Severe firewall problem. I do not access the cockpit - web proxy problem - partial navigation

[root@fw-agrario /]# cat /etc/*release
CentOS Linux release 7.9.2009 (Core)
NethServer release 7.9.2009 (final)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.9.2009 (Core)
CentOS Linux release 7.9.2009 (Core)
[root@fw-agrario /]#
[root@fw-agrario var]# yum update nethserver-cockpit
Loaded plugins: changelog, nethserver_events
http://u3.nethesis.it/stable/C400F067-CE5B-4339-AE00-19959CD5C378/7.9.2009/nethesis-updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
To address this issue please refer to the below wiki article

https://wiki.centos.org/yum-errors

If above article doesn't help to resolve this issue please use https://bugs.centos.org/.

https://u3.nethesis.it/stable/C400F067-CE5B-4339-AE00-19959CD5C378/7.9.2009/nethesis-updates/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
http://u2.nethesis.it/stable/C400F067-CE5B-4339-AE00-19959CD5C378/7.9.2009/nethesis-updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
https://u2.nethesis.it/stable/C400F067-CE5B-4339-AE00-19959CD5C378/7.9.2009/nethesis-updates/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.


 One of the configured repositories failed (Nethesis Updates 7),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=nethesis-updates ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable nethesis-updates
        or
            subscription-manager repos --disable=nethesis-updates

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=nethesis-updates.skip_if_unavailable=true

failure: repodata/repomd.xml from nethesis-updates: [Errno 256] No more mirrors to try.
http://u3.nethesis.it/stable/C400F067-CE5B-4339-AE00-19959CD5C378/7.9.2009/nethesis-updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden
https://u3.nethesis.it/stable/C400F067-CE5B-4339-AE00-19959CD5C378/7.9.2009/nethesis-updates/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
http://u2.nethesis.it/stable/C400F067-CE5B-4339-AE00-19959CD5C378/7.9.2009/nethesis-updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden
https://u2.nethesis.it/stable/C400F067-CE5B-4339-AE00-19959CD5C378/7.9.2009/nethesis-updates/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
[root@fw-agrario var]#

the web proxy may cause problems. I can browse all websites on my machine. but my machine is a host excluded from the proxy. how do you restart the web proxy? or how to fix it?

Do you have a subscription? And in that case, have you checked if it has expired?

1 Like

I have no idea.

systemctl restart squid

thank you. unfortunately it doesn’t work. I don’t understand why on the machine where I excluded the proxy, everything works, while on the others I can only do a google search

Does it work for the clients if you temporarily stop squid and ufdbGuard services?
Any clues from logs?

So there are at least three symptoms?

  • Unable to yum update (Forbidden - an expired subscription?)
  • Unable to access cockpit interface
  • Clients unable to browse the web
2 Likes