Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: igord93 on February 28, 2014, 02:24:15 pm
-
Hello folks
I put the Zentyal on work with some computers in the company, applied some filter profiles for the break of the midday, where the employees can acess almost everything, and two other filters for the work time (7 am to 12 pm & 1:30 pm to 6 pm), i don't know if it's happens because of this, but when it switches between this acess rules, the proxy give the massage 104 that the connection is reseted by peer, and the employees that I put for test are facing this same problem, but after 20 minutes more or less, the connection was restablished.
I'm a begginer usin zentyal, so if there are any logs that i can see, please tell me where they are and I can show them.
Please help, Thanks a lot
-
did you look at Squid logs already ?
-
Where are they? :x
-
/var/log...
-
In the acess log I get a bunch of TCP_DENIED and TCP_MISS, what logs do I have to see?
-
When I came back to work, the employees tell me that they had this same problem when acessing the internet, again, i think is because of that, here are the logs of the morining.
Open wit notepad++ or somthing similar.
-
Just another wild guess, but isn't the time zones on the proxy actually handled by regenerating the rules and restarting squid?
If that's the case then you could expect no internet access from the proxy while this is happening. I would expect 30 seconds or so for squid to service it's requests and restart (depending on number of users and server)
-
Let's watch what happens, I disabled the time sync and seted it manually. Any other guesses? Logs are here, please what's happening is really annoying and i thinks this couldnt be this way :)
edit:
Forgot to tell that when I reset the HTTP Proxy over the dashboard, the system come back like it should, whyyyyy?
-
Just had a quick peek at your logs (was too lazy to do so before)
I can see a few problems...
One big problem is you've got digest problems (there shouldn't be a digest between your internal proxy and external proxy as internal is authorisation/authentication only and no caching). With Zentyal I've always had to go and edit the .mas file to get add no-digest as it stopped my sarg logs from working (as well as potentially causing other problems).
Edit /usr/share/zentyal/stubs/squid/squid.conf.mas and edit the line(s) cache_peer
to include no-digest , e.g
cache_peer localhost parent 3129 0 no-query no-digest proxy-only login=*:nopassword
I'm no expert, so if I'm wrong about this I'd love someone to pipe up, but your logs are full of digest errors!
-
There are also other problems you're facing that can't be explained by digest problems only...
2014/02/28 08:00:24| TCP connection to localhost/3129 failed
for 25 minutes means squid cannot connect to dansguardian which would break all browsing.
Your auth config seems to be ldap based and not kerberos, I'm not sure about that as I've not used ldap authorisation.. Is your proxy transparent?
2014/02/28 08:52:05| TunnelStateData::Connection::error: FD 47: read/write failure: (32) Broken pipe
Not sure what this means, but it can't be good.
On a side note, make sure you have enough auth helps and dansguardian instances running, otherwise you'll get long long timeouts.
-
Thanks for the worry man! Apreciate so much.
My proxy is non-transparet, i'm using LDAP auth because we use this to acess the server folders. Seted a WPAD to auto-config the browsers. I'll try this code and see what heppens afetr lunch.
Thanks again!
-
Same error after lunch, and when I restarted the service, everything came back funcional.
Is there any possibilities that it's happening because of the DHCP is off?
Thanks
-
Seems strange if DHCP is off but you set the browsers using WPAD, I thought that was pushed out by the DHCP server...
But the problems in your log don't look like that.
I'd investigate why localhost/3129 is failing, this is dansguardian. Either you don't have enough of them, or there's a problem with the configuration and it's failing to run.
verify you max_children and min_children in /etc/dansguardian/dansguardian.conf and see what your log spits out.
-
Can it be happening because I got no Desguardian?(after a while I found it)
Btw, i set the proxy in the machines that i wanted, I'm still testing it, and i catch the WPAD over DNS too, because of some firefox issues.
-
Reading this thread Im' very confused. Is it feasible to install Zentyal HTTP proxy and not install (and run) Dansguardian ?
What did you install and how ?
-
dansguardian is already installed, or should be by Zentyal.
It's the one responsible for the filtering.
-
That's my understanding too, reason why I don't understand these comments about "shall I install Dansguardian?"
-
Sorry for the misunderstanding, I went to the etc/ folder and didn't find dansguardian, so, like i'm not familiarized with Zentyal, I supposed that it wasn't installed, but after a while I found it.
I'm not used to it, i'm just trying to get better with your help :)
Continuing, I saw the conf of desguardian, and noticed that the proxy was wrong, I set my to 192.168.0.253 and it was 127.0.0.1, can it be that?
I'll wait until tomorrow to check if it works.
Thanks guys
-
it should be localhost unless you've got a very strange setup ;)
Zentyal has a sandwich of 2 proxys with dansguardian in the middle:
Users connect to proxy:3128
proxy:3128 -> Dansgaurdian:3129 ->proxy:3130
Then back again to the client machine.
If the filling is broken (port 3129 as per your logs) then your internet won't work.
If there's not enough filling then it will be really slow for some and fine for others.
-
So if it's broken, what is the solution, reinstall zentyal?
Or it is sort of a misconfiguration?
My max and min children are default, what do I have to watch in the logs? Don't know much what to look for.
Is this happening because of this switching rules? Remembering that everytime that this error occures, reseting the HTTP proxy always fixes this.
-
the cache log from today
-
Maaaaan
Everytime I need to restart this ProxyHTTP, such a pain :(
-
Your last log is incomplete (looks like a lot is missing or no logging happened), and apart from the slow shutdown in the early morning and at 12:13 and 1:15 there are no errors, without complete logs and insight as to symptoms and actions it isn't obvious as how to help you.
-
But I taked all the cache log, can u advise me where should I have to look?
The only thing I can say is that every time a reset it came back to work, i'm frustrated
Thanks
-
Those ports are correct, see my description above.
So, knowing the logs are full you need to describe the symptoms and what you did and when Also check your syslog and dansguardian logs to see if anything is appearing there.
-
Here are the logs, from sys and dansguardian
Hope it can help
The symptoms are like I said, when it changes the access rules, it came with the massege 104 Connection reseted by peer, and when I reset the Proxy HTTP, it come back to work normally.
-
and what happens when you remove the change of access rules on a time period?
Btw, your syslog looks like a squid log!
try /var/logs/syslog
-
These are my filters, maybe it's because i'm not contemplating all the hours of the day?
The log that I sent is the one that you cited
-
wow! I think you've just explained what is happening!
There is no bug, if there's no rule then there will be no access!
Looks like you've found the problem yourself :D
-
Same thing as always :(
Even with all the hours filled
-
one last thought...when is the cron job ran to regenerate script? I've a recollection it's in cron.hourly, so is that 15 mins also causing the problem?
Just another thing to investigate.
-
Where do I find this cron?
Or where do I have to go, what do I gotta do?
changed from 13:15 to 13:01 and the other from 13:16 to 13:01, is that correct?
-
Loosing hope, still nothing :'(
Anyone that faced this problem?
-
The problem was that indeed, I wasnt able to connect to the internet because I didn't have a base rule to cover all the time, so what I did was add a rule with no time lapse in it, causing it to stay full time.
Thanks for all the suport folks.
Mods, you can put this thread as [RESOLVED]