Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Management, Networking, Logging and Reporting
Reload this Page ASG425 going crazy?
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-30-2009, 06:46 PM
Junior Member
  
Join Date: May 2009
Location: Bonn, Germany
Posts: 8
Exclamation ASG425 going crazy?
Hi folks,

since a couple days my astaro makes heavy load to my provider, usually more than 1000 connections so that the providers firewall blocks certain times.
I got them to send me over a logfile to check where the connections come from, and this is how it looks like:

1246287241.799 40 my.local.ip. TCP_MISS/200 458 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287241.867 44 my.local.ip. TCP_MISS/200 538 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287241.925 41 my.local.ip. TCP_MISS/200 330 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287242.017 49 my.local.ip. TCP_MISS/200 314 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287242.118 45 my.local.ip. TCP_MISS/200 346 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287242.183 43 my.local.ip. TCP_MISS/200 266 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287242.686 42 my.local.ip. TCP_MISS/200 330 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287242.705 45 my.local.ip. TCP_MISS/200 314 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287243.427 38 my.local.ip. TCP_MISS/200 330 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287243.534 39 my.local.ip. TCP_MISS/200 346 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287243.672 41 my.local.ip. TCP_MISS/200 362 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287243.678 41 my.local.ip. TCP_MISS/200 346 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287243.716 39 my.local.ip. TCP_MISS/200 346 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287243.778 40 my.local.ip. TCP_MISS/200 314 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287243.812 43 my.local.ip. TCP_MISS/200 330 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287244.014 43 my.local.ip. TCP_MISS/200 346 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287244.040 42 my.local.ip. TCP_MISS/200 346 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287244.042 39 my.local.ip. TCP_MISS/200 346 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287244.046 41 my.local.ip. TCP_MISS/200 330 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287244.182 46 my.local.ip. TCP_MISS/200 330 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287244.214 40 my.local.ip. TCP_MISS/200 362 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287244.238 46 my.local.ip. TCP_MISS/200 346 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287244.247 42 my.local.ip. TCP_MISS/200 378 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)
1246287244.273 43 my.local.ip. TCP_MISS/200 330 POST http://cffs05.astaro.com/acf2 - DEFAULT_PARENT/firewall.of.provider - (ICAP: FILTERED)



...so can anybody tell me where these connections come from?
Reply With Quote
  #2 (permalink)  
Old 06-30-2009, 08:25 PM
Wizard
  
Join Date: Oct 2005
Posts: 2,415
Default
Those look like the category requests that your Astaro's content filtering sends to Astaro's Content filter DBs... your ISP should not be blocking those requests.
__________________
Convergent Information Security Solutions, LLC
Astaro Preferred Solution Partner
Reply With Quote
  #3 (permalink)  
Old 07-01-2009, 07:35 AM
Junior Member
  
Join Date: May 2009
Location: Bonn, Germany
Posts: 8
Default
Quote:
Originally Posted by BrucekConvergent View Post
T... your ISP should not be blocking those requests...
Thanks for the answer, but i canīt tell them what they have to do or not...

But...for some reason i do have a second connection to the Internet, so is there a chance to tell those DB Requests to use the other line instead? Do i have to set up a DNAT-Rule or something equal?
Reply With Quote
  #4 (permalink)  
Old 07-07-2009, 10:12 AM
Junior Member
  
Join Date: May 2009
Location: Bonn, Germany
Posts: 8
Default
Ok, i got some information:
For every request to a URL a second request to cffs**.astaro.com will be made to check the filter. So this doubles the connections. Bad thing if if you do NAT in combination with a parent proxy because it looks like thousends of packets come from one host...looks like a DOS-Attack.

Now i got the following information from my provider:
It will work to split the traffic. I have to redirect the *normal* HTTP-Requests to one Parent Proxy and the other (cffs**.astaro.com) to another Parent.

Now my question - where can i setup a rule to tell my ASG to use a different proxy for these requests?

I tried a Full NAT-Rule, but that doesnt work...
Last edited by Weissnix; 07-07-2009 at 10:14 AM.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 06:34 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.