Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2062 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internal network to DMZ connection don't work using HTTP proxy

blue_01
with disabled proxy and packed filter rules (HTTP) it works.

Error Message from the Astaro Security Gateway:

An error occured while handling the request
Error: Connection refused

Live log:

2008:01:02-12:34:43 (none) httpproxy[5918]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x80a6b38" function="send_request_headers" file="request.c" line="115" message="write: Connection refused" 
2008:01:02-12:34:43 (none) httpproxy[5918]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="172.16.200.1" user="" statuscode="502" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2167" time="2 ms" request="0x80a6b38" url="dmzserver.***.com/" error="Connection refused" category="1710" categoryname="Uncategorized" 


ASL7.101

Proxy Settings:

Allowed Networks: Internal Network - (transparent mode)
Anti Virus + Content Filter isn't used


Any ideas?


This thread was automatically locked due to age.
Parents
  • 0
    with disabled proxy and packed filter rules (HTTP) it works.

    Error Message from the Astaro Security Gateway:

    An error occured while handling the request
    Error: Connection refused

    Live log:

    2008:01:02-12:34:43 (none) httpproxy[5918]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x80a6b38" function="send_request_headers" file="request.c" line="115" message="write: Connection refused" 
    2008:01:02-12:34:43 (none) httpproxy[5918]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="172.16.200.1" user="" statuscode="502" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2167" time="2 ms" request="0x80a6b38" url="http://dmzserver.***.com/" error="Connection refused" category="1710" categoryname="Uncategorized" 


    ASL7.101

    Proxy Settings:

    Allowed Networks: Internal Network - (transparent mode)
    Anti Virus + Content Filter isn't used


    Any ideas?


    I'm getting the same issue with my ASG 320 running 7.101.  Defined a website that we currently control / host in our DMZ and access to it from the Internal network is refusted.  Have not found way around this.  I've ended logging a call with Astaro as the website is a money generating site that I cannot afford much downtime to our internal staff.

    Ben
Reply
  • 0
    with disabled proxy and packed filter rules (HTTP) it works.

    Error Message from the Astaro Security Gateway:

    An error occured while handling the request
    Error: Connection refused

    Live log:

    2008:01:02-12:34:43 (none) httpproxy[5918]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x80a6b38" function="send_request_headers" file="request.c" line="115" message="write: Connection refused" 
    2008:01:02-12:34:43 (none) httpproxy[5918]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="172.16.200.1" user="" statuscode="502" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2167" time="2 ms" request="0x80a6b38" url="http://dmzserver.***.com/" error="Connection refused" category="1710" categoryname="Uncategorized" 


    ASL7.101

    Proxy Settings:

    Allowed Networks: Internal Network - (transparent mode)
    Anti Virus + Content Filter isn't used


    Any ideas?


    I'm getting the same issue with my ASG 320 running 7.101.  Defined a website that we currently control / host in our DMZ and access to it from the Internal network is refusted.  Have not found way around this.  I've ended logging a call with Astaro as the website is a money generating site that I cannot afford much downtime to our internal staff.

    Ben
Children
  • 0 in reply to hayesben
    You have to configure a static DNS Entry for your website pointing to the internal IP address for example www.testserver.de -> 192.168.22.45
  • 0 in reply to hausa
    You have to configure a static DNS Entry for your website pointing to the internal IP address for example www.testserver.de -> 192.168.22.45

    Good workaround!
    But that problem showed up after migrating from 6.312 to 7.101 and I would still consider it a bug, when addresses within the firewall external network segment are not reachable via proxy!

    There is no problem to access servers from outside in external network segment (DNAT redirects correctly to servers in DMZ). From internal networks servers can be reached only without proxy (using private network addresses).
     
    Content Filter Log:
    2008:01:22-18:51:17 (none) httpproxy[12019]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xae1444a8" function="send_request_headers" file="request.c" line="115" message="write: Connection refused"
    2008:01:22-18:51:17 (none) httpproxy[12019]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="192.168.30.138" user="" statuscode="502" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2163" time="1 ms" request="0xae1444a8" url="www.alap.de/" error="Connection refused" category="1710" categoryname="Uncategorized"