Thanks for the help, thank to you I found out that the problem lay in
the firehol/iptables.
/harly
Tek Bahadur Limbu wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Michael,
On Thu, 13 Sep 2007 11:30:59 +0200
Michael Harly <dizmoduck@xxxxxxxxx> wrote:
Every thing working fin on our Debian firewall box
we can access any utl with firefox, but we have block most url for using
IE and only allow very few utl ie: microfost update
What do you mean when you say that "we have block most url for using IE and only allow very few utl ie: microfost update"?
Does that mean that you are filtering based on browsers?
but now we have to url we can't access
Our firewall box is:
Debian = 3.1
firewall = firehol v.5
proxy = squid v2.5
Not very sure how the mechanisms of firehol v.5 work but I assume that they use IPTABLES in the front-end.
when we connect our new office whey want to access to url that they need
to access but was block by our firewall box but i can't fine any
entry's about this url.
I have put them in the allow list but nothing helps
Can you show us your squid.conf?
We can connect the url from the outside on our firewall
In the syslog i get this
Sep 13 09:23:48 worf kernel: OUT-unknown:IN= OUT=eth2 SRC=129.142.24.162
DST=89.104.212.25 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6700 DF PROTO=TCP
SPT=59858 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
I think that your IPTABLES (firehol v.5) is filtering the site at: http://www.comendo.dk hosted at IP: 89.104.212.25.
At least that's what the above IPTABLES log shows.
Does the IP 129.142.24.162 come from your network inside your firewall?
In squid log I get:
2352524545.344 3495897 ip-adr TCP_miss/504 1422 get
http://www.comendo.dk - none/ - text/html
HTTP Error 504 - Gateway timeout
Can you show us the output of: " /sbin/iptables -vnL "
How is your network setup and it's layout?
please help!
best regard
/harly
The error page I get in Firefox after a log time:
****
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.comendo.dk/
The following error was encountered:
* Connection Failed
The system returned:
(110) Connection timed out
The remote host or network may be down. Please try the request again.
- From my experience,
This error usually occurs if there is some kind of firewall in between your squid box and the web host.
Running tcpdump on your firewall should reveal more details regarding why the connection is timing out.
Hope that helps.
Thanking you.....
Your cache administrator is support@xxxxxxxxxxxx
Generated Thu, 13 Sep 2007 07:23:48 GMT by worf.mydomain.dk
(squid/2.5.STABLE9)
*********
- --
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://wlink.com.np/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFG6RVZfpE0pz+xqQQRAk38AKCCz+daUYaaoA+9sA872xA/PGHdAwCgwZ89
zY0j3g33rSfMCFh2FDgMgec=
=lVq3
-----END PGP SIGNATURE-----
