3.net (4.69.153.142) 157.433 ms 157.444 ms 157.500 ms
18 ae-25-52.car5.London1.Level3.net (4.69.139.102) 191.268 ms 190.619 ms 169.979 ms
19 PLUSNET-TEC.car5.London1.Level3.net (217.163.45.250) 162.101 ms 161.691 ms 162.178 ms
20 te8-1.ptn-gw01.plus.net (212.159.0.105) 146.028 ms 145.981 ms 146.013 ms
21 link-a-central10.ptn-ag01.plus.net (212.159.2.129) 154.785 ms 154.442 ms 154.747 ms
22 84-51-xx-xx.xxxxx850.adsl.metronet.co.uk (84.51.xx.xx) 170.010 ms !X * *
SUCCESS
This is also confirmed by the nmap results
From looking at these results it implies that there is some sort of filtering being applied at link-a-central10.ptn-ag01.plus.net. Has anyone else experienced this?
I tried to raise this with technical support; however, I received the following response.
---------
Dear Adam,
Thank you for getting back in touch, regarding your query in to port blocking.
I would like to begin by assuring you that we are not blocking any ports on the network as this does not benefit us in any way.
Please allow this to put your mind at rest, as I am part of the second line support team and can confirm that the information supplied so far is correct. Also that any kind of networking issues, Port forwarding, VPN etc are not supported by the teams working these tickets.
I do not wish to waste your time any further on this matter and ask that you direct any further support requirements to the Community pages or a 3rd party support team.
---------
Although this is affecting my VPN setup, I think this is more of a networking issue. Grateful for any assistance you might be able to offer.
Many thanks,
Adam
Message 1 of 4
(965 Views)
3 REPLIES 3
Re: Remote Connectivity
09-03-2014 3:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The Plusnet firewall is set to 'Off' or 'Low' I assume?
https://portal.plus.net/my.html?action=firewall
https://portal.plus.net/my.html?action=firewall
Message 2 of 4
(451 Views)
Re: Remote Connectivity
09-03-2014 3:46 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
EDIT: Apologies, it turns out there is a firewall in the Metronet Portal; however, when you browse to the firewall page, reauth.php is called and its not possible to select 'turn off'. I've raised this with support so hopefully it will be resolved soon. Thanks for your help.
---------
I don't have a Plusnet portal only a Metronet one as they were bought out by Plusnet. In there I don't have the option to configure a firewall...
---------
I don't have a Plusnet portal only a Metronet one as they were bought out by Plusnet. In there I don't have the option to configure a firewall...
Message 3 of 4
(451 Views)
Re: Remote Connectivity
10-03-2014 10:04 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Do you have the ticket reference so we can take a look at that for you?
Message 4 of 4
(451 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page