Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 3381 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[8.0][BUG]http proxy in transp. mode leads to conection timeouts

Agadoo
Hi,

since the beta forum is closed, i have to write it here.

If http proxy is set to transparent mode with authentication, it is impossible to browse.
All connections requests time out. Packetfilter live log shows the incoming connections are dropped (DEFAULT DROP).



Kind Regards


This thread was automatically locked due to age.
Parents
  • 0
    can you then describe your setup a bit more?
    I just tested this with the official 8.000 Release, and transparent + auth works for me.
    Can you try 'normal' transparent mode and/or standard mode, to see if this is a specific problem with transparent + auth?
    Do you see any new entries in the http.log when you do a http request?
Reply
  • 0
    can you then describe your setup a bit more?
    I just tested this with the official 8.000 Release, and transparent + auth works for me.
    Can you try 'normal' transparent mode and/or standard mode, to see if this is a specific problem with transparent + auth?
    Do you see any new entries in the http.log when you do a http request?
Children
  • 0 in reply to ulmi
    Standard mode and transparent mode without authentication work fine.


    if mode is set to transparent with authentication, i get a timeout.

    httpproxylog 

    2010:07:02-14:34:11 asg httpproxy[15641]: Integrated HTTP-Proxy (c) 2007-2010 Astaro AG, Release 1.g542d64d

    2010:07:02-14:34:11 asg httpproxy[15641]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="747" message="reloading config done, new version 54"

    2010:07:02-14:34:11 asg httpproxy[15641]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="714" message="reloading config"

    2010:07:02-14:34:12 asg httpproxy[15641]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="747" message="reloading config done, new version 55"

    2010:07:02-14:34:16 asg httpproxy[15641]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.2.54" dstip="" user="" statuscode="302" cached="0" profile="REF_lUBzJbVQdd (intern)" filteraction=" ()" size="4552" time="0 ms" request="0xb0918ca8" url="www.google.de/" exceptions="" error=""

    2010:07:02-14:41:06 asg httpproxy[15641]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.2.54" dstip="" user="michael" statuscode="302" cached="0" profile="REF_lUBzJbVQdd (intern)" filteraction=" ()" size="4586" time="0 ms" request="0xb0918ca8" url="passthrough.fw-notify.net/login" exceptions="" error=""

    2010:07:02-14:41:49 asg httpproxy[15641]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xb0914ce0" function="send_request_headers" file="request.c" line="171" message="write: Connection timed out"

    2010:07:02-14:41:49 asg httpproxy[15641]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.2.54" dstip="74.125.39.99" user="michael" statuscode="502" cached="0" profile="REF_lUBzJbVQdd (intern)" filteraction="REF_sIyruBXaRt (no illegal stuff)" size="4559" time="42001 ms" request="0xb0914ce0" url="www.google.de/" exceptions="" error="Connection timed out" category="145" reputation="trusted" categoryname="Search Engines"



    packetfileter 

    2010:07:02-14:41:37 asg ulogd[4178]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:6:4f:66:c5:e5" srcip="74.125.39.99" dstip="192.168.2.54" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="55882" tcpflags="RST" 

    2010:07:02-14:41:37 asg ulogd[4178]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:11:20[:D]b:c1[:D]e" dstmac="0:6:4f:66:c5:e6" srcip="92.197.129.27" dstip="213.214.19.170" proto="6" length="52" tos="0x00" prec="0x00" ttl="56" srcport="80" dstport="55695" tcpflags="ACK FIN" 

    2010:07:02-14:41:37 asg ulogd[4178]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:11:20[:D]b:c1[:D]e" dstmac="0:6:4f:66:c5:e6" srcip="92.197.129.27" dstip="213.214.19.170" proto="6" length="52" tos="0x00" prec="0x00" ttl="56" srcport="80" dstport="55695" tcpflags="ACK FIN" 

    2010:07:02-14:41:39 asg ulogd[4178]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:6:4f:66:c5:e5" srcip="74.125.39.143" dstip="192.168.2.54" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="55547" tcpflags="RST" 

    2010:07:02-14:41:51 asg ulogd[4178]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:6:4f:66:c5:e5" srcip="74.125.39.148" dstip="192.168.2.54" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="55553" tcpflags="RST" 

    2010:07:02-14:42:09 asg ulogd[4178]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:6:4f:66:c5:e5" srcip="213.144.15.19" dstip="192.168.2.54" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="55885" tcpflags="RST" 

    2010:07:02-14:42:09 asg ulogd[4178]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:6:4f:66:c5:e5" srcip="74.125.39.99" dstip="192.168.2.54" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="55882" tcpflags="RST" 

    2010:07:02-14:43:13 asg ulogd[4178]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:6:4f:66:c5:e5" srcip="213.144.15.19" dstip="192.168.2.54" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="55885" tcpflags="RST" 

    2010:07:02-14:43:13 asg ulogd[4178]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:6:4f:66:c5:e5" srcip="74.125.39.99" dstip="192.168.2.54" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="55882" tcpflags="RST" 



    Packetfilter shows packets to the internal Client-IP. Should be external/nat IP, shouldn't it.