Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: groutley on September 03, 2008, 01:00:26 PM
-
Hello,
I am hoping someone may be able to help me here,
My Son has just installed the new fad game 'Spore' (full version) on his PC, this PC is of course behind my SME 7.3 server and gateway server.
Now the Game needs to register online, and then up and downloads other creatures etc.
But my sons fails every time, with 'cannot connect to server'
I have ensured his Vista firewall is not the issue, (turned it off),
I have bypassed the Dansguardian filtering, (not that anything was appearing in access.log)
But I do notice some squid errors logged in messages log every attempt to connect.
Sep 3 20:10:22 l1nuxsvr squid[5830]: parseHttpRequest: Unsupported method 'Accept-Language:'
Sep 3 20:10:22 l1nuxsvr squid[5830]: clientReadRequest: FD 11 Invalid Request
Can anyone help me understand what these messages mean and / or how to fix ?
Thanks
-
But I do notice some squid errors logged in messages log every attempt to connect.Can anyone help me understand what these messages mean and / or how to fix ?
The messages likely mean that something (presumably the game you refer to) made a request which should have started with "GET ..." (or "POST .." or "PUT ..." etc, i.e. a valid http method) but instead started with "Accept-Languages: '.
If the game can't be fixed, then you could bypass squid by adding a custom template to bypass the transparent proxy. Or you could just disable the transparent proxy, at the cost of breaking Dansguardian and/or losing the caching.
-
If the game can't be fixed, then you could bypass squid by adding a custom template to bypass the transparent proxy. Or you could just disable the transparent proxy, at the cost of breaking Dansguardian and/or losing the caching.
Thanks Charlie, I will open a problem with EA games and see if I can get them to fix it, sounds like they are using illegal syntax ?
Fixing the game I am sure will be long term, so the interim solution that sounds best is the custom template suggestion to bypass the transparent proxy, I'll do some research in these forums to see if this has been documented somewhere, as I have no idea where to start.
If any kind soul could assist me in how todo this I am sure you will make my son very happy !
Thanks again.
-
you could find out what port it uses and portforward the ports that are nedded for the game ton the ipaddress on his PC may help
-
you could find out what port it uses and portforward the ports that are nedded for the game ton the ipaddress on his PC may help
No, that won't help at all with outgoing connections on port 80.
-
Hi again,
so far I am having no luck..
I found this from mmccarn http://forums.contribs.org/index.php?topic=37625.0
but had no joy trying that method (not sure if I did something wrong, as the error still pops up in the squid/access.log)
I also found this in the FAQ on proxy Pass http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass
but given the error in the access log I have no clue of destination to use for 'proxypassdomain.com'.
Any hints on how I do this proxy bypass ?
I would really prefer to only have it bypass the proxy for this specific traffic, and not bypass for everything else.
(still want to keep control of my sons net useage!!)
-
groutley
You are not looking hard or carefully enough.
Read every item in the FAQ and you would have found this.
http://wiki.contribs.org/SME_Server:Documentation:FAQ#Bypass_Proxy
and this
http://wiki.contribs.org/Squid
-
mary,
my apologies for not being a linux guru or being well versed on everything available in this wiki,
my skills are limited to my ability to find something in a search that remotely looks like it may relate to what I am trying to accomplish. In the past I have found a great way to trash your server is to think you found the correct information, and go ahead and implement it.
These days I take the slightly more cautious approach and hope that somebody more knowing than myself can assist me to get it right.
thanks for the pointers, although that first link you provided is exactly the same as the forum entry I pointed to.
the second URL you provide points straight back to the first URL.
For some reason I feel like I am chasing my tail !
perhaps I am stupid, but I am really missing something in all this.
How do I set the "config setprop squid BypassProxyTo x.x.x.x"
when I have no clue what x.x.x.x is ??
from the error message in the squid/access log (which appears to have subtly changed)
1220750527.440 1 192.168.37.4 TCP_DENIED/400 1870 NONE error:unsupported-request-method - NONE/- text/htmlthis is the only message I have found, and it gives no clue of the intended destination.
So until I find that out how I can find out this destination, I cannot set a bypass.
-
groutley
Did you bother then to read the bug report referred to in the wiki article ?
If you did then you would have found Comment 4 & 10 for example, which spell it out clearly.
http://bugs.contribs.org/show_bug.cgi?id=2374#c4
http://bugs.contribs.org/show_bug.cgi?id=2374#c10
ie
where "BypassProxyTo" contains remote hosts that should not be proxied, and
"BypassProxyFrom" contains local hosts whose connections should never be
proxied?
That information is even advised in the forum thread you refer to.
It does not seem like you bother to read things carefully or thoroughly.
http://forums.contribs.org/index.php?topic=37625.msg168935#msg168935
* Replace a.b.c.d with the IP or network address for which you wish to bypass the proxy server.
* Use config setprop squid BypassProxyFrom a.b.c.d to configure a specific local host or network that should bypass the proxy server
-
I give up !!
Forums I assumed were to seek assistance, not abuse !
Apparently I am illiterate !
Because I feel I have spelled out numerous times I do not know the destination to set.
I have no issue with the commands or the syntax or how to type them in fact..
But how praytell do I find out the intended destination of this infernal application so that I may set the proxy bypass for it ?
Anybody else have a decent comment to add ?
-
groutley
Forums I assumed were to seek assistance, not abuse !
I would appreciate you withdrawing that comment about abuse, as none was given.
I simply pointed out that you seemed to be ignoring the obvious, when it was right under your nose.
How on earth do you expect us to know what destination to set.
You are the one using the program, you find out what IP it is trying to access.
I'd suggest you look in various of the squid or dansguardian log files.
Try accessing again, and make a note of the time, then review the log files around that time.
Alternatively if you know the website URL, then do
ping www.website.name
and see what IP it shows.
I assume BypassProxyFrom is 192.168.37.4
and as for BypassProxyTo only you can advise us of that.
-
Did you bother then to read the bug report referred to in the wiki article ?
YES !!
If you did then you would have found Comment 4 & 10 for example, which spell it out clearly.
There is no more information given here than I had already read previously. It is all the same information,
how many times must I read how to do what I cannot manage to ? None of these extra links actually provide any extra information than the mmccarn http://forums.contribs.org/index.php?topic=37625.0 post which I said I had tried much earlier.
How on earth do you expect us to know what destination to set.
I make no such expectation, but I have assumed someone might be able to point out how I can discover this elusive piece of information.
I'd suggest you look in various of the squid or dansguardian log files.
I have previously posted all the messages from log files that I have managed to find.
Yet I remain completely in the dark as to where the request is destined for.
I'd suggest you look in various of the squid or dansguardian log files.
Thank you, appreciate the suggestion, sadly I have previously posted the log entries found from the /var/log/messages, I have also previously posted the ONLY message that appears in the squid/access.log at the time and The dansguardian/access.log does not show anything at the time of the request.
Would it make sense that a request has to get past squid before dansguardian would see it ? (I have no idea of the data flow sequence, but would that make sense ?)
Unfortunately (and typically) it is not documented anywhere what the target IP address or target URL is of this imbedded function of the application.
Therefore I am hoping to finding it logged somewhere so that I can actually complete the procedure documented clearly at http://wiki.contribs.org/SME_Server:Documentation:FAQ#Bypass_Proxy
I would assume that if Squid gets a request which it denies and is able to append to its access.log that there would be a destination attached to this request which it denies.
I just need to find what that destination is, but how ??
Because I feel I have spelled out numerous times I do not know the destination to set.
So until I find that out how I can find out this destination, I cannot set a bypass.
But how praytell do I find out the intended destination of this infernal application so that I may set the proxy bypass for it ?
Not sure if my question ever gets read, perhaps it is not clear ?
-
As an off the cuff question relating to this problem I am having,
I searched the net for the squid message, and found an interesting article.
http://www.mail-archive.com/squid-users@squid-cache.org/msg52826.html
My sme 7.3 is running ..
[root@l1nuxsvr ~]# rpm -q squid
squid-2.5.STABLE14-4.el4
Is there any plan for the likes of squid 3.1 support ?
It does sound like it would be a fix for my problem, although I suspect not a quick one.
just though t I would ask.
-
groutley
Try removing dansguardian (temporarily whilst troubleshooting) & see what happens. You may get some clues.
Also disable transparent proxy (temporarily also) & see what transpires, clue wise etc.
Look at all the logs again & see what is happening when you use that proogram.
You are expecting a definitive answer from someone here, but there is not necessarily an answer available, so don't be so expectatious.
-
Did you bother then to read the bug report referred to in the wiki article ?
If you did then you would have found Comment 4 & 10 for example, which spell it out clearly.
http://bugs.contribs.org/show_bug.cgi?id=2374#c4
http://bugs.contribs.org/show_bug.cgi?id=2374#c10
Ray,
That feature is still "under construction" and it is also spelled out "clearly" in the bug report that the feature does not work properly and may have something to do with DansGardian being installed.
Groutley has DG installed so it would probably be to his advantage if he takes his problem/findings to that bug and try to help resolve the situation with this feature or it will never work.
Groutley, I am not going to wade through this entire thread so please provide the following:
1-Have you tried disabling BOTH Squid and DG to see if the problem disappears? If you have tried this, does the problem resolve itself?
2-Have you tried enabling just squid to see if in fact it is just squid causing the problem. It just seems strange that you seem to be the first one with this problem as EA games are extremely popular.
Look at the bright side... You can tell your son that SME is so smart that it knows that he hasn't done his homework and/or chores and to stop playing video games and go do his work. This will give you some time to fix it and when the problem is solved you can tell him "Looks like you have finished your chores, lets see how smart SME really is". He logs on and Bingo, the game works and you look like a genius :-)
-
1-Have you tried disabling BOTH Squid and DG to see if the problem disappears? If you have tried this, does the problem resolve itself?
2-Have you tried enabling just squid to see if in fact it is just squid causing the problem. It just seems strange that you seem to be the first one with this problem as EA games are extremely popular.
Ok not entirely sure if I succeeded in this, squid does not seem that easy to disable? Or I have failed to locate the simple instructions.
I did this..
/sbin/e-smith/db configuration setprop squid Transparent no
/sbin/e-smith/db configuration setprop squid status disabled
/sbin/e-smith/expand-template /etc/squid/squid.conf
/etc/init.d/squid restart
service dansguardian stopmultiple attempts of the Registration process again, still resulted in the /squid/access.log..
1220823969.891 1 192.168.37.4 TCP_DENIED/400 1824 NONE error:unsupported-request-method - NONE/- text/html
1220823972.119 1 192.168.37.4 TCP_DENIED/400 1824 NONE error:unsupported-request-method - NONE/- text/html
1220823987.479 0 192.168.37.4 TCP_DENIED/400 1489 OPTIONS / - NONE/- text/html
1220823987.492 0 192.168.37.4 TCP_DENIED/400 1489 OPTIONS / - NONE/- text/html
1220823987.506 0 192.168.37.4 TCP_DENIED/400 1489 OPTIONS / - NONE/- text/html
1220823987.519 0 192.168.37.4 TCP_DENIED/400 1489 OPTIONS / - NONE/- text/html
FYI..
[root@l1nuxsvr ~]# /sbin/e-smith/db configuration show squid
squid=service
EnforceSafePorts=no
SafePorts=21,70,80,81,119,210,443,563,980,1024-65535
TCPPort=3128
TCPProxyPort=80:3128
Transparent=no
TransparentPort=3128
access=private
status=disabled
[root@l1nuxsvr ~]# service squid status
run: /service/squid: (pid 17112) 945s, normally down; run: log: (pid 3551) 209982s
[root@l1nuxsvr ~]# service dansguardian status
No DansGuardian process found.
pfloor
Look at the bright side... You can tell your son that SME is so smart that it knows that he hasn't done his homework and/or chores and to stop playing video games and go do his work. This will give you some time to fix it and when the problem is solved you can tell him "Looks like you have finished your chores, lets see how smart SME really is". He logs on and Bingo, the game works and you look like a genius :-)
I love the theory ;-) He already knows SME is smart enough to alert me to inappropriate web surfing, and self learning that attempting the next day finds the site is blocked. So SME keeping track of his chores and homework is not a huge extension on this! (that said he is 13).
Reminds me when he was very young, I had a basic LAN between 2 PC's and the cable running across the floor, he was playing Lego Loco and sent the train into the tunnel so it would appear on my PC.. He crouched over the cable on the floor, and said "I can hear the train in the tunnel dad !"
Innocence is so cute !!
-
Ok not entirely sure if I succeeded in this, squid does not seem that easy to disable? Or I have failed to locate the simple instructions.
I did this..
/sbin/e-smith/db configuration setprop squid Transparent no
/sbin/e-smith/db configuration setprop squid status disabled
/sbin/e-smith/expand-template /etc/squid/squid.conf
/etc/init.d/squid restart
Don't think that will work. If it were me, I would just do the simplest thing and go to the server-manager and change HTTP Proxy to "disabled". My server logs show a lot more templates expanded and a lot more services restarted during a proxy configuration change done through the server-manager. Logs also show squid shutting down and according to my server, squid stays down.
You can try "signal-event proxy-update"
Or just use the server-manager and disable it. You may have to enable, save, disable, save to make sure all the configurations are correct.
Try that first and report back.