Web lists-archives.com

RE: What is the proper mailing list for server issues?




Ok, I spoke too hastily.  It's possible a webserver blocks sites or the ISP blocks.
Also, perhaps cygwin.com can't resolve starwolf.com as Brian suggested.
Looking at your curl and openssl output I see this oddity

"No ALPN negotiated"
"ALPN, server did not agree to a protocol"

According to this site cygwin.com does not support HTTP/2.  Must be using 1.1.
https://tools.keycdn.com/http2-test

Does this get you a web page?

curl -v --http1.0 https://www.cygwin.com

You're not doing any port forwarding of 443?

Glenn

============================================================

Greetings,

I'm trying from several different machines in the house, some directly connected, as well as any thru the NAT interface.  This is the ONLY site I cannot reach normally.  I have to use the Tor browser to reach the site, and, even then, once I get a new cygwin setup .exe, the list of mirrors doesn't auto-fill because (surprise, surprise) I cannot connect via any known protocol to either www.cygwin.com or 209.132.180.131.

The SSL certificates I get from a successful Tor hit and an unsuccessful
403 from home are identical

I am concluding that at least the address range 69.12.250.{40-47} are being blocked; and it probably extends beyond that.

Firewall is a Watchguard Firebox running pf_sense.  I get the 403 even with a direct (non-firewalled, non-routed connection)

I have attached two .txt file with runs from two servers within my house, one running NetBSD, one running Windows [thus the importance of cygwin].
Included are runs from 'host'/'nslookup', 'ping', 'traceroute', 'curl' 
and 'openssl'

This is NOT a local firewall issue, otherwise my other machines on different addresses would not have a problem.

smaug is my internal firewall.
stupidhead is the default next hop from said firewall.

"...it's nothing to do with cygwin.com."

Sooooo, why else would I get a refusal from the web server from this address when I can connect from elsewhere ** and the SSL certificate is the same ** ??

What am I missing?

"...but there's nothing we can do from here."

Where is "here"? If "here" == "cygwin.com", you can't tell me if my IP is on an internal blacklist (and, moreso, why?)??


On 2017-04-21 08:06, Gluszczak, Glenn wrote:
>
> Agree, it's nothing to do with Cygwin.com.
>
> Check for a firewall on your local machine.  Check your home router to see if it has a firewall with restrictions.
> Perhaps you're passing through a proxy server or firewall at the ISP?
> Try traceroute or wget to analyze what site you're really attaching to.
>
>
>
> On 4/21/2017 2:35 AM, Greywolf wrote:
>> Hello,
>>
>> I am having a server issue that neither I nor my ISP seem to be able
>> to resolve with regards to connecting to Cygwin.com -- namely, only
>> from my house, I get a 403 Forbidden.
>>
>
> This is _your_ problem.  Something has caused you to not be able to reach cygwin.com properly.  What IP address does cygwin.com resolve to?
> Does using the IP address directly work for you?
>
> $ ping cygwin.com
>
> Pinging cygwin.com [209.132.180.131] with 32 bytes of data:
>
>
>> I've been round with my ISP and they are unable to reproduce the
>> issue; the response I get from here is "contact your ISP".  So who do
>> I contact about this?  Not being able to automagically fetch the
>> mirror list is annoying, and not being able to reach the site to see
>> about updates and such is similarly so.
>>
>
> Understandable but nothing we can do from here.