Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Closed Forums (read only) > ASG V7.500 BETA (closed)
Reload this Page [7.450][BUG][FIXED] Static DNS entries doesnt resolve when http proxy disabled
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-15-2009, 09:33 PM
Member
  
Join Date: Oct 2002
Location: Sweden
Posts: 59
Default [FIXED: #10618][7.450] Static DNS entries doesnt resolve when http proxy disabled
I have a number of static entries set in the DNS static list on ASG.

Running on Vista as a client, nslookup can't resolve the static dns entries if the http proxy is disabled.
__________________
10 user license non-profit org:ASG 7.500, SUN Fire x2100, AMD Opteron 2.8GHz dual core, 2GB ram, 6 nics, 250GB HDD
10 user home license: ASG Virtual appliance 7.500 with vmware server 2.0.1 on Ubuntu 8.04 server, Asus P5B-V, Intel Core quad 2.4GHz, 8GB ram, 1.3TB HDD, 4 Nics, 2 other virtual instances.
  #2 (permalink)  
Old 06-15-2009, 10:19 PM
Billybob's Avatar
Wizard
  
Join Date: Jul 2006
Location: United States
Posts: 562
Default
You are correct. There is some kind of packet filter confusion with the http proxy off. The name resolution works fine with the proxy turned on but times out when the proxy is turned off. However you can go to the console and the resolution is fine which leads me to believe its a packet filter issue.

All the tests were done with http proxy in standard mode. First its turned off and then turned on. Another thing that I have noticed is that nslookup is taking a long time on windows machines, but dig doesn't show any irregularities

I have attached a few screenshots with windows nslookup and windows dig and then finally on the console with dig with the http proxy turned off and then on.
Attached Images
File Type: jpg dns1.JPG (26.9 KB, 5 views)
File Type: jpg dns2.JPG (36.4 KB, 6 views)
File Type: jpg dns3.JPG (43.9 KB, 6 views)
File Type: jpg dns4.JPG (42.2 KB, 6 views)
  #3 (permalink)  
Old 06-15-2009, 10:25 PM
Billybob's Avatar
Wizard
  
Join Date: Jul 2006
Location: United States
Posts: 562
Default
Ah found the culprit. The intrusion detection is playing mind games with simple folks like us. Wow, this default level of protection from IPS might be too much for new users etc. Everything works fine if you turn off the IPS. Here is a snip from the alert...

Quote:
Intrusion Protection Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: DNS dns response containing rfc1918 address detected
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=13249
Time...........: 2009:06:15-15:41:23
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: Potential Corporate Privacy Violation IP protocol....: 17 (UDP)
Source IP address: 192.168.0.1
Source port: 53 (domain)
Destination IP address: 192.168.0.10
The above rule might be useful for some people but in general seems like an over kill. You can't add astaro as a DNS host so all the windows users will be generating a bunch of alerts when using nslookup since dig is only available via 3rd parties for windows. Interesting enough dig doesn't generate the alert and hence my initial observation about nslookup being slow. Disabling the above rule in IPS doesn't speed up nslookup any ...
Last edited by Billybob; 06-15-2009 at 11:10 PM. Reason: Afterthoughts....
  #4 (permalink)  
Old 06-15-2009, 11:19 PM
Member
  
Join Date: Oct 2002
Location: Sweden
Posts: 59
Default
Another issue?

If I follow the link http://www.snort.org/pub-bin/sigs.cgi?sid=13249 I get the snort web site version of a 404
__________________
10 user license non-profit org:ASG 7.500, SUN Fire x2100, AMD Opteron 2.8GHz dual core, 2GB ram, 6 nics, 250GB HDD
10 user home license: ASG Virtual appliance 7.500 with vmware server 2.0.1 on Ubuntu 8.04 server, Asus P5B-V, Intel Core quad 2.4GHz, 8GB ram, 1.3TB HDD, 4 Nics, 2 other virtual instances.
  #5 (permalink)  
Old 06-15-2009, 11:29 PM
Billybob's Avatar
Wizard
  
Join Date: Jul 2006
Location: United States
Posts: 562
Default
Yes... But already discussed here
  #6 (permalink)  
Old 06-24-2009, 07:03 PM
 
Join Date: Jun 2009
Posts: 0
Default
Code:
Astaro Beta Report
--------------------------------
Version: 7.450
Type: BUG
State: FIXED
Reporter: Erik Franzén
Contributor: 
MantisID: 10618
--------------------------------
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 10:44 PM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.