For the past few days I have not been able to connect to my website from inside of my domain(I am running in an AD DS environment). I can connect to every other website except my own. Outside of my domain I have no problem(e.g. the denny's down the street, neighbors house, etc.) I've tried everything I can think of. I looked through DNS and found that it is configured correctly. I looked at my router (cisco router running IOS 12.4) and it is set up correctly. I checked the DSM(firewall and ACL) and routeing tables and everything is as it should be; not blocking any connections and forwarding all alien requests to 0.0.0.0. Also, while I can't ping my website from inside my network I can ping it from the router. One thing I noticed is that when I ran an nmap scan and trace route my request would hop from my computer to the router to the WAN(on my end) and stop, I have no network devices in between my router and my ISP(I have called them and they say that my connection is fine; same with my webhost). Any ideas towards a solution would be greatly appreciated.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Can't connect to external website from inside my network.
- Thread starter Lain542
- Start date
timberdoodle
Gawd
- Joined
- Sep 22, 2008
- Messages
- 878
Are your website and domain the same name? Do you have a WWW record? What is your router using for DNS as opposed to your clients.
My website and ADDS domain don't have the same name. My router is using the ISP's DNS servers and my clients are using a windows DNS server. I do have a WWW record(I think, its the one in the lookup zones right?)
If the webserver is behind the same firewall/router as your device that's browsing the site, its definitely a NAT issue.
Currently you send a request to your servers public ip the server sees it as coming from your devices private ip so it sends the packets back to that. The device sees the response as coming from a private ip and says wtf, I made the request to x.x.x.x but y.y.y.y replied. I'm dropping you.
You need to make it seem as the packets are coming from the same public ip that you sent the request to.
I have this exact same setup at home.
Currently you send a request to your servers public ip the server sees it as coming from your devices private ip so it sends the packets back to that. The device sees the response as coming from a private ip and says wtf, I made the request to x.x.x.x but y.y.y.y replied. I'm dropping you.
You need to make it seem as the packets are coming from the same public ip that you sent the request to.
I have this exact same setup at home.
The webserver is hosted outside of my network.
Netwerkz101
Gawd
- Joined
- Jul 11, 2010
- Messages
- 661
Have you tried just using your web site ip address instead of the name?
I don't have another router, and I don't think it is mis-configured. Every other website is directed correctly and I can ping my website from my router(with user level 15).
I did try using the IP address and found that the website cannot be reached from IP. Apparently my website is hosted virtually. I have no idea what this means routing wise.
timberdoodle
Gawd
- Joined
- Sep 22, 2008
- Messages
- 878
We are having a hard time helping you because what you are describing makes little sense. I'm not saying there isn't a problem, but if your website is accessible from anywhere in the world except your office, there is something very weird going on. Is it possible you have a VPN to this hosted resource? How do you access your website to make modifications? Is it possible your website is not located on port 80 and possibly blocked by your outbound firewall rules?
I know its really hard to understand and I'm trying the best I can to describe what I know. We have no VPN implementation. We have no firewall rules that would block this traffic(I've even turned off the firewall). To make modifications I think we just use the onboard service provided with our webhoster. If its any help we use bravenet to host our website.
Netwerkz101
Gawd
- Joined
- Jul 11, 2010
- Messages
- 661
Your request are either being denied or simply dropped.
What error messages are you seeing when you try to connect?
There is a misconfiguration or an unknown (to you) configuration on your local network or
the web site you are trying to access from your network.
IIS IP/Domain name restrictions been checked on the other end?
What error messages are you seeing when you try to connect?
There is a misconfiguration or an unknown (to you) configuration on your local network or
the web site you are trying to access from your network.
IIS IP/Domain name restrictions been checked on the other end?
timberdoodle
Gawd
- Joined
- Sep 22, 2008
- Messages
- 878
I'm intrigued. Can you PM me the website?
I had trouble with getting my IPv4 set up that way. Think I should try that again?
timberdoodle
Gawd
- Joined
- Sep 22, 2008
- Messages
- 878
What if you just change the DNS on your laptop to 8.8.8.8 or 4.2.2.2 - thinking your router uses an external DNS and your computers get one from the DHCP server or something.
I have run wireshark but I couldn't find anything; I'll run another one and post it.
We've tried that; same scenario, any other website but my own.
timberdoodle
Gawd
- Joined
- Sep 22, 2008
- Messages
- 878
What if you do a route print on your computer and the dns server. What are you getting for destination 0.0.0.0? The gateway address should be the IP of the router. If it is using 0.0.0.0 you are probably having recursive query problems, although changing your DNS to a public IP on your laptop would have resolved that for you.
Can you pathping bravenet.com -n and get out past your router?
Can you pathping bravenet.com -n and get out past your router?
Last edited:
It actually sounds like the firewall on the web server (are you running cpanel?) is dropping packets from just your office ip address. Did someone add a hosts allow entry for tcp 80 from your office ip and accidentally click deny instead? That's what it sounds like.
I did do a tracert and nmap scan. Both returned saying that the request stops at the WAN on the other end of my router.
tracert isn't relevant (for now) since we're not trying to debug that issue 
Start with the basics:
1. nslookup or dig www.yoursite.com
Does it return the expected address? If so, goto 2, If not, resolve the DNS issue.
2. telnet www.yoursite.com 80
Do you get a blinking cursor? (in windows. In linux you get "connected to") if so, do: GET / and see if any data returns.
Does it just hang? If it hangs, there's a firewall blocking the request. See if the telnet in your router supports passing the port as an argument and if you can choose the interface. If it does, telnet www.yoursite.com 80 (or ip, it doesn't matter, we just care if we can make an outbound tcp 80 connection to your web host) again and choose the WAN interface.
Start with the basics:
1. nslookup or dig www.yoursite.com
Does it return the expected address? If so, goto 2, If not, resolve the DNS issue.
2. telnet www.yoursite.com 80
Do you get a blinking cursor? (in windows. In linux you get "connected to") if so, do: GET / and see if any data returns.
Does it just hang? If it hangs, there's a firewall blocking the request. See if the telnet in your router supports passing the port as an argument and if you can choose the interface. If it does, telnet www.yoursite.com 80 (or ip, it doesn't matter, we just care if we can make an outbound tcp 80 connection to your web host) again and choose the WAN interface.