[Cialug] Network Help

Josh More jmore at starmind.org
Mon Feb 6 14:22:22 CST 2012


Test to see if the problem goes away when Squid is out of the loop.

If so...

1) See if extending the timeout for the SSL connection fixes it.  If so,
see if a cronjob on the Squid box can force the connection to stay open.

2) Research "HTTP Chunked Encoding", consider whether the devs created an
unnecessary dependency in terminal identification, swear, write a squid
bypass.   (Ran into this one with a postage machine once.)

-Josh More

On Mon, Feb 6, 2012 at 2:15 PM, Dan Schlichting <dan at cpugeek.org> wrote:

> It is credit card machine.
>
> Terminal : vx570
> OS Version QC0009A3
>
> Gateway ping 10.24.105.250
> ok (14ms)
>
> DNS Ping 8.8.8.8
> ok(37 ms)
>
> DNS Lookup WWW.YAHOO.COM
> 209.191.122.70
> ok(57 ms)
>
> host ping
> www.yahoo.com
> ok (82 ms)
>
> tcp connect
> tptrans.lynksystems.com:6660
> ok(156 ms)
>
> ssl connect
> tptrans.lynksystems.com:6660
> Connection Fail.
>
> the second time I run this test it works.
>
> This is what I get. I am using iptables _> Squid -> Dans Guardian. I
> put the ip of the cc machine in to iptables telling it to accept on
> port 80
>
>  Generated by iptables-save v1.4.4 on Wed May 26 14:05:56 2010
> *nat
> :PREROUTING ACCEPT [147546:13298714]
> :POSTROUTING ACCEPT [215781:15656013]
> :OUTPUT ACCEPT [88519:5319275]
> -A PREROUTING -s 10.24.105.0/24 -i br0 -p tcp -m tcp --dport 80 -j
> REDIRECT --to-ports 8080
> -A PREROUTING -s 10.24.105.79/32 -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
> -A PREROUTING -s 10.24.105.230/32 -i br0 -p tcp -m tcp --dport 80 -j
> ACCEPT
> -A PREROUTING -s 10.24.105.231/32 -i br0 -p tcp -m tcp --dport 80 -j
> ACCEPT
> -A PREROUTING -s 10.24.105.232/32 -i br0 -p tcp -m tcp --dport 80 -j
> ACCEPT
> -A PREROUTING -s 10.24.105.233/32 -i br0 -p tcp -m tcp --dport 80 -j
> ACCEPT
> COMMIT
> # Completed on Wed May 26 14:05:56 2010
> # Generated by iptables-save v1.4.4 on Wed May 26 14:05:56 2010
> *mangle
> :PREROUTING ACCEPT [10931945:6385197488]
> :INPUT ACCEPT [5309683:3726084089]
> :FORWARD ACCEPT [5940367:2702501504]
> :OUTPUT ACCEPT [5397847:3863989676]
> :POSTROUTING ACCEPT [11335014:6566247175]
> COMMIT
> # Completed on Wed May 26 14:05:56 2010
> # Generated by iptables-save v1.4.4 on Wed May 26 14:05:56 2010
> *filter
> :INPUT ACCEPT [2762866:1946976922]
> :FORWARD ACCEPT [11417:1189951]
> :OUTPUT ACCEPT [5397847:3863989676]
> :tcprules - [0:0]
> -A INPUT -j tcprules
> -A FORWARD -j tcprules
> -A tcprules -s 10.24.105.253/32 -d 10.24.105.245/32 -i br0 -m state
> --state NEW -j ACCEPT
> -A tcprules -s 10.24.105.253/32 -d 10.24.105.19/32 -i br0 -m state
> --state NEW -j ACCEPT
> -A tcprules -s 10.24.105.253/32 -d 10.24.105.0/24 -i br0 -m state
> --state NEW -j DROP
> -A tcprules -i br0 -p icmp -m state --state NEW -j ACCEPT
> -A tcprules -s 10.24.105.0/24 -i br0 -m state --state NEW -j ACCEPT
> -A tcprules -p icmp -m state --state INVALID -j DROP
> -A tcprules -i br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
> COMMIT
>
>
> On Mon, Feb 6, 2012 at 1:56 PM, Michael Davis <mpdavis at iastate.edu> wrote:
> > How are you trying to hook the site?
> >
> > I would imagine that you are going to have to post at least part of the
> > code you are trying to use.
> >
> > Michael Davis
> > ECpE - Iowa State University
> > WebFilings Software Development Intern
> > IASG Treasurer
> >
> >
> > On Mon, Feb 6, 2012 at 1:18 PM, Dan Schlichting <dan at cpugeek.org> wrote:
> >
> >> I have a situation where a specific site won't load the first time but
> >> it does the second time.
> >>
> >> I am trying to hook to a ssl site. The first time it fails and then
> >> after that it works.
> >>
> >> Does anyone have any idea why. It isn't my firewall I am by passing it.
> >>
> >> If you need more information let me know.
> >>
> >> Thanks
> >>
> >> Dan
> >> _______________________________________________
> >> Cialug mailing list
> >> Cialug at cialug.org
> >> http://cialug.org/mailman/listinfo/cialug
> >>
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list