Rookie

Is port 80 blocked from my phone to my home?

I think something is blocking port 80 from

 

Source      107.77.xxx.xxx (my mobile phone on AT&T)
Destination  76.88.xxx.xxx (my web server at home on TWC)

 

The result I get on the phone is there is no response and eventual timeout.
The website is up and I can access it just fine from a browser on a PC from anywhere else I try.

When troubleshooting, I run tcpdump on port 80 on my server and no traffic is detected.

Some testing info...

  • The result is the same using Chrome, FireFox, and wget from my phone.
  • The result is the same from another phone using the same SIM card.
  • The result is the same using a domain name or the IP address of the server.
  • The IP address of the phone varies sometimes, the last octet changes, the result is the same.
  • I have re-installed FireFox and wget, cleared all cache and data and the result is the same.
  • I have no firewall rules set up on my server; iptables -L shows all ACCEPT.
  • I have no content filtering on my router and have port forwarding enabled for port 80.

However, from the *same* phone...

  • I am able to connect using HTTP over an alternate port, 8349.
  • I am able to connect using SSH over port 22.
  • I am able to connect to all other web servers I try.
  • I am able to connect to another web server at TWC (70.95.xxx.xxx)
  • I am able to connect over a wi-fi network.

Also...

  • I am able to connect from other people's phones using Sprint's, T-Mobile's, and Verizon's mobile network.
  • I am able to connect from another person's phone using AT&T at 166.137.xxx.xxx.

The problem seems pretty isolated to my phone service and my web server and port 80.

I have not tried forcing my cable modem to get a new IP address. It was last changed March 2016.

How can I find what is blocking access?

6 REPLIES
Expert

Re: Is port 80 blocked from my phone to my home?

Don't use port 80, it's garbage to doi so and is a huge security risk as all hackers go after it first.

 Next, You're running a server on TWC residential service?

Probably a violation of the contract, lol.

 

Established Sharer

Re: Is port 80 blocked from my phone to my home?

[ Edited ]

Nobody with any internet experience would leave port 80 open and unfiltered.  It's the most popular target for malware delivery to folks who don't turn on their router firewalls.  Common substitute ports which have to be specifically opened for use are 1080, 2080, 8080, and 10080. 

Also, since AT&T and TWC share some fiber transport hops, it's possible that port 80 is blocked at the IXP crossover points.

Rookie

Re: Is port 80 blocked from my phone to my home?

[ Edited ]

I was able to gather more data.

 

First, I tried shutting off my cable modem for a day in an attempt to get a new IP address, but I got the same one again.

 

Second I was able to run tracepath on port 80 from my phone (see below). The packets are clearly making it into the TWC network. I know you can't always know which machine is the problem because not all servers will pass thru tracepath, but at least I can see that nothing prior to TWC is blocking or dropping my traffic.

 

But I'm not sure where to go from here. Is there any chance at all that TWC will have an explanation, even if by a miracle I can get to talk to the right person?

 

1: 10.155.215.210             0.458ms pmtu 1410
1: 172.21.82.86              53.753ms asymm 2
1: 172.21.82.54              78.753ms asymm 2
2: 172.21.64.194                    63.861ms
3: 107.77.244.58                    52.279ms
4: 107.77.244.2                     78.965ms
5: 107.77.246.116                   53.306ms
6: 12.83.188.161                    62.616ms
7: 12.83.179.49              77.677ms asymm 9
8: ggr2.la2ca.ip.att.net            58.019ms
9: 205.158.79.241.ptr.us.xo.net     96.675ms
10: 207.88.14.214.ptr.us.xo.net  60.140ms asymm 13
11: 207.88.13.25.ptr.us.xo.net      54.384ms
12: 216.0.6.26                      65.483ms
13: agg1.lsancarc01r.socal.rr.com   163.890ms
14: agg1.sndhcaax01r.socal.rr.com 49.454ms asymm 16
15: no reply
16: agg1.sndhcaam01m.socal.rr.com   110.785ms
17: no reply
18: no reply
19: no reply
20: no reply
21: no reply
22: no reply
23: no reply
24: no reply
25: no reply
26: no reply
27: no reply
28: no reply
29: no reply
30: no reply
Too many hops: pmtu 1410
Resume: pmtu 1410

Established Sharer

Re: Is port 80 blocked from my phone to my home?

Shutting off your modem won't get you a new IP address when it restarts.   You would need a different modem with a different MAC to get a different public IP address. 

As we said before, nobody with any recent internet security experience expects port 80 to be useable.  Most corporate users block it at their gateway firewalls and proxy servers by default because of hackers propagating malware to uneducated internet users.  That doesn't stop tracepath from reporting the data packet flow along the route, just keeps the payload from inflicting harm at the final destination.

Set up a translation from port 80 to an alternate port and see what happens.  But do not expect anyone at TWC to authorize a systemwide unblock of port 80 on their network just for your rogue application.

Rookie

Re: Is port 80 blocked from my phone to my home?

[ Edited ]

There is nothing “systemwide” about this issue, so I wouldn’t expect a systemwide unblock. As I noted, anyone else can reach this this server and I can reach any other website from my phone, so it seems like a very targeted block. But how do I find the right person who knows why it’s there or how to remove it? Maybe it’s impossible.

 

I am trying not to make this a discussion about security, but I really do not understand your point about port 80. I’m not running an “application”. It’s a web page and pretty much every web page in the known universe is on the standard http port, which is 80. There’s nothing “rogue” about it. And there’s nothing in the TWC Acceptable Use Policy that disallows it. If you’re really concerned about hackers, rest assured the server is running in a DMZ and the inner routers are locked up tight.

 

Thanks for your input.

Expert

Re: Is port 80 blocked from my phone to my home?

Change to a different MFG of router.. That will usually get you a different public IP.

That is provided that you have a modem only or a combo in bridged mode  doing the coax to ethernet  connection.