Not able to access MRC from home since the outage

Por karloch

Prophet (2059)

Imagen del karloch

14-02-2016, 20:32

Hi *.*,

I'm writing this just because this weird network issue is driving me nuts. Since the MRC outage, I have not been able to access the MRC from home. As nobody else is reporting any problem, it has to be clearly something that is on my side, but it is not clear at all what could be happening. Notice msx.org is *the only* website I'm having problems accessing, but I can access msx.org properly from work or my mobiles.

First I'll tell my setup:

  • Router: Mikrotik RB951G-2HnD
  • RouterOS 6.34.1
  • Internet connection: PPPoE dial to an ONT (FTTH Movistar)
  • NAT: yes, using MASQUERADE rules from my network
  • WebProxy: no

Symptons:

  • Right after the PPPoE connection is established, I can successfully enter the website. After some minutes, it won't work anymore unless I reset the PPPoE interface.
  • It will happen in any computer or device that tries to contact the website. If I try fetching (/tool fetch) an HTML response from the Mikrotik itself, it will fail in the same way.
  • It doesn't matter if I use a web browser or try to telnet directly to the port 80 or 443. It won't be able to establish connection.
  • The rest of the internet sites work perfectly!!!

Tried:

  • Pinging the website: it always works, it looks like it is a problem with just HTTP/HTTPS
  • Changing MTU, MRU and MSS without any effect.
  • Flushing the DNS cache won't have any effect.
  • Sniffing the network will only show me how TCP packets goes outside the router, but never receive an answer.
  • There are a lot of SYN retrasmission until the client gives up.

I never had any problems before the MRC outage. In case the problem could be related to some Mikrotik nasty bug, I reported in their forums here, but no clue more than some CloudFare configuration that could be filtering me out, but if that's the idea, I wonder why it could be targeting me, I'm a good guy :)

Do the MRC crew know something that could bring this on their side? I visit the MRC daily, it's annoying if I can't do it from home.

Login sesión o register para postear comentarios

Por edoz

Prophet (2171)

Imagen del edoz

14-02-2016, 20:58

Strange. First i was thinking it was a OS problem, but that cannot be the case as you tried different machines.. But as you told even telnet is no able to do it.... Maybe some firewall is blocking your IP? Do you have a fixed IP?

Maybe you could try a traceroute and see where it stops . (if possible) Or Maybe the TTL is to long or so?

Por karloch

Prophet (2059)

Imagen del karloch

14-02-2016, 21:23

Yup, I'm really used to networks and infrastructure and this thing is one of the weirdest I have faced. I can traceroute perfectly to msx.org in 15 hops (remember ICMP echo is working, the problem is just with HTTP(S)). My home IP is dyanmic, that could be the reason why I can access MRC again as soon as I restart my router (IP changes), but after that... I get blocked in about 2-3 minutes after visiting MRC.

Por hit9918

Prophet (2866)

Imagen del hit9918

15-02-2016, 16:45

a socket connect fails? is it possible to open with the msx.org ip address instead hostname.

Por Poltergeist

Champion (272)

Imagen del Poltergeist

15-02-2016, 17:06

I would say it could be an error on MRC's side, as you are able to connect initially. Especially as routing seems to be ok, but there is no answer back through HTTPS. Are you on an IP range that might be blocked by MRC? Or has MRC a rule in place

10 if us$="karloch" then end

;-)

Por snout

Ascended (15187)

Imagen del snout

15-02-2016, 17:26

Karloch, could you contact me by email? I'm curious to see what happens server-side, because as you describe it it sounds like something is triggering our firewall. CloudFlare should not be a problem as it currently functions purely as a nameserver. If you could provide your IPv4 and/or IPv6 address I can check a thing or two.

Por Grauw

Ascended (8365)

Imagen del Grauw

15-02-2016, 18:03

Tried clearing the site cookies in your browser?

Por karloch

Prophet (2059)

Imagen del karloch

20-02-2016, 19:19

Sure snout, I'll contact you by email. It looks that way for some reason. Thanks in advance!

@Grauw: Of course, but this is happening in every single device depending on my home connection. Oh, and even telneting to port 80 or 443 won't work.

Por Grauw

Ascended (8365)

Imagen del Grauw

20-02-2016, 19:22

Could also try contacting your ISP, maybe there is a problem in their routing tables.

Por karloch

Prophet (2059)

Imagen del karloch

20-02-2016, 19:34

I think it is not probable it is a problem in my ISP routing tables, as I'm able to reach the MRC web server at the TCP level. If the routing tables were to be wrong, they are guiding my connection to a wrong server answering the wrong IP, possible but... a good combination of anomalies Smile

I'm not discarding at all that there is something nasty on my end, but it has been more than a month and I don't see anything wrong... In fact, before Christmas it was working nicely.

Por karloch

Prophet (2059)

Imagen del karloch

28-02-2016, 18:14

Somehow fixed after an upgrade of the Mikrotik's firmware. I'm glad to be back Smile

Thanks to everyone who worried about the issue.