Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Junior Member
Join Date: Sep 2011
Posts: 27
#1 (permalink)  
Old 09-29-2011, 12:50 AM
Default Zumocast

I just installed Zumocast on my home PC so I can remotely get to my pictures, videos and music. When I try to connect to the ZumoCast remotely it is not working. When looking at my Astaro logs Content filter(http/https) I am seeing constant errors. Here is the error?

2011:09:28-19:43:10 asg httpproxy[5953]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="register" srcip="192.168.2.2" dstip="" user="" statuscode="400" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="4700" time="0 ms" request="0xa7dec9d8" url="server" exceptions="" error="Received invalid request from client"

Any help would be greatly appreciated? I am a home user with ASG V8
Reply With Quote
Junior Member
Join Date: Sep 2011
Posts: 27
#2 (permalink)  
Old 09-29-2011, 08:04 AM
Default

I updated the firmware to 8.201 and the error messages are not occurring but I still cannot connect to ZumoCast. Any ideas?
Reply With Quote
Scott_Klassen's Avatar
Quaestum Magnum Scientiae
Join Date: Feb 2006
Posts: 5,432
#3 (permalink)  
Old 09-30-2011, 05:16 AM
Default

What mode are you running the web proxy in? Also, 8.201 has a number of web proxy bugs in it. I would suggest installing the 8.202 soft-release (http://www.astaro.org/astaro-gateway...-released.html) or wait until 8.202 GA next week.
__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Reply With Quote
Junior Member
Join Date: Sep 2011
Posts: 27
#4 (permalink)  
Old 09-30-2011, 04:13 PM
Default

I am running in Transparent Mode. I also updated to the 8.202 with no luck. Just to let you know that Zumocast looks like it needs 2 ports forwarded. I installed Zumocast on another computer inside my home network and it had 2 different port forward numbers. Does this mean I need to add this ports in a rule on the firewall? I have installed Zumocast on a computer outside of my network and it works fine.

Last edited by tarheelnc1; 09-30-2011 at 08:08 PM.
Reply With Quote
Junior Member
Join Date: Sep 2011
Posts: 27
#5 (permalink)  
Old 10-01-2011, 06:28 AM
Default

I figured it out but would like to know if this in any way makes my gateway any less safe. I had to create (2) firewall rules as well as (2) NAT rules similar to the one used for XBOX360.

Under Network Security

Source: xx.xx.xx.xx = IP of the machine Zumocast is installed on
Service: (Port) = This is the port that Zumocast has once software is installed (Find it under preferences)
Destination: Any
Action: Allow

NAT Rule

DNAT/SNAT tab

Traffic Source: Any
Traffic Service: Zumocast Port
Traffic Destination: External (WAN) (Network)
Destination: IP of the machine Zumocast is installed on
Destination Service: Zumocast Port

Automatic Firewall Rule: On
Nat Mode: DNAT (Destination)

Last edited by tarheelnc1; 10-04-2011 at 05:50 PM.
Reply With Quote
Scott_Klassen's Avatar
Quaestum Magnum Scientiae
Join Date: Feb 2006
Posts: 5,432
#6 (permalink)  
Old 10-01-2011, 06:50 AM
Default

1) You shouldn't need to manually create firewall rules if Automatic Firewall rules are enabled in the DNAT.

2) With a DNAT where the port does not require translation (the port number stays the same), you should leave the Destination Service blank.

Quote:
would like to know if this in any way makes my gateway any less safe
Yes and no. Anytime you open up an internal device to unrequested traffic from the internet, you make yourself a little more vulnerable, but this is a compromise necessary to serve traffic. To mitigate this, if possible, you should add another NIC to your Astaro box. This would be a DMZ interface that you would connect your XBOX and Zumocast boxes to in order to separate them from your other LAN machines. Another thing you can do is if the Zumocast traffic only comes from one specific server or network, you can change the traffic source in the DNAT from ANY to that one particular address or network.
__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Reply With Quote
Junior Member
Join Date: Sep 2011
Posts: 27
#7 (permalink)  
Old 10-04-2011, 05:49 PM
Default

I do not see any Automatic Firewall Rules in the DNAT. I only see my XBOX360 and Zumocast rules that I manually created. Should this have been created when I installed Astaro? Maybe I am looking in the wrong place for the Automatic Firewall rules? Is there a way to create these Automatic Firewall Rules manually?

ASG 8.202 soft-release
Home User
Reply With Quote
Scott_Klassen's Avatar
Quaestum Magnum Scientiae
Join Date: Feb 2006
Posts: 5,432
#8 (permalink)  
Old 10-04-2011, 07:09 PM
Default

See the attached screenshot or you can just create your firewall rules manually.
Attached Images
File Type: jpg nat.jpg (24.4 KB, 11 views)
__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 05:42 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.