[7.460][QUESTION][OPEN] Connection refused on shared resources

[Billybob]

Did some more testing on the port 80 mystery. I disabled http proxy and disabled all traffic for my xp client to dmz. When you type start run \\192.168.1.101 It generates netbios/port 445 traffic and then suddenly switches to port 8080 and queries the firewall itself at 192.168.0.1. Another strange windows behavior I guess. Screenshot attached.

[wingman]

Quote:

Originally Posted by Billybob

Did some more testing on the port 80 mystery. I disabled http proxy and disabled all traffic for my xp client to dmz. When you type start run \\192.168.1.101 It generates netbios/port 445 traffic and then suddenly switches to port 8080 and queries the firewall itself at 192.168.0.1. Another strange windows behavior I guess. Screenshot attached.

If that's the case then yes the traffic is blocked

I can confirm that.I've disabled the http proxy and IPS and logged traffic

Code:

18:43:10	Packetfilter rule #9	TCP	
192.168.2.31	:	3354
→	
172.16.1.2	:	80
[SYN]	len=48	ttl=127	tos=0x00	srcmac=00:1f:d0:0a:9a:89	dstmac=00:b0:c2:02:e4:4f
18:43:10	Packetfilter rule #9	TCP	
192.168.2.31	:	3354
→	
172.16.1.2	:	80
[SYN]	len=48	ttl=127	tos=0x00	srcmac=00:1f:d0:0a:9a:89	dstmac=00:b0:c2:02:e4:4f
18:43:10	Packetfilter rule #9	TCP	
192.168.2.31	:	3354
→	
172.16.1.2	:	80
[SYN]	len=48	ttl=127	tos=0x00	srcmac=00:1f:d0:0a:9a:89

The log includes netbios as well but I didn't include here as it's expected to see netbios traffic

I get a challenge for my password and username on the box. Strangely enough I can see port 80 (not 8080) on the log

Stll that doesn;'t explain why my vista box can access with no issues when ips and HTTP proxy are enabled

[wingman]

to me this is a bug so I've changed the name

Any luck Billybob with the testing from ur side?

[Billybob]

Quote:

Originally Posted by wingman

to me this is a bug so I've changed the name
Any luck Billybob with the testing from ur side?

Sorry about not getting back sooner. Was trying to have a regular life on the 4th of July weekend This is definitely a bug, I think they are just waiting on your confirmation if IPS is what is really blocking your access and if it is, are both vista and xp affected. Just a little more info.

When I tested this I couldn't get to my share on dmz using vista or xp. In vista, I would get an explorer window and it would hang generating the
sid="529" NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt
xp generates the sid="466" ICMP L3retriever Ping.

Although sid 466 is not set to block, it still blocked my requests but thats a different bug.

Quote:

Originally Posted by wingman

I get a challenge for my password and username on the box. Strangely enough I can see port 80 (not 8080) on the log

I had port 8080 in my browser so it is going to 8080 for me and 80 for you.

[wingman]

I will test again and post my results here

[wingman]

I've disabled both IPS and Proxy and it doesn't work.I guess it's normal since I dont have any pf allowing ports 80,8080
I can see the traffic being blocked including port 80

[wingman]

issue not solved on 7.470 update
I can connect with no issues on devices on the same subnet (192.168.2.x)
Astaro doesn't log (packet filter) anything when the connection is initiated from the vista to the media center .
When the connection is initiated from the xp client then I can see allowed connection as Billybob mentioned

[wingman]

same error when trying to connect

Code:

2009:07:11-20:45:03 stuffman httpproxy[4120]: [0xb15d9870] send_request_headers (request.c:171) write: Connection refused 
2009:07:11-20:45:03 stuffman httpproxy[4120]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="OPTIONS" srcip="192.168.2.31" user="" statuscode="502" cached="0" profile="REF_TJkZFLrkmc (Zone 1 Proxy filter)" filteraction="REF_KvAnposSQm (Zone 1 Filter)" size="2135" time="3 ms" request="0xb15d9870" url="http://172.16.1.2/" exceptions="" error="" category="9998" reputation="neutral" categoryname="Uncategorized"

[wingman]

Workaround: I can access the shared folder by removing the DMZ client from the IPS

[wingman]

I 've recently installed windows 7 RC and I am not facing the issue. I am able to rdp to the dmz and access the shared resources.

I assume it was some kind of bug.

Thanks for your help