Blocked Website

webfilter
webproxy

(Oladipo Segun) #1

I installed a nethserver for a school and i enabled the web proxy and content filter. the school website normally loads on any pc connected to the nethserver but after a while, it stops working. i cant even ping the site even though i add it to hosts without proxy or domain without proxy. what do i do as i have to reload the server each time this happens. i just reinstalled the server just to find out that i cant even ping the school website on the server but when i use a proxy site like zend2 or bypass the server, the site works


(Markus Neuberger) #2

Are there errors in the logfiles /var/log/messages, ../squid/cache.log or access.log?

Do you use manual, auth or transparent proxy? Does it occur if you disable the content filter?

It may be a hardware problem too like faulty NIC:


(Oladipo Segun) #3

i have not checked var/log/messages yet but i just installed the server and i have not even enabled the content filter yet. i dont think it is a faulty nic because every other network requests goes through. i use transparent proxy with ssl. i have even disabled web proxy yet it is not going


(Markus Neuberger) #4

Do your clients use the Nethserver as DNS/DHCP server?

Next to the logs nslookup SCHOOLWEBSITEHOST and also traceroute from server and clients may help to find the error.

Just to recap:
After a fresh Nethserver installation without proxy and content filter everything works. After some time the clients can’t ping the school website (that is not hosted on Nethserver) anymore?


(Oladipo Segun) #5

the school website is not hosted here. it is hosted on this ip 68.168.103.242. i cant even ping this ip in diagnostics. is there a reason for that. is there a way to only load a particular part of configuration restoration? thanks


(Markus Neuberger) #6

I can ping and browse to the IP without problems. I can see a default webpage.

Please try a traceroute from the diagnostics to see if some other device is blocking.

Does ping to another IP work?

The configuration databases are saved in \var\lib\nethserver\db\
In the backup-config.tar.xz you’ll find them too. You may compare them but I don’t think that’s the problem in this case as you wrote it happens on a fresh installation too.


(Oladipo Segun) #7

i can ping the ip too on another computer connected directly to the internet but on any computer connected to the nethserver or on the server, it doesn’t go through.

my second question is because of the dhcp ip reservation. sometimes i want to just load the dhcp config alone from the backup so as to avoid bringing back previous settings


(Oladipo Segun) #8

traceroute results

traceroute to 68.168.103.242 (68.168.103.242), 30 hops max, 60 byte packets
1 197.210.204.185 1.302 ms 1.278 ms 1.279 ms
2 197.210.202.185 6.150 ms 6.138 ms 6.117 ms
3 10.2.254.201 6.940 ms 7.153 ms 7.423 ms
4 10.2.254.204 6.939 ms 7.133 ms 7.400 ms
5 10.2.254.185 9.524 ms 9.520 ms 9.513 ms
6 41.181.247.74 100.733 ms 100.063 ms 100.029 ms
7 41.181.189.66 99.964 ms 99.684 ms 99.622 ms
8 212.187.167.65 99.479 ms 99.728 ms 99.770 ms
9 * * *
10 4.14.71.142 225.641 ms 223.552 ms 223.430 ms
11 216.55.160.4 223.268 ms 223.634 ms 226.068 ms
12 216.55.160.57 229.077 ms 229.058 ms 226.521 ms
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *


(Markus Neuberger) #9

Is it the same internet connection the other computer and the Nethserver are using?

The last hop seems not to work. Could it be a problem at the webhost provider?

My traceroute result to compare
traceroute to 68.168.103.242 (68.168.103.242), 30 hops max, 60 byte packets
 1  192.168.1.11  0.523 ms  0.398 ms  0.358 ms
 2  192.168.0.1  3.384 ms * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * 84.116.134.6  20.021 ms  17.556 ms
 8  80.81.192.182  18.603 ms  19.168 ms  18.944 ms
 9  207.88.15.77  185.678 ms  184.006 ms  184.651 ms
10  207.88.13.56  183.954 ms  186.917 ms  192.069 ms
11  207.88.12.211  184.824 ms  185.075 ms  185.405 ms
12  207.88.12.208  185.908 ms  186.277 ms  184.550 ms
13  207.88.12.152  184.128 ms  184.081 ms  184.005 ms
14  207.88.12.221  183.577 ms  184.395 ms  184.547 ms
15  216.156.16.37  185.108 ms  185.450 ms  185.994 ms
16  216.2.142.158  172.354 ms  174.512 ms  171.419 ms
17  216.55.160.6  188.182 ms  187.265 ms  187.321 ms
18  216.55.160.59  187.954 ms  187.920 ms  187.889 ms
19  68.168.103.242  185.810 ms  185.871 ms *

The reservations are stored in the dhcp db:

db dhcp show

It is located in /var/lib/nethserver/db/dhcp

I still recommend to do a manual config backup and just restore from it when needed. You may keep it updated to not overwrite settings with old ones.
Changing values directly in the DB may harm your Nethserver.


(Oladipo Segun) #10

yes, they are using the same internet connection. it baffles me that the site opens directly on our internet connection but not on any nethserver connected computer.

so there is no way to choose what to restore like firewall config or web proxy config. opensense gateway has something like that


(Markus Neuberger) #11

Is there some special configuration like a router in bridge mode or VLAN in your network?
Does the school webserver block in some way?

Not an easy way like doing it from web UI.

Here is some information about how the DHCP configuration works:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-dnsmasq.html#dhcp