Topic: Problem connection to eway.com

[tenanji]

My office has selected eway.com as it's online office supply store.  I have an account with them but when I try to connect from behind my SME 6.0.1 server the page does not render.  It takes forever, @ 5 minutes, to load and then it doesn't display any of the pictures.

I turned off squid, thought that might be it. No change.  It appears thier site is using alot of frame magic, with cross domain pages.  Not sure if this has anything to do with it but I thought I would pass it along.  

It is also a secure site, even the logon uses https://.

Is there some other service running one SME that could be causing this?

I am looking for anything that I can add/modify/tweak/disable to allow this site to work.

Any and all recommendations are welcome,

Jay Smith

[cc_skavenger]

are you able to ping the site?

try adding to /etc/squid/squid.conf:
acl eway dstdomain .eway.com
always_direct allow eway
Does this fix the problem?

If no, then try adding to /etc/squid/squid.conf:
acl ie6 browser MSIE 6
header_access Accept-Encoding deny ie6 eway
Does this fix the problem?

Have you tried turning off the http proxy?
/sbin/e-smith/db configuration setprop squid Transparent no
/sbin/e-smith/signal-event remoteaccess-update
Does this fix the problem?

If the squid mods work, then create a custom template and add in the changes.

HTH

[Franco]

For cc's suggestion, I like to use the squid properties panel.
Now, for this problem which I dealt before, I recommend connecting directly to site (no SME) and collect the information with ethereal. Most of the time, it's the site using non-standard ports

Code: [Select]

/etc/e-smith/templates/etc/squid/squid.conf/20ACL15Safe_ports

[tenanji]

are you able to ping the site?
HTH

The image page is http://static.eway.com/images/UI2Cexp.gif.  I cannot ping static.eway.com.

try adding to /etc/squid/squid.conf:
acl eway dstdomain .eway.com
always_direct allow eway
Does this fix the problem?

Added it and it made no difference.

If no, then try adding to /etc/squid/squid.conf:
acl ie6 browser MSIE 6
header_access Accept-Encoding deny ie6 eway
Does this fix the problem?

Tried this, still not change.

Have you tried turning off the http proxy?
/sbin/e-smith/db configuration setprop squid Transparent no
/sbin/e-smith/signal-event remoteaccess-update
Does this fix the problem?

Sad to say this hasn't helped any either.

Thanks for all of the suggestions, unfortunately it still can't display the page correctly after I log in.  All of the image links I have inspected point to static.eway.com.  I cannot ping this address.  I feel this might have something to do with it.  Any further suggestions?

Thanks,

Jay

[tenanji]

I had a friend ping static.eway.com from his house here is what we got:

ping static.eway.com

Pinging e231.l.akamaiedge.net [209.8.105.19] with 32 bytes of data:
Reply from 209.8.105.19: bytes=32 time=73ms TTL=54
Reply from 209.8.105.19: bytes=32 time=48ms TTL=54
Reply from 209.8.105.19: bytes=32 time=50ms TTL=54
Reply from 209.8.105.19: bytes=32 time=50ms TTL=54

He was able to resolve static.eway.com to e231.l.akamaiedge.net.

Here is what I get when I try to ping static.eway.com from my sme server:

root]# ping static.eway.com
ping: unknown host static.eway.com

Looks like this is starting to look like a dns issue.  Hope this additional information helps.

[tenanji]

For cc's suggestion, I like to use the squid properties

Code: [Select]

/etc/e-smith/templates/etc/squid/squid.conf/20ACL15Safe_ports

Just in case this is still an issue with squid I checked the /etc/e-smith/templates/etc/squid/squid.conf/20ACL15Safe_ports and here is what I currently have:

acl Safe_ports port 21 70 80 81 119 210 443 563 980 1024-65535

[Franco]

acl Safe_ports port 21 70 80 81 119 210 443 563 980 1024-65535

Well, if you can't ping it, then this is not related to squid.
But you found the problem:
Akamai is a caching content provider and the information is given from random servers:

Code: [Select]

ping static.eway.com
PING e231.l.akamaiedge.net (72.246.121.19) 56(84) bytes of data.
64 bytes from a72-246-121-19.deploy.akamaitechnologies.com (72.246.121.19): icmp_seq=0 ttl=48 time=43.0 ms
64 bytes from a72-246-121-19.deploy.akamaitechnologies.com (72.246.121.19): icmp_seq=1 ttl=48 time=58.6 ms


I can't get to the site either (if I'm behind SME).
A few google results led me to a tecnology of metafilters they use to prevent DDoS attacks.
 

[cc_skavenger]

I wonder if it has something to do with your providers....I tried ping it and this is what I get:

Code: [Select]

[root@core1 root]# ping static.eway.com
PING e231.l.akamaiedge.net (204.94.135.19) from 67.79.47.11 : 56(84) bytes of data.
64 bytes from 204.94.135.19: icmp_seq=1 ttl=50 time=27.5 ms
64 bytes from 204.94.135.19: icmp_seq=2 ttl=50 time=27.6 ms
64 bytes from 204.94.135.19: icmp_seq=3 ttl=50 time=27.8 ms
64 bytes from 204.94.135.19: icmp_seq=4 ttl=50 time=27.6 ms
64 bytes from 204.94.135.19: icmp_seq=5 ttl=50 time=27.5 ms
64 bytes from 204.94.135.19: icmp_seq=6 ttl=50 time=27.5 ms
64 bytes from 204.94.135.19: icmp_seq=7 ttl=50 time=27.5 ms

--- e231.l.akamaiedge.net ping statistics ---
7 packets transmitted, 7 received, 0% loss, time 6057ms
rtt min/avg/max/mdev = 27.546/27.623/27.812/0.175 ms

I am running SME 6.0.1-01.  I am using my own authoritive DNS servers for the DNS entry on my servers.  I can get to the site & I am behind the server.  Not sure what is different, but something is.....

[Franco]

humm, something to do with DNS? I can ping the IP's, but the name won't resolve.
I have a couple of SMEs on different providers, they are all using their own DNS, none worked.

[Franco]

I wonder if it has something to do with your providers.

Nope, this is related to SME's DNS service.
If I bypass the SME or even better, try using my provider's DNS on a client behind SME, it works.

If I set SME to obey my provider's DNS it works.

So here are a couple of ways you can fix this tenanji.
Meanwhile raise a bug on the bug tracker!!!!

[CharlieBrady]

humm, something to do with DNS? I can ping the IP's, but the name won't resolve.
I have a couple of SMEs on different providers, they are all using their own DNS, none worked.

Is it working now? It works for me.

dnscache is less tolerant of badly configured DNS zone data than other resolvers. It's possible that eway.com had some errors, which have since been corrected.

[tenanji]

If I set SME to obey my provider's DNS it works.

I am not real familiar with DNS, so forgive me for asking, but what do I need to do to make it obey my provider's DNS?

Thanks,

[Franco]

Is it working now? It works for me.

I'm afraid not  
This could be related to some of the mods applied, mine is heavily , but I don't think I ever played with the DNS part of it (at least not in this one that I'm having this issue).

dnscache is less tolerant of badly configured DNS zone data than other resolvers.

Since they're using this caching content server from akamai, which a Dig will show, could this be the problem?

I am not real familiar with DNS, so forgive me for asking, but what do I need to do to make it obey my provider's DNS?

I should have said 'Delegate', if you know your provider's DNS, then run the setup again ( logging in as admin on the server) and there will be a part where you can enter your provider's DNS[/quote]

[tenanji]

I went through setup again and entered my providers dns server when prompted but I still cannot open this page.

How could I tell if I have configured this correctly?

Thanks

[tenanji]

       

Are you ready,  here it comes,  

Wait for it, wait for it.

It's WORKING!!!!!!!!!!!!!!!!!!!!

I did a forum search and found this thread (http://forums.contribs.org/index.php?topic=30445.0) on DNS issues witch gave me the command I was missing.

Determine the IP of the DNS server you want to use. Of course this server must be one that the SME Server can 'see' on the network.
Open a terminal session and type:
/sbin/e-smith/config setprop dnscache Forwarder <enter the IP here (without the <>'s)>
/etc/e-smith/events/actions/dnscache-conf

To remove it do the following:

/sbin/e-smith/config delprop dnscache Forwarder
/etc/e-smith/events/actions/dnscache-conf

I set the dnscache Forwarder to my providers local DNS server and BANG it's working.

Thanks soo much for all your help.  I really appreciate it.

[Franco]

Nice it works for you!
I've seen some threads having the same issue:
http://forums.contribs.org/index.php?topic=30193.0
http://forums.contribs.org/index.php?topic=30210.0

Fortunatelly it does not happen on 7

[CharlieBrady]

Nice it works for you!
I've seen some threads having the same issue:
http://forums.contribs.org/index.php?topic=30193.0
http://forums.contribs.org/index.php?topic=30210.0

Fortunatelly it does not happen on 7

Ah, then it will not happen with any 6.x with the e-smith-dnscache update applied. I expect all the systems showing problems are 6.x and have not applied update packages. The dnscache configuration which shipped with 6.0 and 6.0.1 does not work correctly with a few misconfigured name servers (which don't respond to recursive queries, even though they are authoritative for the queried name). I expect that is the problem you are seeing.

The answer - apply maintenance updates. If problems continue (unlikely), please use the bug tracker, and attach dnscache log files.

[tenanji]

Just wanted to let everyone know that after applying updates via yum, as Charlie suggested, I was able remove the DNS forwarder and all is well.  I have done this on three machines and it's working great.

Thanks again for all the help.