Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Closed Forums (read only) > ASG V7.500 BETA (closed)
Reload this Page [7.460][QUESTION][OPEN] Connection refused on shared resources
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Page 1 of 3 1 23
 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-27-2009, 04:10 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 757
Default [7.460][Bug] Connection refused on shared resources
Hi All

The issue I am facing is that I am unable to access resources on my media client
It used to work on version 7.404 but after updating to v7.460 is doesn't work.
I am getting the following error via the HTTP log

Code:
2009:06:27-16:05:45 Enterprise httpproxy[4075]: [0xa9c538f0] send_request_headers (request.c:171) write: Connection refused 
2009:06:27-16:05:45 Enterprise httpproxy[4075]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="OPTIONS" srcip="192.168.2.31" user="" statuscode="502" cached="0" profile="REF_TJkZFLrkmc (Zone 1 Proxy filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2135" time="2 ms" request="0xa9c538f0" url="http://172.16.1.2/" exceptions="" error="" category="9998" reputation="neutral" categoryname="Uncategorized"

I am not blocking uncategorized and neutral. PF rules are ok since I can see the traffic logged for the client 172.16.1.2

Any ideas?
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
Last edited by wingman; 07-07-2009 at 09:26 PM.
  #2 (permalink)  
Old 06-27-2009, 06:47 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 4,953
Default
It looks like the HTTP Proxy is blocking traffic with your DMZ. Are you sure you haven't selected the 'Suspicious and uncategorized' checkbox in the middle of the list of categories?
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
  #3 (permalink)  
Old 06-27-2009, 06:53 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 757
Default
The DMZ zone only blocks the following:

DMZ Zone filter
-------------------
Anonymizers
Anonymizing Utilities
Parked Domain
Phishing
Spam URLs
Spyware/Adware

It was the exact same config I was using on v7.404. Do you know what is the following:

Code:
2009:06:27-16:05:45 Enterprise httpproxy[4075]: [0xa9c538f0] send_request_headers (request.c:171) write: Connection refused
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
  #4 (permalink)  
Old 06-27-2009, 06:59 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 4,953
Default
The issue is with the filtering done on the Internal network, not on that done on the DMZ network. What does that cinfig look like?

I dunno, I had assumed that line was part of the blocking.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
  #5 (permalink)  
Old 06-27-2009, 07:03 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 757
Default
I was about to edit my previous post cause I accidentally told you about the DMZ. Internal zone blocks the following only:

Zone 1 filter
------------------------
Anonymizers
Anonymizing Utilities
Parked Domain
Phishing
Spam URLs
Spyware/Adware
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
  #6 (permalink)  
Old 06-27-2009, 07:28 PM
Billybob's Avatar
Wizard
  
Join Date: Jul 2006
Location: United States
Posts: 562
Default
Routing is probably getting confused since more than likely dmz is allowed to surf via http proxy also. But the error in the logs would indicate that the proxy is blocking it which doesn't make sense. Do you have packet filter rule allow LAN-->http to dmz by any chance?
If you do, as a work around, try putting 172.16.1.2 in transparent skiplist under http/s-->advanced-->Transparent mode skiplist. Also uncheck the box Allow HTTP traffic for listed hosts/nets after you add the IP. I am assuming you are using transparent proxy and see if it works.
It still might be a bug though in http proxy. HTTP proxy was fine in 7.450 but is not the stablest thing in 7.460 in my opinion.
  #7 (permalink)  
Old 06-27-2009, 07:52 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 757
Default
Quote:
Originally Posted by Billybob View Post
Routing is probably getting confused since more than likely dmz is allowed to surf via http proxy also. But the error in the logs would indicate that the proxy is blocking it which doesn't make sense. Do you have packet filter rule allow LAN-->http to dmz by any chance?
If you do, as a work around, try putting 172.16.1.2 in transparent skiplist under http/s-->advanced-->Transparent mode skiplist. Also uncheck the box Allow HTTP traffic for listed hosts/nets after you add the IP. I am assuming you are using transparent proxy and see if it works.
It still might be a bug though in http proxy. HTTP proxy was fine in 7.450 but is not the stablest thing in 7.460 in my opinion.
i have a rule that only allows specific (netbios,ping etc) trafic to DMZ and is on the top of the rules. When I enable the logging for this rule I can see the traffic allowed but still traffic is blocked by the proxy.
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
  #8 (permalink)  
Old 06-27-2009, 08:39 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 757
Default
it seems that https proxy is not stable. I have the same issue with a website and I explicity allowed it on the http proxy

seems strange

Code:
2009:06:27-20:42:19 Enterprise httpproxy[8978]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.2.31" user="" statuscode="400" cached="0" profile="REF_TJkZFLrkmc (Zone 1 Proxy filter)" filteraction=" ()" size="2371" time="0 ms" request="0xa83d4490" url="http://update.filezilla-project.org/updatecheck.php?platform=i586-pc-mingw32msvc&version=3.2.5&osversion=5.1&beta=1" exceptions="" error=""
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
Last edited by wingman; 06-27-2009 at 08:42 PM.
  #9 (permalink)  
Old 06-27-2009, 10:55 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 757
Default
strangely enough ,one of the vista clients can connect with no issues to the shared resources and there is no log when they try to connect on the HTTP log. the two clients are in the same proxy filter and have the exact same proxy settings.However, I am getting the below error:

Code:
2009:06:27-23:00:20 Enterprise httpproxy[4028]: [0xa8c75808] send_request_headers (request.c:171) write: Connection refused
2009:06:27-23:00:20 Enterprise httpproxy[4028]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="OPTIONS" srcip="192.168.2.31" user="" statuscode="502" cached="0" profile="REF_TJkZFLrkmc (Zone 1 Proxy filter)" filteraction="REF_KvAnposSQm (Zone 1 Filter)" size="2135" time="2 ms" request="0xa8c75808" url="http://172.16.1.2/" exceptions="" error="" category="9998" reputation="neutral" categoryname="Uncategorized
and the vista client isn't
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
Last edited by wingman; 06-27-2009 at 11:02 PM.
  #10 (permalink)  
Old 06-28-2009, 07:51 AM
 
Join Date: Jun 2009
Posts: 0
Default
Code:
Astaro Beta Report
--------------------------------
Version: 7.460
Type: QUESTION
State: OPEN
Reporter: wingman
Contributor: 
MantisID: 
--------------------------------
 
Page 1 of 3 1 23

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 11:08 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.