Koozali.org: home of the SME Server

Problem opening some web pages, using SME5.5u6 and 6

Offline lightman

  • ***
  • 75
  • +0/-0
Problem opening some web pages, using SME5.5u6 and 6
« on: January 15, 2005, 11:30:03 PM »
Hello.

I Write this post because I'm lost, I don't know what else to try.

Some time ago (1 month) I install a SME 6, on a very small PC (pentium 200mmx with 64 mb ram, and 2 realtek NIC).

the server worked fine but there where 2 pages that I cannot reach when I use it:
www.symantec.com and mail.yahoo.com

finally I manage to request to my cable provider to change my webstar cablemodem for a motorola one.
much better   :-D

The problem remains:
I reinstalled completelly (fresh install) of the SME 6.0.1, but changed the NIC to 3C905Tx as internal network,
 and 3c905C-TxNM as external network.

without any custom configuration, the server produces the same effect.

I still cannot open symantec.com and mail.yahoo.com

still more curious, www.yahoo.com does works! :-o

I try 2 different computers, and the problem remains.

I tested it with IE6 and with Firefox 1.0 , same results.

If I connect the computer directly to the cablemodem, the pages are reacheable, but using the SME,
it resolves the hostname but looks like if the site where offline.

I'm lost, any ideas?.
any help would be greatly appreciated   :-)
thanks
Lightman

guest22

Problem opening some web pages, using SME5.5u6 and 6
« Reply #1 on: January 15, 2005, 11:37:50 PM »
Reading this, but no clue.., :-(

Offline jeroenm

  • 18
  • +0/-0
Problem opening some web pages, using SME5.5u6 and 6
« Reply #2 on: January 16, 2005, 01:54:44 AM »
Does dns for those sites resolve properly? Try nslookup symantec.com and nslookup mail.yahoo.com (asuming you use win as a ws)
...

Offline lightman

  • ***
  • 75
  • +0/-0
Problem opening some web pages, using SME5.5u6 and 6
« Reply #3 on: January 16, 2005, 05:52:22 AM »
Quote from: "jeroenm"
Does dns for those sites resolve properly? Try nslookup symantec.com and nslookup mail.yahoo.com (asuming you use win as a ws)


Hi, thanks for reply (both of you  :-D  )

Yes the dns resolves properly from the box and doing nslookup as well, also I can ping with an answer to both sites from the linux box and from the windows box too.

when I try to open the page with the browser, It tooks forever to open (> than 2 minutes) and after that says:
Error, the requested URL could not be retrieved.
The following error was encountered:
Read Error
The system returned
(104) connection reset by peer


:(
I tryed manually entering the DNS's of my provider, and the result was the same,
every site that I tested worked but not these two.
So I don't think that would be the DNS, perhaps more probably the squid
or something in the nat config, unfortunately I know almost nothing about iptables
and how to configure a nat in linux so... I'm still lost :)

Offline smeghead

  • *
  • 552
  • +0/-0
Problem opening some web pages, using SME5.5u6 and 6
« Reply #4 on: January 16, 2005, 06:21:19 AM »
Windows Update had a similar prob for a while when behind SME and that turned out to be a poorly configured DNS record at M$ - there was a workaround for SME until it was resolved.

That being said squid can be a bit pedantic sometimes; I presume you have checked this thread:

http://forums.contribs.org/index.php?topic=25191.0

Check in the Abe Loveless contrib area for his squidproperties app.  It allows you to easily setup direct connect domains for squid.

If you can't find it mail me and I can send it to you.

HTH
..................

Offline lightman

  • ***
  • 75
  • +0/-0
Problem opening some web pages, using SME5.5u6 and 6
« Reply #5 on: January 17, 2005, 02:40:53 AM »
Hi smeghead

Yes I read that thread, actually it was mine too :)

I downloaded and installed the squidproperties contrib as you recommended but, no change.

I am almost sure that this is a squid issue (not squid fault at all, just incompatibilites between those sites and the current squid setup).

I was looking at the thread that issues the hotmail access problem, modifying some acl configs in squid solves that problem, maybe this could be that case, but my experience in squid is null.

Any good squid intro? :D .

At this time decide to reinstall SME 5.5 and preform the manual upgrades, now the SME server is fast as it should be, SME 6 is just too slow in my P200mmx machine :( , however the problem is here too, so it's not of the version 6.

I'll keep looking, if any of you have some idea would be great :), thanks.

Offline smeghead

  • *
  • 552
  • +0/-0
Problem opening some web pages, using SME5.5u6 and 6
« Reply #6 on: January 17, 2005, 03:03:22 AM »
.. if in Oz which ISP are you with?

I can access both those site via my SME server (Yum patched Mitel Unsupported 6.0).  I am using squid-2.4.STABLE6-6.7.3, what are you using (rpm -qa squid)?

Post a copy of your squid.conf file (edit anything server specific that could be abused) and I will compare it to mine.
..................

Offline lightman

  • ***
  • 75
  • +0/-0
Problem opening some web pages, using SME5.5u6 and 6
« Reply #7 on: January 17, 2005, 03:16:05 PM »
Hi!

My cable provider is fibertel (fibertel.com.ar)

my squid version is:
squid-2.4.STABLE3-1.7.2 (the one in the version
I recently instaled (SME 5.5 update 6), previously
I had squid-2.4.STABLE6

here is the config file, only domains and IP where edited the rest was untouched:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localsrc src 127.0.0.1 192.168.X.X/255.255.255.0
acl localdst dst 127.0.0.1 192.168.X.X/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535 980
acl CONNECT method CONNECT
acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK
append_domain .MYDOMAIN.org
cache_mgr admin@MYDOMAIN.org
ftp_user nobody@MYDOMAIN.org
http_access allow manager localsrc
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localsrc
http_access deny all

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
miss_access allow all

store_avg_object_size 3 KB
always_direct allow webdav
always_direct allow all
__________________________________________
that's it.

hope you see something i don't :D
thanks again!.
lightman

Offline lightman

  • ***
  • 75
  • +0/-0
Problem opening some web pages, using SME5.5u6 and 6
« Reply #8 on: January 17, 2005, 04:03:46 PM »
One more thing that I recently check.

I have 2 ISP's (1 cable & 1 DSL)

2 SME boxes (Identical, both are SME 5.5 update 6)

both in separate networks (different switches, cabling, etc).

Same squid version (checked it recently)
same squid configuration

in my DSL box, all sites works perfectly
in my CABLE box, www.symantec.com and mail.yahoo.com
doesn't work.

Another weird thing:
in the /etc/squid/squid.conf
the line that says:
httpd_accel_uses_host_header on

if i turn it off, and restart the service, I can get into the mail.yahoo.com but instead of mail, I endup in my.yahoo.com, I click on mail and return to the mail.yahoo.com external page (to enter pass again).

turned again back on as default, and await any suggestion before starting to eat the entire squid manual.

At this point, I don't care if I cannot use yahoo mail, but i really need the symantec page, since I use it a lot!.

thanks!
lightman