This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default drop altough packet filter allowance

Hi everybody,

besides ASG I'm using Privoxy as a parent proxy (to filter ads).

The Privoxy box (192.168.198.6) is hammering Astaro (192.168.198.1) with some kind of requests:

17:48:25	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:25	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:26	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:27	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:29	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:30	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:31	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:31	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:31	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:32	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:33	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:33	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:33	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:34	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:37	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:37	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:38	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38215

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:39	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38187

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:43	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38218

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d



17:48:43	Default DROP	TCP		192.168.198.6	:	8118

	→		192.168.198.1	:	38217

		[RST]	len=40	ttl=64	tos=0x00	srcmac=00:0c:29:5f:75:ff	dstmac=00:0c:29:e4:12:5d

Why is Astaro dropping these packets? I have a rule to allow all traffic between internal networks.
And just to be sure I even set up a rule at position 1 to explicitely allow the privoxy box to go anywhere on any port.

Second: Does anyone know of a way how I can find out which application is sending these things? Shutting down the privoxy daemon doesn't help (although it's the process running on port 8118).

This thread was automatically locked due to age.

Parents

0 BAlfson over 15 years ago

Good job on finding that - a wierd error in the HTTP Proxy as Jack suggested.

My suggestion was to change image 2 to have 8118 in 'HTTP Proxy Port' and to NOT use a Parent Proxy in Astaro, but, hopefully, you will not need to worry about Privoxy.

There's an HTTP Live Log ('Global' tab) that lets you watch the traffic handled by the proxy. In which mode is the Proxy?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

0 Brainscanner over 15 years ago in reply to BAlfson

It's running in transparent mode. See screenshots.

As you can see I've put MSN in the blocked list, but I can still go to that site. That's what the live log says:

2010:06:27-10:11:49 astaro httpproxy[26422]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="myWorkstationIP" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="50" time="88 ms" request="0x8acbd88" url="de.msn.com/.../blank.aspx

Btw: I did go to http://www.msn.com, but was imediately redirected.

0 Brainscanner over 15 years ago in reply to Brainscanner

Ah, got it. There was an exception rule (for those network OR that site). I misinterpreted that so that it would only apply for a certain page.

After changing that it's fine.

So, how would you propose to kick ads with Astaro? I don't see any categories there...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Brainscanner over 15 years ago in reply to Brainscanner

Ah, got it. There was an exception rule (for those network OR that site). I misinterpreted that so that it would only apply for a certain page.

After changing that it's fine.

So, how would you propose to kick ads with Astaro? I don't see any categories there...
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 wingman over 15 years ago in reply to Brainscanner

Ah, got it. There was an exception rule (for those network OR that site). I misinterpreted that so that it would only apply for a certain page.

After changing that it's fine.

So, how would you propose to kick ads with Astaro? I don't see any categories there...

can't you use the category "Web Ads"?
Cancel
Vote Up 0 Vote Down

Cancel
0 Brainscanner over 15 years ago in reply to wingman

I wonder where my head is...

Sorry, didn't think so far as to create a new category including that one. Till now I only knew the default ones...

Thanks for your help, it's working now. :-)
Cancel
Vote Up 0 Vote Down

Cancel