Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[disciplefk]

Hi There,

I have a dlink DFL-700 that cannot access or ping one specific site, thomasnet.com.  All other sites I visit work fine.  If I bypass the router or use a different brand, I can access the site.  I tried disabling all global policies and and firewall rules, but still cannot ping or access site.  Any suggestions?  Other than not visiting  that site

Firmware version: 1.34.00

[Fatman]

Do you have any meaningful logs?

What type of WAN do you use?

What is your WAN MTU?

Does your Policy for outbound traffic to this site include any ALGs?

[disciplefk]

My logs have entries repeating :     [
2010-01-27 11:27:10] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=WAN srcip=*outside ips* destip=**our ip address* ipproto=UDP ipdatalen=11 srcport=26070 destport=8780 udptotlen=11

We have a static ip address and MTU is set to maximum 1500.  I disabled all our custom policies and content filtering, so none of those should be the cause.

[Fatman]

is *outside IPs* the IP that resolved for that domain name, or tied to attempts to visit that site in any way?  This is UDP traffic, so I doubt it is connected.

Do you have DSL, Cable, Telco, Satellite, or something else?  The reason I ask is because PPPoE encapsulation would make your MTU for DSL 1492 at most which has been known to cause problems like this.

[disciplefk]

No, you are correct, the outside IPs are not associated with the problem site.

We have cable here, no PPPoE.  I do have VPN IPsec tunnel MTU set lower, but that should not effect our LAN users here right?

Thanks for helping me with this.

[Fatman]

No, that shouldn't effect the LAN.

I hate to go back to square one, but if the firewall is dropping something we really should be seeing some logging of it, are we sure there is no relevant logging happening?

Can you resolve that DNS correctly from behind the DFL?

[disciplefk]

You would think it would show in the log, I cleared it and tried again, no entries.  The same error is reported over and over for other requests.  The outside ip changes, but that is all.  No entries for the problem ip.  If I ping the sitename, it resolves for the correct ip address, but times out, no response.  Again, if I remove the router and ping the site, returns same ip address and site is accessible.

[disciplefk]

I dont know if this is useful or not, but we could access the site up until about a month or two ago.  I think they have done a re-design and thats when it went bad for us.  Could be coincidence?

[Fatman]

I don't believe in coincidence, I would wish to know what they changed if I could.

[disciplefk]

I wish to =)  Unfortunately other than design, I do not know what specifically they have changed to cause this.  I do not frequent the site, and have never looked at the source until now.  I only received the complaint from the department that needs to use the site after the problem occurred.