Could not connect to checkphish.org

bluegene · March 9, 2017, 1:31am

Running nginx on ubuntu 16.04. I am not sure why I keep running into do not connect error.

resolves into right IP address as well

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d checkphish.org

Port 80 an 443 are both open on the firewall

Domain: checkphish.org
Type: connection
Detail: Could not connect to checkphish.org

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify

Osiris · March 9, 2017, 2:29am

Even so, it's impossible to connect to 172.10.235.115 on port 80 or 443, also from my end. Time out.

Something very strange is going on:

osiris@desktop ~ $ ping checkphish.org 
PING checkphish.org (172.10.235.115) 56(84) bytes of data.
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=1 ttl=50 time=182 ms
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=1 ttl=50 time=182 ms (DUP!)
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=2 ttl=50 time=181 ms
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=2 ttl=50 time=182 ms (DUP!)
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=3 ttl=50 time=181 ms
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=3 ttl=50 time=182 ms (DUP!)
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=4 ttl=50 time=181 ms
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=4 ttl=50 time=182 ms (DUP!)
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=5 ttl=50 time=182 ms
64 bytes from 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115): icmp_seq=5 ttl=50 time=182 ms (DUP!)
^C64 bytes from 172.10.235.115: icmp_seq=6 ttl=50 time=182 ms

--- checkphish.org ping statistics ---
6 packets transmitted, 6 received, +5 duplicates, 0% packet loss, time 7985ms
rtt min/avg/max/mdev = 181.756/182.182/182.504/0.352 ms, pipe 2
osiris@desktop ~ $ traceroute checkphish.org 
traceroute to checkphish.org (172.10.235.115), 30 hops max, 60 byte packets
 1  router.local 0.463 ms  0.466 ms  0.717 ms
 2  lo0.dr13.d12.xs4all.net (194.109.5.212)  22.327 ms  22.320 ms  22.310 ms
 3  0.ae23.xr4.1d12.xs4all.net (194.109.7.17)  15.934 ms 0.ae23.xr3.3d12.xs4all.net (194.109.7.53)  15.948 ms 0.ae23.xr4.1d12.xs4all.net (194.109.7.17)  15.939 ms
 4  asd2-rou-1044.NL.eurorings.net (134.222.97.17)  15.929 ms asd2-rou-1043.NL.eurorings.net (134.222.93.144)  23.394 ms  23.385 ms
 5  rt2-rou-1022.NL.eurorings.net (134.222.48.209)  23.358 ms  23.350 ms rt2-rou-1022.NL.eurorings.net (134.222.48.211)  23.339 ms
 6  nyk-s1-rou-1021.US.eurorings.net (134.222.48.1)  108.273 ms  109.630 ms ldn-s2-rou-1101.UK.eurorings.net (134.222.48.200)  28.284 ms
 7  nyk-s2-rou-1021.US.eurorings.net (134.222.48.92)  100.231 ms  94.063 ms nyk-s2-rou-1021.US.eurorings.net (134.222.48.35)  94.959 ms
 8  12.250.255.9 (12.250.255.9)  150.034 ms  150.044 ms  131.155 ms
 9  cr1.n54ny.ip.att.net (12.122.105.42)  181.076 ms  181.794 ms  179.535 ms
10  cr2.cgcil.ip.att.net (12.122.1.2)  182.982 ms  182.972 ms  186.766 ms
11  cr1.cgcil.ip.att.net (12.122.2.53)  189.538 ms  189.528 ms  186.042 ms
12  cr1.sffca.ip.att.net (12.122.4.121)  187.287 ms  182.232 ms  182.242 ms
13  12.122.137.245 (12.122.137.245)  187.964 ms  184.753 ms  187.943 ms
14  * * *
15  * * *
16  71.148.149.45 (71.148.149.45)  189.255 ms  187.069 ms  187.080 ms
17  172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115)  187.962 ms  188.564 ms  189.124 ms
osiris@desktop ~ $ sudo traceroute -T -p 80 checkphish.org 
traceroute to checkphish.org (172.10.235.115), 30 hops max, 60 byte packets
 1  router.local 0.553 ms  0.630 ms  0.915 ms
 2  lo0.dr13.d12.xs4all.net (194.109.5.212)  8.506 ms  8.815 ms  9.936 ms
 3  0.ae23.xr4.1d12.xs4all.net (194.109.7.17)  9.931 ms 0.ae23.xr3.3d12.xs4all.net (194.109.7.53)  10.103 ms  10.262 ms
 4  asd2-rou-1043.NL.eurorings.net (134.222.93.144)  11.142 ms  11.150 ms asd2-rou-1044.NL.eurorings.net (134.222.97.17)  11.162 ms
 5  rt2-rou-1022.NL.eurorings.net (134.222.48.211)  14.493 ms rt2-rou-1022.NL.eurorings.net (134.222.48.209)  16.567 ms rt2-rou-1022.NL.eurorings.net (134.222.48.211)  15.901 ms
 6  nyk-s1-rou-1021.US.eurorings.net (134.222.48.1)  126.921 ms  126.436 ms  126.889 ms
 7  nyk-s2-rou-1021.US.eurorings.net (134.222.48.35)  99.252 ms  91.649 ms  93.208 ms
 8  12.250.255.9 (12.250.255.9)  106.499 ms  122.536 ms  113.756 ms
 9  cr1.n54ny.ip.att.net (12.122.105.42)  186.947 ms  189.585 ms  189.585 ms
10  cr2.cgcil.ip.att.net (12.122.1.2)  188.926 ms  188.016 ms  187.939 ms
11  cr1.cgcil.ip.att.net (12.122.2.53)  188.329 ms  188.285 ms  186.606 ms
12  cr1.sffca.ip.att.net (12.122.4.121)  185.850 ms  184.270 ms  183.967 ms
13  12.122.137.245 (12.122.137.245)  187.039 ms  187.881 ms  188.013 ms
14  * * *
15  * * *
16  71.148.149.45 (71.148.149.45)  187.699 ms  188.550 ms  188.413 ms
17  172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115)  190.364 ms  189.252 ms  190.275 ms
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
osiris@desktop ~ $

You can see three things:

Duplicate ICMP replies are send on ping..?
Normal traceroute seems to work fine;
When trying to trace the route of TCP port 80 packets, it looks if it ends up at your server, but the traceroute doesn't stop?

bluegene · March 9, 2017, 2:52am

I had server down. It is up now on port 80. Nothing on 443. but it is open. I tested it earlier
Just tried:

user@app-server-1:~$ sudo traceroute -T -p 80 checkphish.org
traceroute to checkphish.org (172.10.235.115), 30 hops max, 60 byte packets
1 10.0.2.2 (10.0.2.2) 0.247 ms 0.657 ms 0.557 ms
2 172-10-235-115.lightspeed.sntcca.sbcglobal.net (172.10.235.115) 4.332 ms

Osiris · March 9, 2017, 3:02am

No change on my end just now, same results as above.

bluegene · March 9, 2017, 3:07am

Thanks Osiris. Not sure what is going on. I changed DNS with godaddy today.

bluegene · March 9, 2017, 6:14pm

Thanks Osiris.I have figured out the problem. It is with iptables on my router. .Nat rules no longer work because OpenVPN is running.

system · April 8, 2017, 6:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.