How can I prove (with logging) where a port block is occurring?

From the remote site, you can use traceroute to work out where in the path the port is blocked. Note that this has to be a *nix traceroute, eg linux, as Windows does not support traceroute over arbitrary ports.

Compare

sudo traceroute -p 21 -T <your server ip>

to

sudo traceroute -p 80 -T <your server ip>

These have to be run as root as it requires elevated privileges.

Note that it is the IP after the last successful hop that tells you where the block is - ie, the hop that does not respond. So look for the next hop in the port 80 traceroute after the last successful one in the port 21 traceroute.

To check at which point or hop your port is being blocked use tracetcp. its very simple as below.

To check port 31 all the way to destination:

$ tracetcp www.ebay.co.uk:31

Tracing route to 66.135.192.41 [www.ebay.co.uk] on port 31


Over a maximum of 30 hops.

1       1 ms    1 ms    1 ms    192.168.0.1     [wintermute]

2       10 ms   13 ms   9 ms    10.78.128.1

3       *       *       *       Request timed out.

4       *       *       *       Request timed out.

5       *       *       *       Request timed out.

6 ... continues until maximum number of hops reached.

you just need to install winpcap than this utility will work from Windows Cmd.

http://simulatedsimian.github.io/tracetcp_examples.html#scan-for-blocked-outgoing-ports

If you don't have access to a Linux box, just install the telnet client on Windows:

Control Panel -> Programs and Features

telnet server-ip port

Or you can download PuTTY.

If the conenction timesout or is refused, then that is a problem :)