NFrankel236's profile

Contributor

 • 

140 Messages

Saturday, May 30th, 2020 1:00 AM

Closed

xFinity Router/Gateway is blocking a specific website

ACCESS RESPONSE:  ERR_CONNECTION_TIMED_OUT Message

 

NOTE:  Running VPN allows me to get to the website in question - always got to the website without running VPN.

 

I am having a similar problem as this thread:  https://forums.xfinity.com/t5/Your-Home-Network/xFinity-supplied-Router-Gateway-is-blocking-a-specific/td-p/3316288

  • My xFinity supplied router started timing out on only one Website (URL) 5 days ago.
  • Before then I was able to connect to the website without issue.
  • Others can access the websites without any problems.
  • I can access the website using my cell phone or connected to another Xfinity router - just can't get to it when on my home Xfinity Router.   Otherwise, I can access a zillion others websites.
  • Xfinity Help worked with me for a while and said to contact the website owner.
  • My router was turned off and on again multiple times .

I have contacted the site in question and they confirm that they aren't blocking my access.  FWIW - this site houses three of my websites, e-mail, etc. - can't get to any of them unless I run VPN.  

Gold Problem Solver

 • 

26.1K Messages

5 years ago

When you cannot reach a site using your home Internet connection but can reach it using another Comcast link or a VPN or a mobile hotspot, it usually means the site is blocking your public Comcast IP. You can look up your public IP at https://www.google.com/search?q=IP. You'll probably need to ask the site's admins for help with this. Many sites admins don't even know that their systems do IP blocking, so this may not be easy.

What does a trace to to the site show? In Windows, open a Command Prompt window, enter

    tracert -4 URL

and post the output.

Contributor

 • 

140 Messages

5 years ago

Thanks for the reply.  My website host says my IP isn't being blocked.  The technician also had me get the IP using VPN and he said that wasn't being blocked.

 

Here is the output from my trace (I closed the window after 7 or so - wasn't sure how long it was going to try):

 

 

1 Attachment

Gold Problem Solver

 • 

26.1K Messages

5 years ago


@NFrankel236 wrote: ... Any idea what happened?

Not really. Since Comcast rolled out "Advanced Security" to its xFi gateways there have been many reports of improperly blocked sites. Perhaps the site you're trying to reach shares a server with a site hosting abusive content, or perhaps it's a bug in Comcast's systems. No way for a non-employee like me to know.

Gold Problem Solver

 • 

26.1K Messages

5 years ago


@NFrankel236 wrote: ... Here is the output from my trace  ...

You're blocked right at your gateway. You might try turning off xFi's "Advanced Security": see "Disable Advanced Security" on https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security/. I can browse vpnavy.org without a problem, but I'm using a straight cable modem instead of a Comcast gateway.

Contributor

 • 

140 Messages

5 years ago

Why would it be blocked?  I have run for years using the same Xfinity box without a problem.  Any idea what happened?

Contributor

 • 

140 Messages

5 years ago

Really confused now.  I went through the "restart" process via XFinity and it hung and said try again later.  So, I unplugged the box - waited a minute - plugged it back in and nothing happened - just ON was lit.  A few minutes later the dang box came online.  Guess what - I can now get to vpnavy.org!

Contributor

 • 

140 Messages

5 years ago

Just noticed - I CAN NOW GET TO VPNAVY.ORG (I accidently said I couldn't after the restart).

Contributor

 • 

140 Messages

5 years ago

No - didn't shut off Security.  It showed hits the past few days that were blocked - didn't want to open it up.  I just went ahead and hit RESTART.

 

I ran the traces - they failed?

 

1 Attachment

Gold Problem Solver

 • 

26.1K Messages

5 years ago


@NFrankel236 wrote: ... I can not get to vpnavy.org!

Can you run and post a trace to say, Google.com? Did you turning off xFi's "Advanced Security"? It may be necessary to swap out the gateway.

Gold Problem Solver

 • 

26.1K Messages

5 years ago


@NFrankel236 wrote: ... I CAN NOW GET TO VPNAVY.ORG ...

Good to hear!

 

When running tracert, don't type "URL", replace that with the site you want to trace, like you did in your earlier example:

 

    tracert -4 vpnavy.org

Contributor

 • 

140 Messages

5 years ago

Dang - I know better then that!  SMILE

 

Here is Google and my site (noticed it started timing out..

 

 

2 Attachments

Gold Problem Solver

 • 

26.1K Messages

5 years ago


@NFrankel236 wrote: ... noticed it started timing out..

That's normal for many sites. Routers and servers don't always return the packets tracert needs. It's a pain, but by itself doesn't mean much. I can browse and ping the site, but tracert fails after what appears to be the last Comcast hop:

 

C>ping vpnavy.org
Pinging vpnavy.org [52.27.198.203] with 32 bytes of data:
Reply from 52.27.198.203: bytes=32 time=112ms TTL=30
Reply from 52.27.198.203: bytes=32 time=111ms TTL=30
Reply from 52.27.198.203: bytes=32 time=111ms TTL=30
Reply from 52.27.198.203: bytes=32 time=102ms TTL=30
Ping statistics for 52.27.198.203:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 102ms, Maximum = 112ms, Average = 109ms
C>tracert -4 vpnavy.org
Tracing route to vpnavy.org [52.27.198.203] over a maximum of 30 hops:
  1    18 ms     9 ms     9 ms  router1 [192.168.1.1]
  2     *       25 ms    17 ms  96.120.9.181
  3    26 ms    24 ms    17 ms  96.108.119.45
  4    16 ms    17 ms    15 ms  96.110.24.214
  5    26 ms    26 ms    18 ms  96.110.25.65
  6    34 ms     *       26 ms  be-34-ar01.mckeesport.pa.pitt.comcast.net [69.139.168.141]
  7    37 ms    27 ms    27 ms  be-31641-cs04.pittsburgh.pa.ibone.comcast.net [96.110.42.173]
  8    40 ms    37 ms    29 ms  be-1412-cr12.pittsburgh.pa.ibone.comcast.net [96.110.38.158]
  9    39 ms    38 ms    38 ms  be-302-cr14.350ecermak.il.ibone.comcast.net [96.110.39.161]
 10    49 ms     *       49 ms  be-1114-cs01.350ecermak.il.ibone.comcast.net [96.110.35.49]
 11    46 ms    47 ms    46 ms  be-1111-cr11.350ecermak.il.ibone.comcast.net [96.110.35.2]
 12    72 ms    70 ms    69 ms  be-301-cr02.1601milehigh.co.ibone.comcast.net [96.110.37.146]
 13     *       72 ms    70 ms  be-12021-cr01.champa.co.ibone.comcast.net [68.86.84.225]
 14    94 ms    95 ms    86 ms  be-11020-cr02.sunnyvale.ca.ibone.comcast.net [68.86.84.9]
 15    94 ms     *       93 ms  be-11083-pe02.529bryant.ca.ibone.comcast.net [68.86.84.14]
 16    93 ms    92 ms    86 ms  as16509-1-c.529bryant.ca.ibone.comcast.net [50.242.148.82]
(17-30  *        *        *     Request timed out)
Trace complete.

Contributor

 • 

140 Messages

5 years ago

Well - that didn't last long - blocked again!

 

 

2 Attachments

Contributor

 • 

140 Messages

5 years ago

When I kick in VPN - I can get to my site - don't understand why.  Doesn't that mean that Comcast is blocking my normal IP (since VPN hides my IP)?  

 

 

1 Attachment

Gold Problem Solver

 • 

26.1K Messages

5 years ago


@NFrankel236 wrote: ... Cisco DPC3941T

That's an xFi "Advanced Security" device. Most of Comcast's newer gateways are -- see https://www.xfinity.com/support/articles/getting-started-with-xfinity-xfi-advanced-security. If "Advanced Security" is blocking the site with the DPC3941, most of the other gateway models would do the same. I know of no way to ask Comcast to restore access to a site blocked by "Advanced Security". If you use one of their gateways and "Advanced Security" is blocking a site, and you're not willing to turn off "Advanced Security", you're stuck, except for the VPN.

forum icon

New to the Community?

Start Here