Author Topic: [SOLVED] 104 Connection reseted by peer  (Read 5780 times)

igord93

  • Zen Monk
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
[SOLVED] 104 Connection reseted by peer
« on: February 28, 2014, 02:24:15 pm »
Hello folks

I put the Zentyal on work with some computers in the company, applied some filter profiles for the break of the midday, where the employees can acess almost everything, and two other filters for the work time (7 am to 12 pm & 1:30 pm to 6 pm), i don't know if it's happens because of this, but when it switches between this acess rules, the proxy give the massage 104 that the connection is reseted by peer, and the employees that I put for test are facing this same problem, but after 20 minutes more or less, the connection was restablished.

I'm a begginer usin zentyal, so if there are any logs that i can see, please tell me where they are and I can show them.

Please help, Thanks a lot
« Last Edit: March 27, 2014, 05:49:52 pm by igord93 »

christian

  • Guest
Re: 104 Connection reseted by peer
« Reply #1 on: February 28, 2014, 02:30:50 pm »
did you look at Squid logs already ?

igord93

  • Zen Monk
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #2 on: February 28, 2014, 02:36:48 pm »
Where are they? :x

christian

  • Guest
Re: 104 Connection reseted by peer
« Reply #3 on: February 28, 2014, 02:49:37 pm »
/var/log...

igord93

  • Zen Monk
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #4 on: February 28, 2014, 03:02:36 pm »
In the acess log I get a bunch of TCP_DENIED and TCP_MISS, what logs do I have to see?

igord93

  • Zen Monk
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #5 on: February 28, 2014, 09:00:46 pm »
When I came back to work, the employees tell me that they had this same problem when acessing the internet, again, i think is because of that, here are the logs of the morining.

Open wit notepad++ or somthing similar.

astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #6 on: March 01, 2014, 07:07:12 am »
Just another wild guess, but isn't the time zones on the proxy actually handled by regenerating the rules and restarting squid?
If that's the case then you could expect no internet access from the proxy while this is happening. I would expect 30 seconds or so for squid to service it's requests and restart (depending on number of users and server)

igord93

  • Zen Monk
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #7 on: March 03, 2014, 12:23:40 pm »
Let's watch what happens, I disabled the time sync and seted it manually. Any other guesses? Logs are here, please what's happening is really annoying and i thinks this couldnt be this way :)

edit:
Forgot to tell that when I reset the HTTP Proxy over the dashboard, the system come back like it should, whyyyyy?
« Last Edit: March 03, 2014, 12:26:02 pm by igord93 »

astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #8 on: March 03, 2014, 12:34:14 pm »
Just had a quick peek at your logs (was too lazy to do so before)
I can see a few problems...
One big problem is you've got digest problems (there shouldn't be a digest between your internal proxy and external proxy as internal is authorisation/authentication only and no caching). With Zentyal I've always had to go and edit the .mas file to get add no-digest as it stopped my sarg logs from working (as well as potentially causing other problems).

Edit /usr/share/zentyal/stubs/squid/squid.conf.mas and edit the line(s) cache_peer
to include no-digest , e.g
Code: [Select]
cache_peer localhost parent 3129 0 no-query no-digest proxy-only login=*:nopassword

I'm no expert, so if I'm wrong about this I'd love someone to pipe up, but your logs are full of digest errors!

astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #9 on: March 03, 2014, 12:42:41 pm »
There are also other problems you're facing that can't be explained by digest problems only...
Code: [Select]
2014/02/28 08:00:24| TCP connection to localhost/3129 failed
for 25 minutes means squid cannot connect to dansguardian which would break all browsing.
Your auth config seems to be ldap based and not kerberos, I'm not sure about that as I've not used ldap authorisation.. Is your proxy transparent?
Code: [Select]
2014/02/28 08:52:05| TunnelStateData::Connection::error: FD 47: read/write failure: (32) Broken pipe
Not sure what this means, but it can't be good.

On a side note, make sure you have enough auth helps and dansguardian instances running, otherwise you'll get long long timeouts.

igord93

  • Zen Monk
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #10 on: March 03, 2014, 12:53:17 pm »
Thanks for the worry man! Apreciate so much.

My proxy is non-transparet, i'm using LDAP auth because we use this to acess the server folders. Seted a WPAD to auto-config the browsers. I'll try this code and see what heppens afetr lunch.

Thanks again!

igord93

  • Zen Monk
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #11 on: March 03, 2014, 05:31:31 pm »
Same error after lunch, and when I restarted the service, everything came back funcional.
Is there any possibilities that it's happening because of the DHCP is off?
Thanks

astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #12 on: March 03, 2014, 05:44:31 pm »
Seems strange if DHCP is off but you set the browsers using WPAD, I thought that was pushed out by the DHCP server...

But the problems in your log don't look like that.

I'd investigate why localhost/3129 is failing, this is dansguardian. Either you don't have enough of them, or there's a problem with the configuration and it's failing to run.

verify you max_children and min_children in /etc/dansguardian/dansguardian.conf and see what your log spits out.



igord93

  • Zen Monk
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
Re: 104 Connection reseted by peer
« Reply #13 on: March 03, 2014, 08:31:53 pm »
Can it be happening because I got no Desguardian?(after a while I found it)

Btw, i set the proxy in the machines that i wanted, I'm still testing it, and i catch the WPAD over DNS too, because of some firefox issues.
« Last Edit: March 05, 2014, 09:11:09 pm by igord93 »

christian

  • Guest
Re: 104 Connection reseted by peer
« Reply #14 on: March 05, 2014, 05:17:38 pm »
Reading this thread Im' very confused. Is it feasible to install Zentyal HTTP proxy and not install (and run) Dansguardian ?
What did you install and how ?