Topic: flash, java and the proxy server connection problem

[pogopolice]

  I am using sme 7.4 as my server/gateway at home.  For the purpose of learning, I will use it to host a website/email, file server and Internet proxy w/ content filtering.  I have bridged my dsl modem to the sme comp, installed sarg, dansguardian, and i use the pam auth for the workstations to connect to the transparent proxy.
  At the moment I only have one computer (opensuse 11.1) connected to the server.  firefox has web access after authentication and dansguardian works beautifully.
  All of this is great for me, but entertainment is the priority of my family.  This is where i ran into problems.  I could not get hulu to play tv shows.  I worked through all of the suggestions that I found on google, but it wasn't until I changed the network connection from yast to Knetworkmanager that hulu finally worked.  I don't understand what the problem was, but it seems it had to do with "how" the comp was connecting to the server.  Okay, that's done and we are watching hulu.
  What I'm working with now is runescape.  I cannot get the game to load.  After authenticating java the progress bar stops at "Connecting to update server".  Then it switches to an error page where I get a "Error_game_js5connect".
  If I plug the comp directly into the dsl modem (bypassing sme) then it works fine.  So it would seem that the problem is either how the comp is connecting to the server or how the server is handling the connection.

Please help me diagnose this problem.  I can post any logs that you think are relevant.

[janet]

pogopolice

Possibly this
http://wiki.contribs.org/SME_Server:Documentation:FAQ
Go down to the
Firewall
Bypass Proxy
section

[pogopolice]

  thanks for the quick response.  although that may be the solution, I'd like to go through the relevant log files and try to identify the prob before I start making changes to the system.  Could you give me some guidance toward which logs I need to review on the server and or workstation?
  As I said before, I'm doing this for the purpose of learning.

[janet]

pogopolice

  If I plug the comp directly into the dsl modem (bypassing sme) then it works fine.  So it would seem that the problem is either how the comp is connecting to the server or how the server is handling the connection.

You seemed to have identified the problem, so if you follow my suggestion to bypass the proxy and that works OK, then you have your answer as to what is causing the problem. Whether that's the best long term solution is another matter, prove or disprove the problem first.

check squid log file
and messages log file

[pogopolice]

My squid access log shows the following when I try to connect to runescape via ip 216.115.77.88:

45959 127.0.0.1 TCP_MISS/200 6734449 CONNECT mycompany.local:443 pogo11 DIRECT/192.168.0.3 -
238 127.0.0.1 TCP_MISS/200 1398 GET http:// 216.115.77.88/game.ws pogo11 DIRECT/216.115.77.88 text/html
565 127.0.0.1 TCP_MISS/200 7230 GET http:// world76.runescape.com/m0,j0 pogo11 DIRECT/64.79.147.67 text/html
0 127.0.0.1 TCP_DENIED/407 1795 GET http:// world76.runescape.com/loader-1967252684.jar - NONE/- text/html
603 127.0.0.1 TCP_MISS/200 33239 GET http:// world76.runescape.com/loader-1967252684.jar pogo11 DIRECT/64.79.147.67 application/octet-stream
254 127.0.0.1 TCP_MISS/200 1494 POST http:// ocsp.thawte.com pogo11 DIRECT/199.7.50.72 application/ocsp-response
298 127.0.0.1 TCP_MISS/200 7663 GET http:// world76.runescape.com/error_game_js5connect.ws pogo11 DIRECT/64.79.147.67 text/html
243 127.0.0.1 TCP_MISS/200 379 GET http:// world76.runescape.com/blank.ws pogo11 DIRECT/64.79.147.67 text/html
110 127.0.0.1 TCP_MISS/200 422 GET http:// www .google-analytics.com/__utm.gif? pogo11 DIRECT/74.125.47.102 image/gif

I issued the following commands to bypass the proxy to 216.115.77.88(runescape ip) from 192.168.0.11(workstation ip)

mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
wget -O 35transproxy http://bugs.contribs.org/attachment.cgi?id=1410
wget -O 90adjustTransProxy http://bugs.contribs.org/attachment.cgi?id=2178
config setprop squid BypassProxyTo 216.115.77.88
config setprop squid BypassProxyFrom 192.168.0.11/24
expand-template /etc/rc.d/init.d/masq
/etc/init.d/masq restart

no joy.  I am still asked by java for a username & password for the proxy and I end up with the same error message.  It would appear the java is failing to authenticate with the proxy server and I've done something wrong here because it is not bypassing the proxy.

Please let me know if there is anything wrong with this command sequence and/or if the logs shed some light on the prob.

would I be able to fix the java auth prob by setting up a automatic proxy configuration script on the sme server?

[janet]

pogopolice

The issue may be that you use pam auth for the workstations to connect to the transparent proxy. This can cause annoyance by repeated authorization requests under some conditions.

I suggest you try ident auth instead, see
http://wiki.contribs.org/Dansguardian#Using_Ident_login

[scottwj]

My kids have no trouble with Runescape in a similar configuration. I, however could not get HULU to work.
Hulu restricts its content to North America based on IP address. Apparently, it uses the address that the browser reports,
so on my local network it reports 192.168.243.66, and thus decides I do not fit Hulu's geographic restrictions,
even though I am in Texas.
 My 'fix' was to change my local network IP address in the server configuration. I used the internet IP address
that my DSL modem reported (it is dynamic) which changed after I rebooted.
 Now, Hulu works fine.
My question is, have I created a potential problem with my network? How else should I have fixed this?
Will there ever be a problem if my server network IP address and my modem internet address ever happen to be the same?

Thanks,
Scott

[pogopolice]

still working on this problem.  I was mistaken in my previous post.  Apparently the bypass did not take effect until the server went down for a reboot.  Although the game still won't load,  java is now "not" asking for a username/password.

On my first attempt to run the game, runscape gave me a white background with an "Error. Click Here for Details".  On my second attempt I got the original frozen progress bar and "Error_game_js5connect".  I have attached links to the error messages and log files that correspond to the 1st & 2nd attempt.  The java console did not give me an error on the 2nd attempt.

use the following links to get to the error messges & log files:
1st_dansguard_log.txt
1st_java_error.txt
1st_squid_access_log.txt
2nd_dansguard_log.txt
2nd_squid_access_log.txt
Error_game_js5connect.txt

The runescape error page (Error_game_js5connect) says that the firewall must not block port 43594.  Managing ports is not a real strong suit for me yet.  Are the transparent proxy settings complicating communication to this port?

I appreciate all of the input from the forum.

[scottwj]

You are beyond what I know about networks. I do know that Runescape works for my kids at home
running windows behind an SME server 7.? and also at my office on Mepis linux behind an SME server 7.4.
Perhaps its in the way SUSE is configured when behind the SME. Have you tried it on a windows machine
on the SME network?
Scott

[mmccarn]

mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
wget -O 35transproxy http://bugs.contribs.org/attachment.cgi?id=1410
wget -O 90adjustTransProxy http://bugs.contribs.org/attachment.cgi?id=2178
config setprop squid BypassProxyTo 216.115.77.88
config setprop squid BypassProxyFrom 192.168.0.11/24
expand-template /etc/rc.d/init.d/masq
/etc/init.d/masq restart

A couple notes:

* 192.168.0.11/24 matches an entire class C network.  To match only one host, either leave off the "/24" or use "/32":
config setprop squid BypassProxyFrom 192.168.0.11
config setprop squid BypassProxyFrom 192.168.0.11/32

* I've never used or tested any of the BypassProxy... rules on a system running DansGuardian - I don't know how (or if) they interact.


Have you tried configuring java itself to also use the proxy server as described at http://www.java.com/en/download/help/proxy_setup.xml?

[pogopolice]

I re-tried the set of commands and replaced line six per you suggestions.  I did a reboot after each set, but no joy.  Also, java still asked for a username/password when I used these commands.

The settings in the Java Plugin Control Panel reflect the proper proxy ip and port.

I just want to point out that I know from experience that a fresh install of SME as the server/gateway does not cause a conflict with runescape.  But in this case I have installed Dansguardian and configured the SME Server to use Transparent Proxy port 8080 and to block direct access to the squid proxy port 3128 & redirect port 80 to port 8080 (as outlined at http://wiki.contribs.org/Dansguardian).  It does not appear that Dans is blocking runescape due to content.  The error message that is accompanied by the Error_game_js5connect says that my firewall may be blocking port 43594 for TCP traffic.  I don't have any trouble accessing any part of the website except the game itself.
  Based on everything that I have done so far, communication to/from the port 43594 would seem to be the logical culprit,  but I just don't know what to do at this point.

I am grateful to all of you for your help so far.

[janet]

pogopolice

Based on everything that I have done so far, communication to/from the port 43594 would seem to be the logical culprit,  but I just don't know what to do at this point.

As an experiment reset your proxy config ie
config setprop squid TransparentPort 3128
config setprop squid Transparent yes
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot

Test and see what happens, the above will remove the Dansguardian proxy as the source of the problem. If you still get auth errors then your problem is elsewhere.

[pogopolice]

I tried the following commands:

config setprop squid TransparentPort 3128
config setprop squid Transparent yes
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot

I set the browser and the java console to use port 3128 instead of 8080, but no joy.

then I ran these commands to turn the auth requirement off:
config delprop squid RequireAuth
expand-template /etc/squid/squid.conf
sv t /service/squid
signal-event post-upgrade; signal-event reboot

The end result is still the same.  The application progress bar stop at "connecting to update server". java_error_noauth.txt

Two points to bring to light:
The firewall on the workstation is turned off and
There is a port forwarding rule set in the sme server for 43594 to go to the workstation.

Where do we go from here?

[janet]

pogopolice

Leave settings are they are ie transparent port =3128 and auth off. Now configure the proxy bypass
and see what happens.

You could also do a port scan to see if port 43594 is really open, see grc.com

[mmccarn]

I re-tried the set of commands and replaced line six per you suggestions.  I did a reboot after each set, but no joy.  Also, java still asked for a username/password when I used these commands.

The settings in the Java Plugin Control Panel reflect the proper proxy ip and port.

BypassProxyFrom/BypassProxyTo won't have any effect if your browser (and java) are configured to talk directly to the proxy -- they will only work if you are counting on the SME server to proxy your traffic 'transparently'.

That is, if your workstation is attempting direct communication w/ the Internet, "transparent proxy" mode redirects your packets through the proxy, and "BypassProxyFrom" (or "BypassProxyTo") will cause the matching packets to *not* be re-directed -- but if the packets are directed directly to the proxy server itself, then the Bypass rules don't do anything.

(Apologies for being unclear about this in my earlier post)