Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astana

Pages: 1 2 [3] 4 5 ... 9
31
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 07, 2014, 05:32:02 pm »
one last thought...when is the cron job ran to regenerate script? I've a recollection it's in cron.hourly, so is that 15 mins also causing the problem?
Just another thing to investigate.

32
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 07, 2014, 03:19:45 pm »
wow! I think you've just explained what is happening!
There is no bug, if there's no rule then there will be no access!
Looks like you've found the problem yourself :D

33
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 07, 2014, 02:51:26 pm »
and what happens when you remove the change of access rules on a time period?

Btw, your syslog looks like a squid log!
try /var/logs/syslog

34
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 07, 2014, 02:12:11 pm »
Those ports are correct, see my description above.

So, knowing the logs are full you need to describe the symptoms and what you did and when Also check your syslog and dansguardian logs to see if anything is appearing there.

35
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 07, 2014, 01:25:17 pm »
Your last log is incomplete (looks like a lot is missing or no logging happened), and apart from the slow shutdown in the early morning and at 12:13 and 1:15 there are no errors, without complete logs and insight as to symptoms and actions it isn't obvious as how to help you.

36
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 06, 2014, 01:38:54 am »
it should be localhost unless you've got a very strange setup  ;)

Zentyal has a sandwich of 2 proxys with dansguardian in the middle:
Users connect to proxy:3128
proxy:3128 -> Dansgaurdian:3129 ->proxy:3130
Then back again to the client machine.
If the filling is broken (port 3129 as per your logs) then your internet won't work.
If there's not enough filling then it will be really slow for some and fine for others.

37
would that be SVG by any chance?
No plugins needed for any remotely modern browser.

But on topic for just a moment, why on earth would you want flash installed on your server?

38
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 05, 2014, 05:25:42 pm »
dansguardian is already installed, or should be by Zentyal.
It's the one responsible for the filtering.

39
Glad. It works now. Yes you are right. The difference is just the source port should be any.

I was wondering why the source port should be set as any? since I think in my Java app, I set the jdbc-mysql properties to connect at port 3306?

Once again, many thanks to your help.

Daniel

source port must be any as your application won't be sending out on the same port.

Imagine the problem of 2 web browsers running (or 2 tabs even). If they opened on port 80 then the incoming reply couldn't determine who it was for, so each browser opens a random high number port and connects to port 80.

The same I'm sure is true for your java app and pretty much every net connection on your system.

40
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 03, 2014, 05:44:31 pm »
Seems strange if DHCP is off but you set the browsers using WPAD, I thought that was pushed out by the DHCP server...

But the problems in your log don't look like that.

I'd investigate why localhost/3129 is failing, this is dansguardian. Either you don't have enough of them, or there's a problem with the configuration and it's failing to run.

verify you max_children and min_children in /etc/dansguardian/dansguardian.conf and see what your log spits out.



41
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 03, 2014, 12:42:41 pm »
There are also other problems you're facing that can't be explained by digest problems only...
Code: [Select]
2014/02/28 08:00:24| TCP connection to localhost/3129 failed
for 25 minutes means squid cannot connect to dansguardian which would break all browsing.
Your auth config seems to be ldap based and not kerberos, I'm not sure about that as I've not used ldap authorisation.. Is your proxy transparent?
Code: [Select]
2014/02/28 08:52:05| TunnelStateData::Connection::error: FD 47: read/write failure: (32) Broken pipe
Not sure what this means, but it can't be good.

On a side note, make sure you have enough auth helps and dansguardian instances running, otherwise you'll get long long timeouts.

42
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 03, 2014, 12:34:14 pm »
Just had a quick peek at your logs (was too lazy to do so before)
I can see a few problems...
One big problem is you've got digest problems (there shouldn't be a digest between your internal proxy and external proxy as internal is authorisation/authentication only and no caching). With Zentyal I've always had to go and edit the .mas file to get add no-digest as it stopped my sarg logs from working (as well as potentially causing other problems).

Edit /usr/share/zentyal/stubs/squid/squid.conf.mas and edit the line(s) cache_peer
to include no-digest , e.g
Code: [Select]
cache_peer localhost parent 3129 0 no-query no-digest proxy-only login=*:nopassword

I'm no expert, so if I'm wrong about this I'd love someone to pipe up, but your logs are full of digest errors!

43
Installation and Upgrades / Re: 104 Connection reseted by peer
« on: March 01, 2014, 07:07:12 am »
Just another wild guess, but isn't the time zones on the proxy actually handled by regenerating the rules and restarting squid?
If that's the case then you could expect no internet access from the proxy while this is happening. I would expect 30 seconds or so for squid to service it's requests and restart (depending on number of users and server)

44
Installation and Upgrades / Re: User Profile space problem
« on: February 26, 2014, 02:30:48 am »
Looks like the user quotas to me as 500MB is the default value for quotas. Try changing this number and see if it changes on the client (no need to reboot, apply quota change and refresh the explorer window)

45
Just a guess, but I'm thinking the 90 minutes is in fact the boot process. I've seen, and there are plenty of posts on the forum about the time taken to re-acl all the samba shares.
On our server this took around 20 minutes to boot up (3.0 at the time), and the later versions of Zentyal seem to boot faster, but in fact get to login quicker but haven't started all the services, so the web interface isn't really present.

It's easy to see, just run a shell or ssh in and look run top and you should see the boot process is still happening.

Pages: 1 2 [3] 4 5 ... 9