Re: [Haifux] Router question
What do you guys think about this issue? I want to say that it's pressing, but: 1. This is the only remaining problematic protocol for me. SSH works perfectly, and git works just as well over HTTP nowadays, if I'm not mistaken. 2. It seems unnecessary, in my opinion, for this protocol to exist - it should just be done over HTTP. However, network neutrality is always important, and Bezeq International's claims of we don't block any ports become problematic (albeit technically true). Is there anything that can be done about this? On Mon, Oct 18, 2010 at 1:38 AM, Kohn Emil Dan em...@cs.technion.ac.ilwrote: Hi, I am also connected to Bezeq Beinleumi (actually 'upgraded' to it after Actcom's demise). I have tried your gpg command, and I found IMO some interesting results. Doing an nslookup on subkeys.pgp.net reveals that this host has a number of IP addresses: $ nslookup Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. subkeys.pgp.net Server: 10.71.0.138 Address:10.71.0.138#53 Non-authoritative answer: Name: subkeys.pgp.net Address: 114.31.78.196 Name: subkeys.pgp.net Address: 208.72.157.55 Name: subkeys.pgp.net Address: 195.113.19.83 Name: subkeys.pgp.net Address: 213.239.206.174 Name: subkeys.pgp.net Address: 213.239.212.133 Name: subkeys.pgp.net Address: 64.71.173.107 I tried your gpg command using the host name subkeys.pgp.net and then with each IP address instead of the host name. Using the host name subkeys.pgp.net causes the command to hang (I guess because the command tries only the first IP address). The command succeeds if using the IP addresses 208.72.157.55 and 195.113.19.83 while it fails for the rest of the addresses. For the last IP address (i.e. 64.71.173.107) causes the command to fail with No route to host, while with the rest of the problematic addresses it just hangs Regards, Emil On Sat, 16 Oct 2010, Ohad Lutzky wrote: Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
On Mon, Oct 18, 2010 at 02:23:46PM +0200, Ohad Lutzky wrote: What do you guys think about this issue? I want to say that it's pressing, but: 1. This is the only remaining problematic protocol for me. SSH works perfectly, and git works just as well over HTTP nowadays, if I'm not mistaken. 2. It seems unnecessary, in my opinion, for this protocol to exist - it should just be done over HTTP. Surely not. A different protocol makes it easy for the provider to treat this protocol differently. However, network neutrality is always important, and Bezeq International's claims of we don't block any ports become problematic (albeit technically true). Is there anything that can be done about this? At work (at the time: using a Barak business ADSL account) had to mess with the support personnel for a few days to make the git protocol work properly. Don't expect them to actually admit it. Expect those network oddities to resolve themselves. -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best tzaf...@debian.org|| friend ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
On Mon, Oct 18, 2010 at 2:36 PM, Tzafrir Cohen tzaf...@cohens.org.ilwrote: On Mon, Oct 18, 2010 at 02:23:46PM +0200, Ohad Lutzky wrote: What do you guys think about this issue? I want to say that it's pressing, but: 1. This is the only remaining problematic protocol for me. SSH works perfectly, and git works just as well over HTTP nowadays, if I'm not mistaken. 2. It seems unnecessary, in my opinion, for this protocol to exist - it should just be done over HTTP. Surely not. A different protocol makes it easy for the provider to treat this protocol differently. All the more reason to do it over HT... oh, I see what you did there. -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
Hi there, I had a similar problem a couple of months ago with Bezeqint (regarding ports of stock market trading software). Check with them that your account doesn't have any automatic Benefits from the ISP - e.g. Virus filtering or such. As soon as I asked them to remove any of those so-called benefits from my account, all the problems were gone. (My assumption was they were probably routing traffic through those nasty service providers like the Italian one you mentioned) Hope that helps, for what it's worth. Best regards, Ariel Haviv On Mon, Oct 18, 2010 at 3:03 PM, Ohad Lutzky o...@lutzky.net wrote: On Mon, Oct 18, 2010 at 2:36 PM, Tzafrir Cohen tzaf...@cohens.org.ilwrote: On Mon, Oct 18, 2010 at 02:23:46PM +0200, Ohad Lutzky wrote: What do you guys think about this issue? I want to say that it's pressing, but: 1. This is the only remaining problematic protocol for me. SSH works perfectly, and git works just as well over HTTP nowadays, if I'm not mistaken. 2. It seems unnecessary, in my opinion, for this protocol to exist - it should just be done over HTTP. Surely not. A different protocol makes it easy for the provider to treat this protocol differently. All the more reason to do it over HT... oh, I see what you did there. -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
Speaking of virus filtering they catch 2 birds in one hit. 1. They can block other things on the way with this. 2. You pay for this virus filtering. So, don't forget to reduce the price of the internet if you have this virus filtering. If you get the bezeq parrot jumping when you try to enter some sites that they consider dangerous (like warez sites or other) this parrot jumps on your screen. On Mon, Oct 18, 2010 at 3:18 PM, Ariel Haviv ariel.ha...@gmail.com wrote: Hi there, I had a similar problem a couple of months ago with Bezeqint (regarding ports of stock market trading software). Check with them that your account doesn't have any automatic Benefits from the ISP - e.g. Virus filtering or such. As soon as I asked them to remove any of those so-called benefits from my account, all the problems were gone. (My assumption was they were probably routing traffic through those nasty service providers like the Italian one you mentioned) Hope that helps, for what it's worth. Best regards, Ariel Haviv On Mon, Oct 18, 2010 at 3:03 PM, Ohad Lutzky o...@lutzky.net wrote: On Mon, Oct 18, 2010 at 2:36 PM, Tzafrir Cohen tzaf...@cohens.org.ilwrote: On Mon, Oct 18, 2010 at 02:23:46PM +0200, Ohad Lutzky wrote: What do you guys think about this issue? I want to say that it's pressing, but: 1. This is the only remaining problematic protocol for me. SSH works perfectly, and git works just as well over HTTP nowadays, if I'm not mistaken. 2. It seems unnecessary, in my opinion, for this protocol to exist - it should just be done over HTTP. Surely not. A different protocol makes it easy for the provider to treat this protocol differently. All the more reason to do it over HT... oh, I see what you did there. -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
I don't understand, does removing the virus filtering change the routing? On Mon, Oct 18, 2010 at 3:18 PM, Ariel Haviv ariel.ha...@gmail.com wrote: Hi there, I had a similar problem a couple of months ago with Bezeqint (regarding ports of stock market trading software). Check with them that your account doesn't have any automatic Benefits from the ISP - e.g. Virus filtering or such. As soon as I asked them to remove any of those so-called benefits from my account, all the problems were gone. (My assumption was they were probably routing traffic through those nasty service providers like the Italian one you mentioned) Hope that helps, for what it's worth. Best regards, Ariel Haviv On Mon, Oct 18, 2010 at 3:03 PM, Ohad Lutzky o...@lutzky.net wrote: On Mon, Oct 18, 2010 at 2:36 PM, Tzafrir Cohen tzaf...@cohens.org.ilwrote: On Mon, Oct 18, 2010 at 02:23:46PM +0200, Ohad Lutzky wrote: What do you guys think about this issue? I want to say that it's pressing, but: 1. This is the only remaining problematic protocol for me. SSH works perfectly, and git works just as well over HTTP nowadays, if I'm not mistaken. 2. It seems unnecessary, in my opinion, for this protocol to exist - it should just be done over HTTP. Surely not. A different protocol makes it easy for the provider to treat this protocol differently. All the more reason to do it over HT... oh, I see what you did there. -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
Hi, I am also connected to Bezeq Beinleumi (actually 'upgraded' to it after Actcom's demise). I have tried your gpg command, and I found IMO some interesting results. Doing an nslookup on subkeys.pgp.net reveals that this host has a number of IP addresses: $ nslookup Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. subkeys.pgp.net Server: 10.71.0.138 Address:10.71.0.138#53 Non-authoritative answer: Name: subkeys.pgp.net Address: 114.31.78.196 Name: subkeys.pgp.net Address: 208.72.157.55 Name: subkeys.pgp.net Address: 195.113.19.83 Name: subkeys.pgp.net Address: 213.239.206.174 Name: subkeys.pgp.net Address: 213.239.212.133 Name: subkeys.pgp.net Address: 64.71.173.107 I tried your gpg command using the host name subkeys.pgp.net and then with each IP address instead of the host name. Using the host name subkeys.pgp.net causes the command to hang (I guess because the command tries only the first IP address). The command succeeds if using the IP addresses 208.72.157.55 and 195.113.19.83 while it fails for the rest of the addresses. For the last IP address (i.e. 64.71.173.107) causes the command to fail with No route to host, while with the rest of the problematic addresses it just hangs Regards, Emil On Sat, 16 Oct 2010, Ohad Lutzky wrote: Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
[Haifux] Router question
Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
traceroute is ICMP. I'm having trouble with specific ports on TCP. On Sat, Oct 16, 2010 at 7:53 PM, Dave Roi david...@gmail.com wrote: Did you try running traceroute to the pgp server or android market server? See how many hops it does go and see in which one it gets stuck. On Sat, Oct 16, 2010 at 19:36, Ohad Lutzky o...@lutzky.net wrote: Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
have you played with the mtu ? Often times the dhcp server on the home router giveth the mtu of 1500. It is perfectly OK if you either: - don't use VPN from router to ISP - use encryption (when wifi frame IP frame sent from the router to the ISP) Otherwise, you get 1 packet of the internal network is wraped into more than 1 packets to the outside world. This (IIRC) is IPv4 problem (fragmentation), and some routers don't do this well. To resolve it you can make sure that 1 wifi packet = 1 outgoing packet of your router to the ISP, by reducing the MTU on the clients, or by using no VPN connection. I remember MTU=1452 used to be the magic number back in the DSL PPTP days. I bet you could somehow sniff the packets, to verify, but I don't know how to sniff the VPN packets if the router is the one who dials. But still, I hope this is a useful hint ;-) On Sat, Oct 16, 2010 at 7:59 PM, Ohad Lutzky o...@lutzky.net wrote: traceroute is ICMP. I'm having trouble with specific ports on TCP. On Sat, Oct 16, 2010 at 7:53 PM, Dave Roi david...@gmail.com wrote: Did you try running traceroute to the pgp server or android market server? See how many hops it does go and see in which one it gets stuck. On Sat, Oct 16, 2010 at 19:36, Ohad Lutzky o...@lutzky.net wrote: Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Maxim Kovgan ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
1) Did you try to connect to a controlled host so you can verify if the problem is not with big IP packets ? 2) it is possible they are blocking inbound connections to these ports... but outbound? also, 5228 android port is blocked ? WEIRD indeed. Have you also contacted Bezeqint ? On Sat, Oct 16, 2010 at 7:36 PM, Ohad Lutzky o...@lutzky.net wrote: Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Maxim Kovgan ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
you should have a traceroute-line utility that runs on TCP ports of your choice. for example, tcptraceroute. see an explanation here: http://christophe.vandeplas.com/2007/11/04/using-traceroute-icmp-and-tcp --guy Ohad Lutzky wrote: traceroute is ICMP. I'm having trouble with specific ports on TCP. On Sat, Oct 16, 2010 at 7:53 PM, Dave Roi david...@gmail.com mailto:david...@gmail.com wrote: Did you try running traceroute to the pgp server or android market server? See how many hops it does go and see in which one it gets stuck. On Sat, Oct 16, 2010 at 19:36, Ohad Lutzky o...@lutzky.net mailto:o...@lutzky.net wrote: Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net http://subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net http://subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net http://subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org mailto:Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
Okay, that's something I can use! Here's what I get - all hope up to and including 7 are from within bezeqint (without useful reverse dns resolutions). Hop 8 is sudo tcptraceroute -i eth0 -n 195.113.19.83 11371 traceroute to 195.113.19.83 (195.113.19.83), 30 hops max, 60 byte packets 1 10.0.0.138 4.018 ms 4.000 ms 3.993 ms 2 212.179.37.1 20.982 ms 22.589 ms 22.581 ms 3 212.179.87.173 24.302 ms 27.114 ms 28.475 ms 4 212.179.152.157 29.563 ms 30.513 ms 31.462 ms 5 212.179.124.145 37.292 ms 37.288 ms 37.274 ms 6 212.179.124.162 40.561 ms 51.928 ms 54.370 ms 7 62.219.189.14 4317.354 ms 212.179.124.26 4303.544 ms 4301.958 ms 8 77.67.66.9 199.620 ms * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * On Sat, Oct 16, 2010 at 8:48 PM, guy keren c...@actcom.co.il wrote: you should have a traceroute-line utility that runs on TCP ports of your choice. for example, tcptraceroute. see an explanation here: http://christophe.vandeplas.com/2007/11/04/using-traceroute-icmp-and-tcp --guy Ohad Lutzky wrote: traceroute is ICMP. I'm having trouble with specific ports on TCP. On Sat, Oct 16, 2010 at 7:53 PM, Dave Roi david...@gmail.com mailto: david...@gmail.com wrote: Did you try running traceroute to the pgp server or android market server? See how many hops it does go and see in which one it gets stuck. On Sat, Oct 16, 2010 at 19:36, Ohad Lutzky o...@lutzky.net mailto:o...@lutzky.net wrote: Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net http://subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net http://subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net http://subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org mailto:Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Router question
Hi Ohad I ran a whois on 77.67.66.9. It turns out that it belongs to Tiscali network. They are very notorious in traffic shaping. They use to work with 012. I didn't know that bezeqint works with them too. I used to have tons of problems when I had internet with 012. If you can avoid traffic through them, do that. Otherwise, I don't know what can be done. Maybe other have a better idea. i ran too tcptraceroute to the same ip as yours. here is the output about tiscali from here (I skipped the first 10 hops): 11 77.67.66.9 65.208 ms 64.018 ms 67.894 ms 12 89.149.187.210 89.924 ms 98.971 ms 88.379 ms 13 194.50.100.190 158.058 ms 163.518 ms 172.186 ms 14 * * * 15 195.113.69.57 176.454 ms 183.741 ms 182.775 ms 16 195.113.68.150 100.259 ms 98.225 ms 99.370 ms 17 195.113.68.198 98.377 ms 99.620 ms 102.622 ms 18 195.113.69.170 179.713 ms 178.286 ms 179.791 ms 19 195.113.69.6 174.207 ms 175.161 ms 170.599 ms 20 195.113.19.83 [open] 219.739 ms 237.707 ms 222.181 ms On Sat, Oct 16, 2010 at 9:11 PM, Ohad Lutzky o...@lutzky.net wrote: Okay, that's something I can use! Here's what I get - all hope up to and including 7 are from within bezeqint (without useful reverse dns resolutions). Hop 8 is sudo tcptraceroute -i eth0 -n 195.113.19.83 11371 traceroute to 195.113.19.83 (195.113.19.83), 30 hops max, 60 byte packets 1 10.0.0.138 4.018 ms 4.000 ms 3.993 ms 2 212.179.37.1 20.982 ms 22.589 ms 22.581 ms 3 212.179.87.173 24.302 ms 27.114 ms 28.475 ms 4 212.179.152.157 29.563 ms 30.513 ms 31.462 ms 5 212.179.124.145 37.292 ms 37.288 ms 37.274 ms 6 212.179.124.162 40.561 ms 51.928 ms 54.370 ms 7 62.219.189.14 4317.354 ms 212.179.124.26 4303.544 ms 4301.958 ms 8 77.67.66.9 199.620 ms * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * On Sat, Oct 16, 2010 at 8:48 PM, guy keren c...@actcom.co.il wrote: you should have a traceroute-line utility that runs on TCP ports of your choice. for example, tcptraceroute. see an explanation here: http://christophe.vandeplas.com/2007/11/04/using-traceroute-icmp-and-tcp --guy Ohad Lutzky wrote: traceroute is ICMP. I'm having trouble with specific ports on TCP. On Sat, Oct 16, 2010 at 7:53 PM, Dave Roi david...@gmail.com mailto: david...@gmail.com wrote: Did you try running traceroute to the pgp server or android market server? See how many hops it does go and see in which one it gets stuck. On Sat, Oct 16, 2010 at 19:36, Ohad Lutzky o...@lutzky.net mailto:o...@lutzky.net wrote: Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net http://subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net http://subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net http://subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org mailto:Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux --
Re: [Haifux] Router question
forgot to mention, i use bezeqint too. On Sat, Oct 16, 2010 at 9:25 PM, Sorana Fraier sf10...@gmail.com wrote: Hi Ohad I ran a whois on 77.67.66.9. It turns out that it belongs to Tiscali network. They are very notorious in traffic shaping. They use to work with 012. I didn't know that bezeqint works with them too. I used to have tons of problems when I had internet with 012. If you can avoid traffic through them, do that. Otherwise, I don't know what can be done. Maybe other have a better idea. i ran too tcptraceroute to the same ip as yours. here is the output about tiscali from here (I skipped the first 10 hops): 11 77.67.66.9 65.208 ms 64.018 ms 67.894 ms 12 89.149.187.210 89.924 ms 98.971 ms 88.379 ms 13 194.50.100.190 158.058 ms 163.518 ms 172.186 ms 14 * * * 15 195.113.69.57 176.454 ms 183.741 ms 182.775 ms 16 195.113.68.150 100.259 ms 98.225 ms 99.370 ms 17 195.113.68.198 98.377 ms 99.620 ms 102.622 ms 18 195.113.69.170 179.713 ms 178.286 ms 179.791 ms 19 195.113.69.6 174.207 ms 175.161 ms 170.599 ms 20 195.113.19.83 [open] 219.739 ms 237.707 ms 222.181 ms On Sat, Oct 16, 2010 at 9:11 PM, Ohad Lutzky o...@lutzky.net wrote: Okay, that's something I can use! Here's what I get - all hope up to and including 7 are from within bezeqint (without useful reverse dns resolutions). Hop 8 is sudo tcptraceroute -i eth0 -n 195.113.19.83 11371 traceroute to 195.113.19.83 (195.113.19.83), 30 hops max, 60 byte packets 1 10.0.0.138 4.018 ms 4.000 ms 3.993 ms 2 212.179.37.1 20.982 ms 22.589 ms 22.581 ms 3 212.179.87.173 24.302 ms 27.114 ms 28.475 ms 4 212.179.152.157 29.563 ms 30.513 ms 31.462 ms 5 212.179.124.145 37.292 ms 37.288 ms 37.274 ms 6 212.179.124.162 40.561 ms 51.928 ms 54.370 ms 7 62.219.189.14 4317.354 ms 212.179.124.26 4303.544 ms 4301.958 ms 8 77.67.66.9 199.620 ms * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * On Sat, Oct 16, 2010 at 8:48 PM, guy keren c...@actcom.co.il wrote: you should have a traceroute-line utility that runs on TCP ports of your choice. for example, tcptraceroute. see an explanation here: http://christophe.vandeplas.com/2007/11/04/using-traceroute-icmp-and-tcp --guy Ohad Lutzky wrote: traceroute is ICMP. I'm having trouble with specific ports on TCP. On Sat, Oct 16, 2010 at 7:53 PM, Dave Roi david...@gmail.com mailto: david...@gmail.com wrote: Did you try running traceroute to the pgp server or android market server? See how many hops it does go and see in which one it gets stuck. On Sat, Oct 16, 2010 at 19:36, Ohad Lutzky o...@lutzky.net mailto:o...@lutzky.net wrote: Hello everyone, I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection to the Bezeq International ISP. It seems that various outgoing ports are blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for example - I can't download Android apps from the Market. Easier to test, I can't download PGP public keys. For example: gpg -v -v --keyserver subkeys.pgp.net http://subkeys.pgp.net --recv F120156012B83718 gpg: requesting key 12B83718 from hkp server subkeys.pgp.net http://subkeys.pgp.net This hangs indefinitely. So does this: telnet subkeys.pgp.net http://subkeys.pgp.net 11371 Trying 195.113.19.83... The same occurs for other keyservers, git-protocol, and various other unconventional high-port usage. I've gone over the router settings, disabled its firewall (but not NAT, which I need), added my machine to the DMZ (this actually seems to help, sometimes, for git - and even then, only once), tried port triggering... I can't get a consistent result. I should note that this issue only exists for *outgoing* ports. I have no problem mapping *incoming* ports (such as my openssh server or bittorrent web interface). -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky ___ Haifux mailing list Haifux@haifux.org mailto:Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Man is the only animal that laughs and weeps, for he is the only animal that is struck with the difference between what things are and what they ought to be. - William Hazlitt Ohad Lutzky
