Question

Can't connect to home servers from some networks

I can access my home servers from the Internet from most locations. My ISP is Comcast. I've come across 2 locations that I cannot connect from: Two different's homes that both happen to have Comcast as their ISP.

Fails by IP as well as hostname. The correct IP is being resolved by DNS. Ping fails. Traceroute dies after the first hop. (their routers) My router and servers are not blocking or filtering by any IP or IP ranges. (wouldn't explain the traceroute result anyway)

Testing with my laptop and phone. (Cellular data always works.) Using their wifi but connecting to my VPN provider works on both devices. (different gateway)

Thoughts?

Discussion is locked
Answer
Follow
Reply to: Can't connect to home servers from some networks
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Can't connect to home servers from some networks
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
Yes. A well known issue.

Some ISPs block inbound ports like port 80 and others. Since you are on various networks, HOME INTERNET PLANS are not a solid solution when you need to put up a server.

This riles those that want to put up a server without going to a business plan and is troublesome as you may have to find the network or ISP that is dropping the link or packets.

As to the DNS, be sure to use NSLOOKUP and in NSLOOKUP change DNS to test if the DNS is resolving or not. How to do that is on the web so I'll pause here.

- Collapse -
Thank you for your reply

Since I am able to connect to my servers and multiple services/ports (including custom port mapping for all) from every other location that I've tried so far, including other Comcast home networks, I don't believe that it's the ISP blocking ports. A good thought though, thank you.

Again, traceroute dies right after the gateway at my friend's homes... it's not going anywhere at all after trying to leave their routers.

DNS is resolving the correct IP.

- Collapse -
To simplify...

... this whole post could have simply said, "I can't ping my router from these two locations, but I can from everywhere else that I've tried over the last several years."

- Collapse -
So about ping.

It's optional traffic and dropped on some networks. There is no standard that mandates that ping packets shall pass. Good way to reduce unnecessary traffic.

- Collapse -
ICMP, yes.

I'm on Comcast. Say 10 other people I know are on Comcast. I can ping my router from 8 or them, but not the other two. Also, traceroute and every other kind of traffic fails as well from those two locations, but works on the other 8.

So, regardless of the type of traffic, there is a problem from those two locations. The only detailed clue is that traceroute dies after the first hop.

- Collapse -
Just so you know.

People are involved setting up the network gear. Techs will not get it right. Let's just say if you have the time to spend on this you are calling the network support for the locations it fails. There is no magic here except I find that changing server ports has helped from time to time.

Also, moving to a FTP server since I can move ports about to work around the ISP issues.

- Collapse -
Just a thing.

You posted a question but I'm guessing what the question is.

A lot of routers and ISP gear now turn on a firewall. This is usual non-existent on cellular connections (so far) so you get to deal with that as well.

- Collapse -
Unless it's a fluke, then there's a specific cause.

It's consistent from these two locations. Same ISP as the target node, for what it's worth.

These servers have been up and running for years, and I've accessed them from countless locations, including several different countries.

These is an issue, I suspect, with the Comcast routers at these locations. That, or with the default gateway that those routers are using.

If it were a firewall, it would have to be an outbound firewall in the source router, or an inbound firewall on that router's default gateway. Regardless, why would either be blocking an IP address belonging to the same ISP, and only from those two locations that I've found so far?

- Collapse -
I can't answer.

My view is that on a router a firewall is redundant and causes more issues than it solves. I'm running into old network folk that are just learning about this area (routers that now have firewalls.)

- Collapse -
PS. Specific causes I've run into.

1. The firewall is on in the routers.
2. The ISP is blocking, misconfigured and worthy of mention, lies about the filters they use or the bandwidth shaping (throttling) they employ.

Outside of the router config I never find this to be the fault at the server or our gear.

CNET Forums