xFinity Router/Gateway is blocking a specific website

When you cannot reach a site using your home Internet connection but can reach it using another Comcast link or a VPN or a mobile hotspot, it usually means the site is blocking your public Comcast IP. You can look up your public IP at https://www.google.com/search?q=IP. You'll probably need to ask the site's admins for help with this. Many sites admins don't even know that their systems do IP blocking, so this may not be easy.

What does a trace to to the site show? In Windows, open a Command Prompt window, enter

    tracert -4 URL

and post the output.

Thanks for the reply.  My website host says my IP isn't being blocked.  The technician also had me get the IP using VPN and he said that wasn't being blocked.

Here is the output from my trace (I closed the window after 7 or so - wasn't sure how long it was going to try):

---

@NFrankel236 wrote: ... Any idea what happened?

---

Not really. Since Comcast rolled out "Advanced Security" to its xFi gateways there have been many reports of improperly blocked sites. Perhaps the site you're trying to reach shares a server with a site hosting abusive content, or perhaps it's a bug in Comcast's systems. No way for a non-employee like me to know.

---

@NFrankel236 wrote: ... Here is the output from my trace  ...

---

You're blocked right at your gateway. You might try turning off xFi's "Advanced Security": see "Disable Advanced Security" on https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security/. I can browse vpnavy.org without a problem, but I'm using a straight cable modem instead of a Comcast gateway.

Why would it be blocked?  I have run for years using the same Xfinity box without a problem.  Any idea what happened?

Really confused now.  I went through the "restart" process via XFinity and it hung and said try again later.  So, I unplugged the box - waited a minute - plugged it back in and nothing happened - just ON was lit.  A few minutes later the dang box came online.  Guess what - I can now get to vpnavy.org!

Just noticed - I CAN NOW GET TO VPNAVY.ORG (I accidently said I couldn't after the restart).

No - didn't shut off Security.  It showed hits the past few days that were blocked - didn't want to open it up.  I just went ahead and hit RESTART.

I ran the traces - they failed?

---

@NFrankel236 wrote: ... I can not get to vpnavy.org!

---

Can you run and post a trace to say, Google.com? Did you turning off xFi's "Advanced Security"? It may be necessary to swap out the gateway.

---

@NFrankel236 wrote: ... I CAN NOW GET TO VPNAVY.ORG ...

Good to hear!

When running tracert, don't type "URL", replace that with the site you want to trace, like you did in your earlier example:

    tracert -4 vpnavy.org

Dang - I know better then that!  SMILE

Here is Google and my site (noticed it started timing out..

---

@NFrankel236 wrote: ... noticed it started timing out..

---

That's normal for many sites. Routers and servers don't always return the packets tracert needs. It's a pain, but by itself doesn't mean much. I can browse and ping the site, but tracert fails after what appears to be the last Comcast hop:

C>ping vpnavy.org
Pinging vpnavy.org [52.27.198.203] with 32 bytes of data:
Reply from 52.27.198.203: bytes=32 time=112ms TTL=30
Reply from 52.27.198.203: bytes=32 time=111ms TTL=30
Reply from 52.27.198.203: bytes=32 time=111ms TTL=30
Reply from 52.27.198.203: bytes=32 time=102ms TTL=30
Ping statistics for 52.27.198.203:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 102ms, Maximum = 112ms, Average = 109ms

C>tracert -4 vpnavy.org
Tracing route to vpnavy.org [52.27.198.203] over a maximum of 30 hops:
  1    18 ms     9 ms     9 ms  router1 [192.168.1.1]
  2     *       25 ms    17 ms  96.120.9.181
  3    26 ms    24 ms    17 ms  96.108.119.45
  4    16 ms    17 ms    15 ms  96.110.24.214
  5    26 ms    26 ms    18 ms  96.110.25.65
  6    34 ms     *       26 ms  be-34-ar01.mckeesport.pa.pitt.comcast.net [69.139.168.141]
  7    37 ms    27 ms    27 ms  be-31641-cs04.pittsburgh.pa.ibone.comcast.net [96.110.42.173]
  8    40 ms    37 ms    29 ms  be-1412-cr12.pittsburgh.pa.ibone.comcast.net [96.110.38.158]
  9    39 ms    38 ms    38 ms  be-302-cr14.350ecermak.il.ibone.comcast.net [96.110.39.161]
 10    49 ms     *       49 ms  be-1114-cs01.350ecermak.il.ibone.comcast.net [96.110.35.49]
 11    46 ms    47 ms    46 ms  be-1111-cr11.350ecermak.il.ibone.comcast.net [96.110.35.2]
 12    72 ms    70 ms    69 ms  be-301-cr02.1601milehigh.co.ibone.comcast.net [96.110.37.146]
 13     *       72 ms    70 ms  be-12021-cr01.champa.co.ibone.comcast.net [68.86.84.225]
 14    94 ms    95 ms    86 ms  be-11020-cr02.sunnyvale.ca.ibone.comcast.net [68.86.84.9]
 15    94 ms     *       93 ms  be-11083-pe02.529bryant.ca.ibone.comcast.net [68.86.84.14]
 16    93 ms    92 ms    86 ms  as16509-1-c.529bryant.ca.ibone.comcast.net [50.242.148.82]
(17-30  *        *        *     Request timed out)
Trace complete.

Well - that didn't last long - blocked again!

When I kick in VPN - I can get to my site - don't understand why.  Doesn't that mean that Comcast is blocking my normal IP (since VPN hides my IP)?  

---

@NFrankel236 wrote: ... Cisco DPC3941T

---

That's an xFi "Advanced Security" device. Most of Comcast's newer gateways are -- see https://www.xfinity.com/support/articles/getting-started-with-xfinity-xfi-advanced-security. If "Advanced Security" is blocking the site with the DPC3941, most of the other gateway models would do the same. I know of no way to ask Comcast to restore access to a site blocked by "Advanced Security". If you use one of their gateways and "Advanced Security" is blocking a site, and you're not willing to turn off "Advanced Security", you're stuck, except for the VPN.