Ok, I spoke too hastily. It's possible a webserver blocks sites or the ISP blocks. Also, perhaps cygwin.com can't resolve starwolf.com as Brian suggested. Looking at your curl and openssl output I see this oddity
"No ALPN negotiated" "ALPN, server did not agree to a protocol" According to this site cygwin.com does not support HTTP/2. Must be using 1.1. https://tools.keycdn.com/http2-test Does this get you a web page? curl -v --http1.0 https://www.cygwin.com You're not doing any port forwarding of 443? Glenn ============================================================ Greetings, I'm trying from several different machines in the house, some directly connected, as well as any thru the NAT interface. This is the ONLY site I cannot reach normally. I have to use the Tor browser to reach the site, and, even then, once I get a new cygwin setup .exe, the list of mirrors doesn't auto-fill because (surprise, surprise) I cannot connect via any known protocol to either www.cygwin.com or 209.132.180.131. The SSL certificates I get from a successful Tor hit and an unsuccessful 403 from home are identical I am concluding that at least the address range 69.12.250.{40-47} are being blocked; and it probably extends beyond that. Firewall is a Watchguard Firebox running pf_sense. I get the 403 even with a direct (non-firewalled, non-routed connection) I have attached two .txt file with runs from two servers within my house, one running NetBSD, one running Windows [thus the importance of cygwin]. Included are runs from 'host'/'nslookup', 'ping', 'traceroute', 'curl' and 'openssl' This is NOT a local firewall issue, otherwise my other machines on different addresses would not have a problem. smaug is my internal firewall. stupidhead is the default next hop from said firewall. "...it's nothing to do with cygwin.com." Sooooo, why else would I get a refusal from the web server from this address when I can connect from elsewhere ** and the SSL certificate is the same ** ?? What am I missing? "...but there's nothing we can do from here." Where is "here"? If "here" == "cygwin.com", you can't tell me if my IP is on an internal blacklist (and, moreso, why?)?? On 2017-04-21 08:06, Gluszczak, Glenn wrote: > > Agree, it's nothing to do with Cygwin.com. > > Check for a firewall on your local machine. Check your home router to see if > it has a firewall with restrictions. > Perhaps you're passing through a proxy server or firewall at the ISP? > Try traceroute or wget to analyze what site you're really attaching to. > > > > On 4/21/2017 2:35 AM, Greywolf wrote: >> Hello, >> >> I am having a server issue that neither I nor my ISP seem to be able >> to resolve with regards to connecting to Cygwin.com -- namely, only >> from my house, I get a 403 Forbidden. >> > > This is _your_ problem. Something has caused you to not be able to reach > cygwin.com properly. What IP address does cygwin.com resolve to? > Does using the IP address directly work for you? > > $ ping cygwin.com > > Pinging cygwin.com [209.132.180.131] with 32 bytes of data: > > >> I've been round with my ISP and they are unable to reproduce the >> issue; the response I get from here is "contact your ISP". So who do >> I contact about this? Not being able to automagically fetch the >> mirror list is annoying, and not being able to reach the site to see >> about updates and such is similarly so. >> > > Understandable but nothing we can do from here.
