Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 41 replies
  • Subscribers 0 subscribers
  • Views 22855 views
  • Users 0 members are here
Options
Suggested

[8.920][BUG] IPv6 connection issues (was: Proxy does not handle dual stack servers!)

sjorge
Since swapping my ASG v8 with v9 beta I'm having problems accessing dual-stack enabled servers.

Servers like my own (blackdot.be) or even astaro.org time out when using the HTTP Proxy. If I disable the IPv6 DNS entry it works fine. So I know it is IPv6 related.

2012:04:10-23:12:16 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2850" request="0x841e5c8" url="http://www.astaro.com/sites/all/themes/yaml/layouts/yaml_astaro/images/en-int/myastaro.png" exceptions="" error="Connection to server timed out"
2012:04:10-23:12:16 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2746" request="0x836ccf0" url="http://www.astaro.com/elqNow/elqCfg.js" exceptions="" error="Connection to server timed out"
2012:04:10-23:12:16 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2746" request="0x836cb88" url="http://www.astaro.com/elqNow/elqImg.js" exceptions="" error="Connection to server timed out"
2012:04:10-23:12:33 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2836" request="0xbcd35198" url="http://www.astaro.com/sites/all/themes/yaml/layouts/yaml_astaro/css/navigations.css" exceptions="" error="Connection to server timed out"
2012:04:10-23:12:33 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2742" request="0xbcd06768" url="http://www.astaro.com/misc/jquery.js" exceptions="" error="Connection to server timed out"
2012:04:10-23:12:33 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2850" request="0x830fb68" url="http://www.astaro.com/sites/all/themes/yaml/layouts/yaml_astaro/images/en-int/myastaro.png" exceptions="" error="Connection to server timed out"
2012:04:10-23:12:34 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2746" request="0x834f060" url="http://www.astaro.com/elqNow/elqCfg.js" exceptions="" error="Connection to server timed out"
2012:04:10-23:12:34 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2746" request="0x830fe38" url="http://www.astaro.com/elqNow/elqImg.js" exceptions="" error="Connection to server timed out"
2012:04:10-23:13:34 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2742" request="0x830fb68" url="http://www.astaro.com/misc/jquery.js" exceptions="" error="Connection to server timed out"
2012:04:10-23:14:14 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2001:1938:81:164::2" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2708" request="0x834f768" url="http://blackdot.be/" exceptions="" error="Connection to server timed out"
2012:04:10-23:14:35 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2746" request="0x834f060" url="http://www.astaro.com/elqNow/elqCfg.js" exceptions="" error="Connection to server timed out"
2012:04:10-23:14:35 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="2001:6f8:1480:15:11a8:c2f0:eb92[:D]869" dstip="2a02:788:12:38::5" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2850" request="0x830fb68" url="http://www.astaro.com/sites/all/themes/yaml/layouts/yaml_astaro/images/en-int/myastaro.png" exceptions="" error="Connection to server timed out"
2012:04:10-23:14:43 inertia httpproxy[10369]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.16.15.111" dstip="2001:1938:81:164::2" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2708" request="0x83a3300" url="http://www.blackdot.be/" exceptions="" error="Connection to server timed out" 
Parents
  • 0
    This should be released via pattern up2date.
    Whats the output of the following console command:
    rpm -q -a|grep u2d-ipsbundle
  • 0 in reply to da_merlin
    This should be released via pattern up2date.
    Whats the output of the following console command: 
    rpm -q -a|grep u2d-ipsbundle


    Sorry for the slow replies, I'm messing with my old nas because it is dying so I was/am distracted.

    Simple test, connections been online for a few hours... doing a simple wget on ipv6.google.com
    sjorge@mass /tmp $ wget Google
    --2008-01-01 03:01:30--  Google
    Resolving ipv6.google.com... 2a00:1450:4007:804::1012
    Connecting to ipv6.google.com|2a00:1450:4007:804::1012|:80... failed: Connection timed out.
    Retrying.

    --2008-01-01 03:02:34--  (try: 2)  Google
    Connecting to ipv6.google.com|2a00:1450:4007:804::1012|:80...


    loginuser@inertia:/home/login > rpm -q -a|grep u2d-ipsbundle
    u2d-ipsbundle-9-37



    Just hangs, this is the case for every ipv6 server or dualstack server.

    Again, ping still works fine:
    sjorge@mass /tmp $ date; ping6 ipv6.google.com
    Tue Jan  1 03:12:01 CET 2008
    PING ipv6.google.com(par08s09-in-x11.1e100.net) 56 data bytes
    64 bytes from par08s09-in-x11.1e100.net: icmp_seq=1 ttl=52 time=46.7 ms
    64 bytes from par08s09-in-x11.1e100.net: icmp_seq=2 ttl=52 time=47.3 ms
    64 bytes from par08s09-in-x11.1e100.net: icmp_seq=3 ttl=52 time=47.0 ms
    64 bytes from par08s09-in-x11.1e100.net: icmp_seq=4 ttl=52 time=48.0 ms
    ^C
    --- ipv6.google.com ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3004ms
    rtt min/avg/max/mdev = 46.711/47.311/48.094/0.510 ms


    So nothing seems to have changed with as far as I can tell all updates installed.
Reply
  • 0 in reply to da_merlin
    This should be released via pattern up2date.
    Whats the output of the following console command: 
    rpm -q -a|grep u2d-ipsbundle


    Sorry for the slow replies, I'm messing with my old nas because it is dying so I was/am distracted.

    Simple test, connections been online for a few hours... doing a simple wget on ipv6.google.com
    sjorge@mass /tmp $ wget Google
    --2008-01-01 03:01:30--  Google
    Resolving ipv6.google.com... 2a00:1450:4007:804::1012
    Connecting to ipv6.google.com|2a00:1450:4007:804::1012|:80... failed: Connection timed out.
    Retrying.

    --2008-01-01 03:02:34--  (try: 2)  Google
    Connecting to ipv6.google.com|2a00:1450:4007:804::1012|:80...


    loginuser@inertia:/home/login > rpm -q -a|grep u2d-ipsbundle
    u2d-ipsbundle-9-37



    Just hangs, this is the case for every ipv6 server or dualstack server.

    Again, ping still works fine:
    sjorge@mass /tmp $ date; ping6 ipv6.google.com
    Tue Jan  1 03:12:01 CET 2008
    PING ipv6.google.com(par08s09-in-x11.1e100.net) 56 data bytes
    64 bytes from par08s09-in-x11.1e100.net: icmp_seq=1 ttl=52 time=46.7 ms
    64 bytes from par08s09-in-x11.1e100.net: icmp_seq=2 ttl=52 time=47.3 ms
    64 bytes from par08s09-in-x11.1e100.net: icmp_seq=3 ttl=52 time=47.0 ms
    64 bytes from par08s09-in-x11.1e100.net: icmp_seq=4 ttl=52 time=48.0 ms
    ^C
    --- ipv6.google.com ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3004ms
    rtt min/avg/max/mdev = 46.711/47.311/48.094/0.510 ms


    So nothing seems to have changed with as far as I can tell all updates installed.
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?