Thread Info
  • State Not Answered
  • Replies 20 replies
  • Subscribers 0 subscribers
  • Views 9450 views
  • Users 0 members are here
Options
Suggested

[8.910][DUPE] Web Protection breaks web access

UrsWeiss
SOLUTION: Disable "HTML5 VPN Portal"

After the update to 8.910 i wasn't able to access webpages anymore.

Getting "Host not found" screen (the one from Web Protection) and a lot of these errors in the log: 

2012:03:19-19:47:59 whity httpproxy[9893]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs01.astaro.com: Name or service not known"

2012:03:19-19:47:59 whity httpproxy[9893]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs02.astaro.com: Name or service not known"

2012:03:19-19:47:59 whity httpproxy[9893]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs03.astaro.com: Name or service not known"

2012:03:19-19:47:59 whity httpproxy[9893]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs04.astaro.com: Name or service not known"

2012:03:19-19:47:59 whity httpproxy[9893]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs05.astaro.com: Name or service not known"

2012:03:19-19:47:59 whity httpproxy[9893]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x96a6330" function="sc_categorize_url_remote" file="scr_scanner.c" line="907" message="no categorization received for url: http://www.google.com/finance/


Have to disable Web Protection to access websites.
  • 0
    Doesn't help

    These are the log messages right after i started Web Protection 
    2012:03:19-19:56:34 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="242" message="reading configuration"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="548" message="getaddrinfo: passthrough.fw-notify.net: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="2630" message="failed to resolve passthrough.fw-notify.net, using 213.144.15.19"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="548" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="2634" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="262" message="reading profiles"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs01.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs02.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs03.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs04.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs05.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs06.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs07.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs08.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update" file="scr_scanner.c" line="1202" message="started update thread"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs01.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs02.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs03.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs04.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs05.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs06.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs07.astaro.com: Name or service not known"

    2012:03:19-19:56:35 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_resolve_server" file="scr_scanner.c" line="355" message="DNS: cffs08.astaro.com: Name or service not known"

    2012:03:19-19:56:50 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="saviscanner.c" line="151" message="Successfully loaded SAVI thread data, engine 3.27.0, thread data 4.73 from 2/1/2012 (3231717 detected threads)"

    2012:03:19-19:56:50 whity httpproxy[11121]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="305" message="finished startup"

    2012:03:19-19:56:50 whity httpproxy[11121]: Integrated HTTP-Proxy (c) 2007-2012 Astaro GmbH & Co. KG, Release 51.g3aab342
  • 0 in reply to UrsWeiss
    can you please try to change http proxy from tranparant to std without changing browser setting 

    its working for me same problem 

    thx
  • 0
    I am able to ping the servers so don't think it's an issue with the servers. It seems like DNS error. Are you able to resolve the dns names via your UTM?
  • 0 in reply to wingman
    are you able to run audld.plx from ssh ? 

    i am on vmware esxi  5

    thx
  • 0 in reply to utm_kid
    Its working fine for me also. As wingman suggested, take a look at your dns log and perhaps system logs for hints.
    Regards
    Bill
  • 0
    Think the UTM has some kind of DNS lookup problems... 

    Trying "cffs01.astaro.com"

    Received 35 bytes from 127.0.0.1#53 in 8 ms

    Trying "cffs01.astaro.com"

    Host cffs01.astaro.com not found: 2(SERVFAIL)

    Received 35 bytes from 127.0.0.1#53 in 4 ms


    Also noted that my tunnel broker can't connect anymore: 

    2012:03:19-20:01:15 whity tspc[12631]: gogoCLIENT v1.2-RELEASE build Oct 26 2011-19:23:39

    2012:03:19-20:01:15 whity tspc[12631]: Built on ///Linux axgbuild 2.6.32.46-0.3-default #1 SMP 2011-09-29 17:49:31 +0200 i686 i686 i386 GNU/Linux///

    2012:03:19-20:01:16 whity tspc[12631]: Failed to connect to server amsterdam.freenet6.net on port 3653.

    2012:03:19-20:01:16 whity tspc[12631]: Disconnected. Retrying in 19336 seconds.

    2012:03:19-20:02:57 whity tspc[12631]: Last status context is: Network connection.

    2012:03:19-20:02:57 whity tspc[12631]: Finished.


    Also fails to lookup IP address: 

    Trying "amsterdam.freenet6.net"

    Received 40 bytes from 127.0.0.1#53 in 8 ms

    Trying "amsterdam.freenet6.net"

    Host amsterdam.freenet6.net not found: 2(SERVFAIL)

    Received 40 bytes from 127.0.0.1#53 in 4 ms
  • 0
    For the ipv6 Issue I had the same and I had to disable IPS and ipv6. Then enable ipv6 ,let it connect and then enable IPS

    Can you change the DNS and try again? have a try with opendns or the ISP ones
  • 0
    I'm getting tons of "host unreachable resolving" and "network unreachable resolving" messages in the DNS log.

    Changed the forwarder DNS to Google, same errors. Even can't resolve Google...
  • 0 in reply to UrsWeiss
    Your IPv6 is stuck in connectionless state. Disable ipv6 and everything will be back. Then you can re-enable IPv6. But the question remains why is your ipv6 failing to initialize everytime[:S]
    Regards
    Bill
Cookie Information Banner