cancel
Showing results for 
Search instead for 
Did you mean: 

Inadequate Support

Phaeton
Grafter
Posts: 75
Thanks: 5
Registered: 26-06-2007

Inadequate Support

This is my question to support.
Having problems accessing services running at home using both http & ssh all these were working & have been for months & have just suddenly stopped but only from a single IP 188.39.51.2.
If I use my mobile on 3G the services work, if I go to my fathers house on talk talk the services work, if I go to my daughters on Plusnet the services work. But whenever i try to access from 188.39.51.2 I get no access to the services.
I'm loathe to switch off the firewall on the account as the services are working from the other locations, the services are run on several machines behind the router so it is unlikely there is anything on the machines that are blocking them. Is there any firewall IP blocking in the TGN router? It has been restarted several times & the issue still remains.
dhcp-150:~ alansmith$ traceroute xxx.xxx.xxx.xxx
traceroute to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx), 64 hops max, 52 byte packets
1 10.15.20.254 (10.15.20.254) 1.439 ms 1.241 ms 0.971 ms
2 gi0-1.xxxxxx.router.enta.net (xxx.xxx.xxx.xxx) 2.122 ms 1.637 ms 1.583 ms
3 gi1-47.sheffield.core.enta.net (188.39.50.45) 1.893 ms 2.037 ms 1.859 ms
4 te4-4.nottingham.core.enta.net (188.39.127.52) 3.271 ms 3.212 ms 3.850 ms
5 te5-4.telehouse-east2.core.enta.net (188.39.127.57) 6.801 ms 6.772 ms 7.383 ms
6 te0-0-0-1.telehouse-east3.core.enta.net (188.39.127.14Cool 6.945 ms 6.846 ms 6.835 ms
7 linx-gw1.plus.net (195.66.224.164) 6.325 ms 6.956 ms 6.507 ms
8 irb.10.central10.ptn-bng01.plus.net (84.93.249.4) 7.247 ms 6.807 ms 6.829 ms
9 * * *
10 * * *.
.
63 * * *
64 * * *
This is the reply after 30 hours,
"Thank you for getting in touch with us regarding your connection issue. As you have an advanced setup there is nothing we can do to assist you with this as we do not have the expertise in these areas. I am afraid you will need to investigate this yourself to find out what is causing the blockage. I would suggest searching on google for information on this, if it is the router blocking it there are ways to override the security settings (Telnet) though this is not something we recommend."
Sorry but even a complete novice like me can see that the issue is on Plusnet's network & the trace is not getting any further than irb.10.central10.ptn-bng01.plus.net (84.93.249.4) & not getting rejected by my router, that really is a pathetic answer.
7 REPLIES
Andrue
Pro
Posts: 775
Thanks: 90
Fixes: 1
Registered: 12-01-2015

Re: Inadequate Support

I think their response is quite reasonable. You are asking for assistance that lies outside the realm of a typical domestic ISP. If you want that kind of support I think you really need to look to a niche provider rather than a cheap, mainstream provider.
But speaking from my experience I would have disabled my security systems before I even thought of talking to my ISP.
Quote
it is unlikely there is anything on the machines that are blocking them.

And my experience also makes me highly suspicious when someone diagnosing a problem uses phrases like 'it is unlikely'. I run my own mail and ftp server and I've been in similar situations to you. On each and every occasion the issue was something on my end. From memory:
a) On one occasion I updated my email server and the Windows firewall started blocking packets because it detected that the executable had changed and wouldn't apply the existing rules.
b) On another occasion my router stopped forwarding WAN IP packets for no obvious reasons.
c) Sometimes loopback stops working.
I'm trying to make the point that after being involved with computers for over a quarter of a century as a programmer and occasionally IT support I have learnt to never, ever assume anything. And the one thing you are damn sure couldn't possibly be the cause and that any fool would know is not worth investigating...
...is often the cause of the problem.  Wink
Actually (c) could be the cause of your problem if 188.39.51.2 is your WAN address (ie; the address Plusnet have assigned to you. I've had some weird and wacky oddities over the years trying to access services using my external IP address. The other day I noticed that when my desktop machine has a VPN connection to work if I try to access my webmail I get my router interface instead.
I suppose question number one though is: are you aware of anything that has changed recently? Your post implies you think that the router might be the cause. Is it a new router?
Community Veteran
Posts: 1,412
Thanks: 4
Registered: 29-01-2009

Re: Inadequate Support

This doesn't necessarily fix your problem, but it points out you might be relying on traceroute in the wrong way.
Quote from: Phaeton
Sorry but even a complete novice like me can see that the issue is on Plusnet's network & the trace is not getting any further than irb.10.central10.ptn-bng01.plus.net (84.93.249.4) & not getting rejected by my router, that really is a pathetic answer.

A traceroute going no further than this router is not necessarily an indication that any other service stops in the same location; it can depend on the way your particular "traceroute" command works - not all use ICMP ECHOs.
If I perform a plain traceroute from one of my Linux servers out in the cloud, back to my PN IP address, it behaves pretty much the same (there's obviously alternate routes from the Linx gateway)
[tt][xxxx@mail ~]$ traceroute 212.159.xxx.xx
traceroute to 212.159.78.84 (212.159.xxx.xx), 30 hops max, 60 byte packets
1  185.17.xxx.xxx (185.17.xxx.xxx)  0.546 ms  0.730 ms  0.946 ms
2  ae2-as0.rdg.as29550.net (91.186.17.90)  0.849 ms  1.068 ms  1.054 ms
3  xe-0-0-0-cr0.rdg.as29550.net (91.186.5.233)  0.239 ms  0.439 ms  0.422 ms
4  ae1-cr0.the.as29550.net (91.186.5.249)  1.400 ms  1.617 ms  1.600 ms
5  linx-gw1.plus.net (195.66.224.164)  1.485 ms  10.043 ms  2.349 ms
6  ae1.pcl-cr01.plus.net (195.166.129.1)  1.899 ms  2.498 ms  2.474 ms
7  irb.10.central10.pcl-bng02.plus.net (84.93.249.84)  2.704 ms  2.913 ms  2.873 ms
8  * * irb.10.central10.pcl-bng02.plus.net (84.93.249.84)  2.792 ms
9  * * *
10  * * *
[/tt]
If, however, I perform a traceroute using ICMP ECHO (adding the -I option, which means I have to be root), it makes it into my router
[tt]
[root@mail ~]# traceroute -I 212.159.xx.xxx
traceroute to 212.159.xx.xxx (212.159.xx.xxx), 30 hops max, 60 byte packets
1  185.17.xxx.xxx (185.17.xxx.xxx)  0.581 ms  0.808 ms  1.051 ms
2  ae2-as0.rdg.as29550.net (91.186.17.90)  0.771 ms  1.012 ms  1.016 ms
3  xe-0-0-0-cr0.rdg.as29550.net (91.186.5.233)  25.856 ms  26.087 ms  26.086 ms
4  ae1-cr0.the.as29550.net (91.186.5.249)  1.377 ms  1.632 ms  1.630 ms
5  linx-gw1.plus.net (195.66.224.164)  1.473 ms  1.473 ms  1.696 ms
6  ae1.pcl-cr01.plus.net (195.166.129.1)  2.648 ms  1.889 ms  2.672 ms
7  ae2.pcl-cr02.plus.net (195.166.129.7)  23.835 ms  24.056 ms  24.044 ms
8  irb.10.central10.pcl-bng02.plus.net (84.93.249.84)  2.781 ms  2.761 ms  2.954 ms
9  xxxx.plus.com (212.159.xx.xxx)  26.430 ms  27.806 ms  28.666 ms
[/tt]
In addition, a plain ping makes it into my router every second, as my TBB BQM keeps working:
Plusnet Customer
Using FTTC since 2011. Currently on 80/20 Unlimited Fibre Extra.
Phaeton
Grafter
Posts: 75
Thanks: 5
Registered: 26-06-2007

Re: Inadequate Support

Quote from: Andrue
I think their response is quite reasonable. You are asking for assistance that lies outside the realm of a typical domestic ISP. If you want that kind of support I think you really need to look to a niche provider rather than a cheap, mainstream provider.
I suppose question number one though is: are you aware of anything that has changed recently? Your post implies you think that the router might be the cause. Is it a new router?

I clearly disagree, I don't see this as anything special that any ordinary person would be running, it's only a NAS box (HTTP & SSH) & a CCTV system I'm not sure why I would want a niche provider to be able to do this. I've been with Plusnet since before it was Plusnet & having actually worked as a contractor for them I know there are some very clever people working there. This I believe was just a very glib answer from a support person who couldn't be bothered.
But back to your questions, I have not knowingly changed anything (I have to say that otherwise if I knew I had I would revert it), the router other than having to be rebooted occasionally has not been touched recently (router supplied by Plusnet). The systems behind the router can be accessed from 3 other locations (that I know of) so my maybe flawed logic is that the port forwarding etc. is working it's just not when I try to access via the work IP (not Plusnet supplied). The services were working & have been for the 3+ years without issue until the last couple of weeks,

Quote from: WWWombat
This doesn't necessarily fix your problem, but it points out you might be relying on traceroute in the wrong way.

Thanks I tried that & got exactly the same result as before.
I think the way forward is to factory reset the TGN router but I cannot see anywhere on there to block IP's
Godsbrother
Newbie
Posts: 5
Registered: 03-02-2015

Re: Inadequate Support

Could you not rule the router out by disconnecting it and just plugging the nas directly into the modem? Little difficult to test anything else but the NAS wouldn't then be being blocked by any nat issue or IP block on the router (this is what it sound like to me).
Alternatively does the router have the option to log the firewall hits to syslog? If so set your nas up as a syslog server and trawl through the logs for anything useful.... could take a while!
The fact that other IP's can access your devices behind your router would suggest any firewall rule forwarding ports is working. The only caveat to that is if you have source IP's setup if so just make the rule any source IP to port instead.
hope something there helps a bit Smiley
pwatson
Rising Star
Posts: 2,468
Thanks: 8
Fixes: 1
Registered: 26-11-2012

Re: Inadequate Support

It seems to me that your logic is flawed. You can access the services from multiple locations so the assumption (until proved otherwise) is that your local setup and your PN connection are fine.
Why aren't you targeting your work connection as the next step in your diagnosis? Have firewall rules changed there? Can you ssh from work to other servers?
I also agree that PN are correct that this is outside the realms of normal support. If you can explicitly prove that they are at fault I'm sure they will look further but you need to do the basics first...
Highlighted
sjptd
Grafter
Posts: 477
Thanks: 2
Registered: 01-09-2014

Re: Inadequate Support

it's just not when I try to access via the work IP (not Plusnet supplied)  Is that the 'single IP 188.39.51.2' you mention in your first post.  A likely reason for your problem is that your work has tightened its security and limited access to some external sites.  For example, it is quite possible that a range of PluNet IP addresses is on a blacklist somewhere; maybe for a good reason or maybe for a bad one.
Could you not rule the router out by disconnecting it and just plugging the nas directly into the modem? I am afraid that won't work unless the NAS is quite advanced and can do the PPPoE login that would normally be done by the router.
Maybe PlusNet support were wrong to call your setup 'advanced', but they are not responsible for anything that happens behind your router even though they often help in simple cases.  If it is a blacklist somewhere they may be able to help; the difficulty will be for anyone to find out where.  And it may well be that even if your work is not intentionally blocking your access to your home site that they are not going to be very helpful in getting the issue sorted.
Phaeton
Grafter
Posts: 75
Thanks: 5
Registered: 26-06-2007

Re: Inadequate Support

Okay plenty to think about there, I've also now tried to access the system from several VPS's in several countries outside of the works network & they are also not getting through, both http & ssh. So I think the logical thing is to factory reset the router, enable the syslog to see what is happening, clearly my view of customer support differs from other peoples, but maybe I have higher expectations.