Hi people,

I've had a couple of clients say they can't reach our login page - I think it's just IE users - any chance of a few people trying the link below and posting if it works or not please (you should get a login page)

You will get a Secure Cert warning as it's a https connection to an IP address (and they don't issue certs to IP addresses)

Heres the url: https://67.30.130.244:2222/ and

https://www.matrixxhosting.com:2222

Any ideas why some users wouldn't be able to connect to this - maybe a setting IE ?

Thanks in advance..

Rob

Are they using Fast Net ISP? They've had a power outage that has caused problems all day.

Do a trace from your server to a clients IP to confirm

d

Just had a try with Safari Rob and it works fine for me.

Jacqui

Firewall on their machine is quite likely as you are pushing to port 2222.

Are they getting connecting to hand or downloading from hang?

D

Are they using Fast Net ISP? They've had a power outage that has caused problems all day.

Do a trace from your server to a clients IP to confirm

d

Done and no :)

But thanks

Rob

Hi Rob,

The bottom log in one worked, but the top one with all the numbers on, came up a white page with nothing on!

I'm using IE.

Jayne :D

Firewall on their machine is quite likely as you are pushing to port 2222.

hmm - maybe

Are they getting connecting to hand or downloading from hang?

You have out-geeked me ;)

Rob

Rob

works fine with IE

Well, if they can connect to sites at that IP range on port 80 then it's defo a firewall issue.

What crus mean to say is:


Are they getting the "connecting to" type cursor or the "downloading from" type cursor?

I think!

Well, if they can connect to sites at that IP range on port 80 then it's defo a firewall issue.

Yes they can

Jayne you said you can't get it - what firewall do you use?

Rob

Norton firewall and anti-virus stuff and i'm on AOL broadband gold, with all there safety stuff, just incase you needed to know :D

Bang on Duane.

Dependent on the hand will tell you if its an outbound port issue or inbound port issue, not 100% reliable.

If they can get to the non forced port, then 99% firewall issue, although it could be a network issue they are not aware of (ie restricted access to that port by ISP etc etc).

Hope this helped Rob.

D

When I click on this one https://67.30.130.244:2222/ a box comes up, saying the name on the security certificate is invalid. When you click off the warning, the screen goes white.

Jayne

100% firewall.

Repliacated here, get your clients to allow traffic on port 2222.

problem solved.

£100 call out fee to be invoiced ;-)

D

The page just hangs indefinitely for me!

Hangs on connecting to, or, opening page?

You behind a firewall?

D

I get a message box saying that you are changing to a secure connection (standard desktop build) and then the page is blank.

Rob will need this info to assist.

OS eg XP SP2
Browser eg IE 7 Beta
Firewall eg is the XP firewall on, have you got any trojan blockers etc or have you got network attached security firewall router etc .

The certificate should not be an issue although it may throw an error as it looks like its signed to Matrixx Hosting and not the ip address. All 6 browsers I am running here have accepted, some prompting for it.

It is likely that port 2222 has been shut down, as this is the UDP broiadcast port for some MS apps and as such is exploited by the hacker community ;-)

D

HTTPS is for port 443 (that the default that browsers use), trying to force SSL over :2222 could create all sorts of problems.

Hi Webit,

to date I have not had any problems forcing https over alternatice ports, apart from firewall issues.

This is common practice in the pletora of web based server admin I have used.

to quote,

"You can run HTTPS on any port, but the standards specify port 443, which is where any HTTPS compliant browser will look by default. You can force your browser to look on a different port by specifiying it in the URL."

Server admin apps are run on non-standard ports to avoid issues with the actual sites being served. This is normally done so that the server app which will run on its own incarnation of the webserver app can be secure yet requests not get confused with the server app actually serving the content.

So forcing HTTPS over a non standar port will not cause problems with the Protocol, its more than capable of handling this, or with the mainstream browsers which again have this ability built in. It is almost guaranteed to be an application or device preventing usage of the 2222 port in this case.

D
D

Its all a black art to me anyway!

My Guess would be the port number - It's always worth checking what ports are open with the ISP - many are blocked to restrict P2P traffice depending on who your provider is (I think Wanadoo block many ports as do BT whilst a company like Plus Net or mine NTL have no port restrictings depending on teh account type). This was an issue for me as I use MSTS Remote Desktop quite a bit.

I agree,

as stated earlier, due to the 2222 port being such an easy ecploit it is quirte possible that soime ISP's may block, almost a certainty that paranoid network admins would not unblock this port. ;-)

D

ok, so how do we fix it?????????? laymens terms please!

Hi Anne,

have you got a firewall, maybe as part of an adsl router?

D

Matrixx could try moving to port 8080 (mostly left open and also the default port for Tomcat!)

Hi Anne,

have you got a firewall, maybe as part of an adsl router?

D

Hi

Yes I have a DG834 wireless router.... my ISP metronet, also has a firewall , I have XP SP2 and also AVG anti virus!!! 4 firewalls in total!

8080 is a suggestion,

but is often used as part of the performance caching systems on servers and proxies alike so he would need to check this out.

This port is very likely to be open for this exact reason and could be a stop gap solution until the clients are able to tweek the firewalls. however it may open up more problems if people are behind certain proxies.

PS anyone who needs a server admin at a good rate PM me!

D

so if it is my firewall, what do i need to change to gain access - and they say women waffle lol

Hi Anne,

you need to allow outbound traffic on port 2222 to ip address 67.30.130.244 and inbound traffic on port 2222, from 67.30.130.244 if you wish.

If you tell me what firewall you are running I can probably point you to some screen shots. It may be the Windows XP one (unlikely to block this port as it is used to monitor your MS apps), a software app like zoneAlarm or a physical bit of kit such as your ADSL router.

D

I have a Windows XP Service Pack 2 firewall. I have a firewall on my ISP www.metronet.co.uk which I can adjust (it can block access to certain sites). I have AVG anti-virus software and also my DG834T firewall router. I don't have WEP set up on my wireless network as yet.

http://support.metronet.co.uk/adsl/services/firewall

http://support.microsoft.com/gp/securityhome

ok sorted people thanks.

Our firewall blocks after 10 failed logins

Rob

Hey we've sorted it!

OK Anne,

I would ignoe XP for the moment unless you have made any custom changes to it?

It looks like Metronet could be the issue, but lets focus on the router first.

OK, you need to log into the router, probaly by going to http://192.168.0.1 or something similar.

Once logged in if you go to the firewall rules link on the main menu.

Here you will see the custom rules that are currently 'in play'.

If its still at default, the you should only have two rules,

Outbound

Yes, any, allow always, any any never.

Inbound

Yes, any, Block Always, - Any, Match.

If this is the case then we have to look at Metronet Firewall which seems to have some pretty restrictive settings.

D

thanks for your help D, but it's ok now. Much appreciated.

NP