Author Topic: [SOLVED] Zentyal 3.0 Transparent Proxy Hangs - Random Sites (Read 3505 times)

darrengreer · « **on:** October 17, 2012, 07:51:50 pm »

All,

I've been hoping to enable transparent proxy for some time now, but each time that I do, certain sites will hang, and never load in the browser. Google.com, zentyal.org among others. The odd part is that I'll live stream the logs, and I can see the request about 30-45 seconds after initial request. This happens on multiple machines, so I doubt this is my computer.

When I disable transparent proxy, all is well. Like I said, it doesn't do it for all sites. Google.com and bing don't work, but then ask.com does. Very odd.

Any help??

ArchW · « **Reply #1 on:** October 17, 2012, 09:36:03 pm »

I had this same exact issue (see this thread: http://forum.zentyal.org/index.php/topic,11529.msg48862.html#msg48862).

This is what worked for me:

sudo nano /etc/sysctl.conf

Now add these lines at the end of file:

# IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Now Save sysctl.conf file and close.

Run this "sudo sysctl -p"

Once I ran "sudo sysctl -p" I saw that the clients now work but I rebooted to be on the safe side.

If you run "cat /proc/sys/net/ipv6/conf/all/disable_ipv6" you will get a "1" if its now disabled.

darrengreer · « **Reply #2 on:** October 18, 2012, 01:12:16 am »

Thanks for the tip, however, once I disable ipv6, most network services appear to fail. It seems as though all DNS lookups stop functioning. Tried multiple reboots.

Thoughts?

ArchW · « **Reply #3 on:** October 18, 2012, 02:37:49 am »

Good question....I'm typing this on a machine running through the Zentyal server with the ipv6 stuff canned. I had to do it at another site too. I don't know a whole lot about it and got the idea from reading about DNS issues at other sites being hampered by IPV6.

darrengreer · « **Reply #4 on:** October 18, 2012, 02:57:01 am »

I'll keep googling for an answer as to why the dns services fail with ipv6 fails, appreciate the tip. Hopefully this will solve it

If anyone else knows why I can't disable ipv6 cleanly, would appreciate feedback.

Here are the errors I would receive:

Code: [Select]

2012/10/17 18:55:06 ERROR> RESTClient.pm:289 EBox::RemoteServices::RESTClient::request - 500 : Can't connect to api.cloud.zentyal.com:443

LWP::Protocol::https::Socket: getaddrinfo: Name or service not known at /usr/share/perl5/LWP/Protocol/http.pm line 51, <GEN0> line 3.
2012/10/17 18:55:06 ERROR> run-pending-ops:62 EBox::RemoteServices::Run::Pending::__ANON__ - Can't perform the request: 500 : Can't connect to api.cloud.zentyal.com:443

LWP::Protocol::https::Socket: getaddrinfo: Name or service not known at /usr/share/perl5/LWP/Protocol/http.pm line 51, <GEN0> line 3.
2012/10/17 18:55:06 ERROR> RESTClient.pm:289 EBox::RemoteServices::RESTClient::request - 500 : Can't connect to api.cloud.zentyal.com:443

LWP::Protocol::https::Socket: getaddrinfo: Name or service not known at /usr/share/perl5/LWP/Protocol/http.pm line 51, <GEN0> line 3.
2012/10/17 18:55:06 ERROR> run-pending-ops:62 EBox::RemoteServices::Run::Pending::__ANON__ - Can't perform the request: 500 : Can't connect to api.cloud.zentyal.com:443

LWP::Protocol::https::Socket: getaddrinfo: Name or service not known at /usr/share/perl5/LWP/Protocol/http.pm line 51, <GEN0> line 3.
2012/10/17 18:55:06 ERROR> RESTClient.pm:289 EBox::RemoteServices::RESTClient::request - 500 : Can't connect to api.cloud.zentyal.com:443

LWP::Protocol::https::Socket: getaddrinfo: Name or service not known at /usr/share/perl5/LWP/Protocol/http.pm line 51, <GEN0> line 3.
2012/10/17 18:55:06 ERROR> run-pending-ops:62 EBox::RemoteServices::Run::Pending::__ANON__ - Can't perform the request: 500 : Can't connect to api.cloud.zentyal.com:443

LWP::Protocol::https::Socket: getaddrinfo: Name or service not known at /usr/share/perl5/LWP/Protocol/http.pm line 51, <GEN0> line 3.

And doing an nslookup from the shell would produce:

Code: [Select]

root@firewall:/var/log/zentyal# nslookup zentyal.com
;; Got SERVFAIL reply from 127.0.0.1, trying next server
^C
root@firewall:/var/log/zentyal# nslookup tetrago.com
;; Got SERVFAIL reply from 127.0.0.1, trying next server
^C

darrengreer · « **Reply #5 on:** October 18, 2012, 02:36:27 pm »

Found the solution to the ipv6 breaking DNS issue. After some research, I found an obscure thread for Debian that mentioned modifying the bind9 config to force ipv4 lookups only, using the following config line:

Code: [Select]

//-4 = to use ipv4 only.
So, my new bind9 config looks like:

Code: [Select]

root@firewall:# cat /etc/default/bind9 
# run resolvconf?
RESOLVCONF=no=
# startup options for the server
OPTIONS="-4 -u bind"

After a quick reboot, all appears to be well. Thanks for the IPV6 tip!!

Escorpiom · « **Reply #6 on:** October 19, 2012, 12:13:04 am »

Not so obscure, you can find it here:

Code: [Select]

http://forum.zentyal.org/index.php/topic,11300.msg45755.html
That would have solved your IPv6 issues.

Cheers.

Cookies usage

Author Topic: [SOLVED] Zentyal 3.0 Transparent Proxy Hangs - Random Sites (Read 3505 times)

darrengreer

[SOLVED] Zentyal 3.0 Transparent Proxy Hangs - Random Sites

ArchW

Re: Zentyal 3.0 Transparent Proxy Hangs - Random Sites

darrengreer

Re: Zentyal 3.0 Transparent Proxy Hangs - Random Sites

ArchW

Re: Zentyal 3.0 Transparent Proxy Hangs - Random Sites

darrengreer

Re: Zentyal 3.0 Transparent Proxy Hangs - Random Sites

darrengreer

Re: Zentyal 3.0 Transparent Proxy Hangs - Random Sites

Escorpiom

Re: [SOLVED] Zentyal 3.0 Transparent Proxy Hangs - Random Sites