-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Michael,
On Thu, 13 Sep 2007 11:30:59 +0200
Michael Harly <dizmoduck@gmail.com> wrote:
> Every thing working fin on our Debian firewall box
> we can access any utl with firefox, but we have block most url for using
> IE and only allow very few utl ie: microfost update
What do you mean when you say that "we have block most url for using IE and only allow very few utl ie: microfost update"?
Does that mean that you are filtering based on browsers?
>
> but now we have to url we can't access
>
> Our firewall box is:
> Debian = 3.1
> firewall = firehol v.5
> proxy = squid v2.5
Not very sure how the mechanisms of firehol v.5 work but I assume that they use IPTABLES in the front-end.
>
> when we connect our new office whey want to access to url that they need
> to access but was block by our firewall box but i can't fine any
> entry's about this url.
>
> I have put them in the allow list but nothing helps
Can you show us your squid.conf?
>
> We can connect the url from the outside on our firewall
>
> In the syslog i get this
> Sep 13 09:23:48 worf kernel: OUT-unknown:IN= OUT=eth2 SRC=129.142.24.162
> DST=89.104.212.25 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6700 DF PROTO=TCP
> SPT=59858 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
I think that your IPTABLES (firehol v.5) is filtering the site at: http://www.comendo.dk hosted at IP: 89.104.212.25.
At least that's what the above IPTABLES log shows.
Does the IP 129.142.24.162 come from your network inside your firewall?
>
> In squid log I get:
> 2352524545.344 3495897 ip-adr TCP_miss/504 1422 get
> http://www.comendo.dk - none/ - text/html
>
> HTTP Error 504 - Gateway timeout
Can you show us the output of: " /sbin/iptables -vnL "
How is your network setup and it's layout?
>
> please help!
>
> best regard
> /harly
>
> The error page I get in Firefox after a log time:
> ****
> ERROR
> The requested URL could not be retrieved
>
> While trying to retrieve the URL: http://www.comendo.dk/
>
> The following error was encountered:
>
> * Connection Failed
>
> The system returned:
>
> (110) Connection timed out
>
> The remote host or network may be down. Please try the request again.
- From my experience,
This error usually occurs if there is some kind of firewall in between your squid box and the web host.
Running tcpdump on your firewall should reveal more details regarding why the connection is timing out.
Hope that helps.
Thanking you.....
>
> Your cache administrator is support@uniscrap.dk.
> Generated Thu, 13 Sep 2007 07:23:48 GMT by worf.mydomain.dk
> (squid/2.5.STABLE9)
>
> *********
>
- --
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://wlink.com.np/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFG6RVZfpE0pz+xqQQRAk38AKCCz+daUYaaoA+9sA872xA/PGHdAwCgwZ89
zY0j3g33rSfMCFh2FDgMgec=
=lVq3
-----END PGP SIGNATURE-----
Received on Thu Sep 13 2007 - 04:48:20 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT