Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 30 replies
  • Subscribers 2 subscribers
  • Views 10037 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Up2date 6.203

jenZ
Hi,
since I've updated to 6.203 a few minutes ago, my NAT is not working correctly anymore. I have an external DNS-Entry like webmail.mycompany.com which links to our external IP-Adress and it always worked fine from the inside. Since I've made the update I can still access the webmail-page from the internet but not from my other internal networks.
Does anyone have an idea except reinstalling the machine?

Jens


This thread was automatically locked due to age.
Parents
  • 0
    restore from backup? I have daily email backup,... i have ubgrade and it is working fine [:)]
  • 0 in reply to simby
    That's exacly NOT what I wanted to do. And even if, it's an ASG320. I'm not sure if I could reinstall it, if I wanted to.
    Anyways, I have tried some more now and it seems to be the HTTP Proxy, because if I turn in off, everything works fine.
    I hope Astaro fixes that bug really fast!
Reply
  • 0 in reply to simby
    That's exacly NOT what I wanted to do. And even if, it's an ASG320. I'm not sure if I could reinstall it, if I wanted to.
    Anyways, I have tried some more now and it seems to be the HTTP Proxy, because if I turn in off, everything works fine.
    I hope Astaro fixes that bug really fast!
Children
  • 0 in reply to jenZ
    Uhm. That isn't a bug. Thats the way NAT works. You can not go outside to come right back inside. Just use your internal ip when behind the firewall. Not sure how it worked for you before, but I have never seen it work, because it isn't supposed to.

    Think about it, you have the proxy connecting back to itself for a website you could reach without the proxy at all.
  • 0 in reply to ReD-MaN
    Well in transparent Proxy mode it is supposed to work, because I don't want to have an external and an internal DNS-name. It always worked and I still think it is a bug. I want to reach my own Servers with my external DNS-Name and if the firewall needs to go through the outside interface that's fine with me.
  • 0 in reply to jenZ
    I had similar problem yesterday (although the host was in the dmz).  I added it(external address) to the exclusion list for the web proxy and it worked after that.

    -Scott
  • 0 in reply to ScottL
    Thanks for that suggestion. I did that too and it worked, but I still think it is a bug an Astaro fixes it as soon as possible. I have opened a new supportcase about this and I hope I will get an answer soon.
  • 0 in reply to jenZ
    After I talked to the Astaro Support, the Problem does not seem to be the HTTP Proxy. When I turn off the Intrusion Protection, the Page works over the HTTP Proxy again...
    I'm waiting for the Astaro Support to tell me what to do now.
    More as soon as I get an answer.
  • 0 in reply to jenZ
    Perhaps the patch for the IPS (which I think had to do with hiding attacks in http strings) has some ill effect for the internal website you have..

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    I'm seeing the same behavior post-upgrade to 6.203.  This config has been working since we first built this firewall...I doubt we had it "wrong" all this time.

    Globally disabling IPS from the Settings tab worked for me too - I couldn't get the other things I attempted within IPS (network exclusions, etc) to have any impact.
  • 0 in reply to QBNCGAR
    Yep, there is some "bugginess" associated with 6.203 ... we're seeing occurrences of false IPS alerts when the Surf Protection daemon uses port 80 to query the Proventia DB servers (Cobion)... I've opened a support ticket with them on this as well.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    The Astaro Support told they would have a fix for this by this week. I haven't from them today, but I hope they will keep their word.
  • 0 in reply to jenZ
    [SIZE=2]I had a similar case:
    After upgrading to 6.203 the SpamRelease that was configured working from outside and inside (mail.customer.com, port xxxx) worked only from outside.
     
    The solution was that IPSPOOFING had to be changed from strict to normal. You find that configuration in Packet Filter >> Advanced 
     
    Maybe there were changes in the definition how IPSPOOFING works...
     
    [/SIZE]
Cookie Information Banner