[Cialug] Network Help

Dan Schlichting dan at cpugeek.org
Mon Feb 6 14:28:12 CST 2012 

It shouldn't even be hitting dans or squid. I can't find in the logs
where it is.

I am not sure where the ssl timeout is. I assume you mean on the cc
machine. I am not sure how to extend it.

I am going to have to unplug the dans and squid box when I get a
chance and see if it works then.

Thanks

Dan

On Mon, Feb 6, 2012 at 2:22 PM, Josh More <jmore at starmind.org> wrote:
> Test to see if the problem goes away when Squid is out of the loop.
>
> If so...
>
> 1) See if extending the timeout for the SSL connection fixes it.  If so,
> see if a cronjob on the Squid box can force the connection to stay open.
>
> 2) Research "HTTP Chunked Encoding", consider whether the devs created an
> unnecessary dependency in terminal identification, swear, write a squid
> bypass.   (Ran into this one with a postage machine once.)
>
> -Josh More
>
> On Mon, Feb 6, 2012 at 2:15 PM, Dan Schlichting <dan at cpugeek.org> wrote:
>
>> It is credit card machine.
>>
>> Terminal : vx570
>> OS Version QC0009A3
>>
>> Gateway ping 10.24.105.250
>> ok (14ms)
>>
>> DNS Ping 8.8.8.8
>> ok(37 ms)
>>
>> DNS Lookup WWW.YAHOO.COM
>> 209.191.122.70
>> ok(57 ms)
>>
>> host ping
>> www.yahoo.com
>> ok (82 ms)
>>
>> tcp connect
>> tptrans.lynksystems.com:6660
>> ok(156 ms)
>>
>> ssl connect
>> tptrans.lynksystems.com:6660
>> Connection Fail.
>>
>> the second time I run this test it works.
>>
>> This is what I get. I am using iptables _> Squid -> Dans Guardian. I
>> put the ip of the cc machine in to iptables telling it to accept on
>> port 80
>>
>>  Generated by iptables-save v1.4.4 on Wed May 26 14:05:56 2010
>> *nat
>> :PREROUTING ACCEPT [147546:13298714]
>> :POSTROUTING ACCEPT [215781:15656013]
>> :OUTPUT ACCEPT [88519:5319275]
>> -A PREROUTING -s 10.24.105.0/24 -i br0 -p tcp -m tcp --dport 80 -j
>> REDIRECT --to-ports 8080
>> -A PREROUTING -s 10.24.105.79/32 -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
>> -A PREROUTING -s 10.24.105.230/32 -i br0 -p tcp -m tcp --dport 80 -j
>> ACCEPT
>> -A PREROUTING -s 10.24.105.231/32 -i br0 -p tcp -m tcp --dport 80 -j
>> ACCEPT
>> -A PREROUTING -s 10.24.105.232/32 -i br0 -p tcp -m tcp --dport 80 -j
>> ACCEPT
>> -A PREROUTING -s 10.24.105.233/32 -i br0 -p tcp -m tcp --dport 80 -j
>> ACCEPT
>> COMMIT
>> # Completed on Wed May 26 14:05:56 2010
>> # Generated by iptables-save v1.4.4 on Wed May 26 14:05:56 2010
>> *mangle
>> :PREROUTING ACCEPT [10931945:6385197488]
>> :INPUT ACCEPT [5309683:3726084089]
>> :FORWARD ACCEPT [5940367:2702501504]
>> :OUTPUT ACCEPT [5397847:3863989676]
>> :POSTROUTING ACCEPT [11335014:6566247175]
>> COMMIT
>> # Completed on Wed May 26 14:05:56 2010
>> # Generated by iptables-save v1.4.4 on Wed May 26 14:05:56 2010
>> *filter
>> :INPUT ACCEPT [2762866:1946976922]
>> :FORWARD ACCEPT [11417:1189951]
>> :OUTPUT ACCEPT [5397847:3863989676]
>> :tcprules - [0:0]
>> -A INPUT -j tcprules
>> -A FORWARD -j tcprules
>> -A tcprules -s 10.24.105.253/32 -d 10.24.105.245/32 -i br0 -m state
>> --state NEW -j ACCEPT
>> -A tcprules -s 10.24.105.253/32 -d 10.24.105.19/32 -i br0 -m state
>> --state NEW -j ACCEPT
>> -A tcprules -s 10.24.105.253/32 -d 10.24.105.0/24 -i br0 -m state
>> --state NEW -j DROP
>> -A tcprules -i br0 -p icmp -m state --state NEW -j ACCEPT
>> -A tcprules -s 10.24.105.0/24 -i br0 -m state --state NEW -j ACCEPT
>> -A tcprules -p icmp -m state --state INVALID -j DROP
>> -A tcprules -i br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>> COMMIT
>>
>>
>> On Mon, Feb 6, 2012 at 1:56 PM, Michael Davis <mpdavis at iastate.edu> wrote:
>> > How are you trying to hook the site?
>> >
>> > I would imagine that you are going to have to post at least part of the
>> > code you are trying to use.
>> >
>> > Michael Davis
>> > ECpE - Iowa State University
>> > WebFilings Software Development Intern
>> > IASG Treasurer
>> >
>> >
>> > On Mon, Feb 6, 2012 at 1:18 PM, Dan Schlichting <dan at cpugeek.org> wrote:
>> >
>> >> I have a situation where a specific site won't load the first time but
>> >> it does the second time.
>> >>
>> >> I am trying to hook to a ssl site. The first time it fails and then
>> >> after that it works.
>> >>
>> >> Does anyone have any idea why. It isn't my firewall I am by passing it.
>> >>
>> >> If you need more information let me know.
>> >>
>> >> Thanks
>> >>
>> >> Dan
>> >> _______________________________________________
>> >> Cialug mailing list
>> >> Cialug at cialug.org
>> >> http://cialug.org/mailman/listinfo/cialug
>> >>
>> > _______________________________________________
>> > Cialug mailing list
>> > Cialug at cialug.org
>> > http://cialug.org/mailman/listinfo/cialug
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list