Web Proxy lässt sich nicht einschalten

1. offizieller Beitrag

    Moin Moin,

    bin relativ neu im umgang mit der Endian Firewall ;)

    Habe da ein kleines Problemchen. Wir haben bei einem Kunden ein Backup der Version 2.2 gezogen und die Version 2.4 installiert. Danach das Backup wieder eingespielt. Dies hat auch wunderbar geklappt, einstellungen etc. sind alle noch da. Leider lässt sich jedoch der Web Proxy nicht aktivieren. Ich kann ihn zwar einschalten, jedoch wird er im statusmenü als angehalten aufgelistet.

    Hat da evt. jemand eine idee zu ???

    Mit freundlichem Gruß

    Sven Erdmann

    • Offizieller Beitrag

    Moin,

    was sagt denn das Log File?
    Welche Meldung gibt es wenn man den Web Proxy in der Console startet?

    also von 2.2 Backup und dann auf 2.4 wieder rein gab schon des öffteren Probleme.
    Weil u.a CaseSensetive in den Config Files beachtet wird, und in manchen Config Files das mal so und mal so steht.
    Die Erfahrung durfte ich schon einmal machen, habe dann von Hand neu konfiguriert und die Configs aus der Sicherung einzlen zurück gesichert und ersetzt.

    gruß

    So, hier ist mal die ausgabe von meinem putty nachdem wir den web-proxy dort gestartet haben:

    root@endian:~ # restartsquid.py --debug
    2011-05-31 16:33:24,832 - restartsquid.py[21979] - INFO - Initializing notification for service 'squid'
    2011-05-31 16:33:24,834 - restartsquid.py[21979] - DEBUG - i18n instance 'de/None' not found in cache. Creating.
    2011-05-31 16:33:24,835 - restartsquid.py[21979] - DEBUG - Load i18n domain 'efw'
    2011-05-31 16:33:24,907 - restartsquid.py[21979] - DEBUG - Load i18n domain 'efw.enterprise'
    2011-05-31 16:33:24,909 - restartsquid.py[21979] - DEBUG - i18n domain 'efw.enterprise' not found. Skipping...
    2011-05-31 16:33:24,911 - restartsquid.py[21979] - DEBUG - Load i18n domain 'efw.vendor'
    2011-05-31 16:33:24,913 - restartsquid.py[21979] - DEBUG - i18n domain 'efw.vendor' not found. Skipping...
    2011-05-31 16:33:24,914 - restartsquid.py[21979] - DEBUG - Loading of i18n domain stack '['efw', 'efw.enterprise', 'efw.vendor']' complete
    2011-05-31 16:33:24,834 - restartsquid.py[21979] - INFO - Lese Squid Einstellungen...
    2011-05-31 16:33:24,944 - restartsquid.py[21979] - DEBUG - {'orange': {'settings': {'ips_arr': ['192.168.11.0/255.255.255.0'], 'netaddress': '192.168.11.0', 'ips_obj': [192.168.11.0/24], 'dev': 'br1', 'broadcast': '192.168.11.255', 'ips': '192.168.11.1/24', 'netmask': '255.255.255.0', 'address': '192.168.11.1', 'cidr': '24'}}, 'green': {'settings': {'ips_arr': ['192.168.1.0/255.255.255.0'], 'netaddress': '192.168.1.0', 'ips_obj': [192.168.1.0/24], 'dev': 'br0', 'broadcast': '192.168.1.255', 'ips': '192.168.1.254/24', 'netmask': '255.255.255.0', 'address': '192.168.1.254', 'cidr': '24'}}}
    2011-05-31 16:33:24,946 - restartsquid.py[21979] - DEBUG - logging -> off; logquery -> off; loguseragent ->
    2011-05-31 16:33:24,948 - restartsquid.py[21979] - DEBUG - get dg profiles
    2011-05-31 16:33:24,950 - restartsquid.py[21979] - DEBUG - found 1 dg profiles
    2011-05-31 16:33:24,951 - restartsquid.py[21979] - DEBUG - {'content1': {'HAVP': 'off', 'NAME': '', 'PHRASELIST': 'peer2peer;pornography;warezhacking;', 'ENABLE_DANSGUARDIAN': 'on', 'BLACKLIST': 'porn;warez;', 'NAUGHTYNESSLIMIT': '160', 'IP': '127.0.0.1', 'PICS_ENABLE': 'off', 'PORT': ''}}
    2011-05-31 16:33:24,953 - restartsquid.py[21979] - DEBUG - auth is ncsa
    2011-05-31 16:33:24,954 - restartsquid.py[21979] - DEBUG - get ncsa users/groups
    2011-05-31 16:33:24,955 - restartsquid.py[21979] - DEBUG - get ncsa users
    2011-05-31 16:33:24,956 - restartsquid.py[21979] - DEBUG - get useragents
    2011-05-31 16:33:24,958 - restartsquid.py[21979] - DEBUG - 19 useragents found
    2011-05-31 16:33:24,960 - restartsquid.py[21979] - DEBUG - get useragent 0
    2011-05-31 16:33:24,961 - restartsquid.py[21979] - DEBUG - get useragent 1
    2011-05-31 16:33:24,962 - restartsquid.py[21979] - DEBUG - get useragent 2
    2011-05-31 16:33:24,964 - restartsquid.py[21979] - DEBUG - get useragent 3
    2011-05-31 16:33:24,965 - restartsquid.py[21979] - DEBUG - get useragent 4
    2011-05-31 16:33:24,966 - restartsquid.py[21979] - DEBUG - get useragent 5
    2011-05-31 16:33:24,967 - restartsquid.py[21979] - DEBUG - get useragent 6
    2011-05-31 16:33:24,968 - restartsquid.py[21979] - DEBUG - get useragent 7
    2011-05-31 16:33:24,969 - restartsquid.py[21979] - DEBUG - get useragent 8
    2011-05-31 16:33:24,970 - restartsquid.py[21979] - DEBUG - get useragent 9
    2011-05-31 16:33:24,971 - restartsquid.py[21979] - DEBUG - get useragent 10
    2011-05-31 16:33:24,972 - restartsquid.py[21979] - DEBUG - get useragent 11
    2011-05-31 16:33:24,973 - restartsquid.py[21979] - DEBUG - get useragent 12
    2011-05-31 16:33:24,974 - restartsquid.py[21979] - DEBUG - get useragent 13
    2011-05-31 16:33:24,975 - restartsquid.py[21979] - DEBUG - get useragent 14
    2011-05-31 16:33:24,976 - restartsquid.py[21979] - DEBUG - get useragent 15
    2011-05-31 16:33:24,977 - restartsquid.py[21979] - DEBUG - get useragent 16
    2011-05-31 16:33:24,978 - restartsquid.py[21979] - DEBUG - get useragent 17
    2011-05-31 16:33:24,979 - restartsquid.py[21979] - DEBUG - get useragent 18
    2011-05-31 16:33:24,981 - restartsquid.py[21979] - DEBUG - 19 useragents found
    2011-05-31 16:33:24,982 - restartsquid.py[21979] - DEBUG - get useragent 0
    2011-05-31 16:33:24,983 - restartsquid.py[21979] - DEBUG - get useragent 1
    2011-05-31 16:33:24,985 - restartsquid.py[21979] - DEBUG - get useragent 2
    2011-05-31 16:33:24,986 - restartsquid.py[21979] - DEBUG - get useragent 3
    2011-05-31 16:33:24,987 - restartsquid.py[21979] - DEBUG - get useragent 4
    2011-05-31 16:33:24,988 - restartsquid.py[21979] - DEBUG - get useragent 5
    2011-05-31 16:33:24,989 - restartsquid.py[21979] - DEBUG - get useragent 6
    2011-05-31 16:33:24,990 - restartsquid.py[21979] - DEBUG - get useragent 7
    2011-05-31 16:33:24,991 - restartsquid.py[21979] - DEBUG - get useragent 8
    2011-05-31 16:33:24,992 - restartsquid.py[21979] - DEBUG - get useragent 9
    2011-05-31 16:33:24,993 - restartsquid.py[21979] - DEBUG - get useragent 10
    2011-05-31 16:33:24,994 - restartsquid.py[21979] - DEBUG - get useragent 11
    2011-05-31 16:33:24,995 - restartsquid.py[21979] - DEBUG - get useragent 12
    2011-05-31 16:33:24,996 - restartsquid.py[21979] - DEBUG - get useragent 13
    2011-05-31 16:33:24,997 - restartsquid.py[21979] - DEBUG - get useragent 14
    2011-05-31 16:33:24,998 - restartsquid.py[21979] - DEBUG - get useragent 15
    2011-05-31 16:33:24,999 - restartsquid.py[21979] - DEBUG - get useragent 16
    2011-05-31 16:33:25,000 - restartsquid.py[21979] - DEBUG - get useragent 17
    2011-05-31 16:33:25,001 - restartsquid.py[21979] - DEBUG - get useragent 18
    2011-05-31 16:33:25,003 - restartsquid.py[21979] - DEBUG - get ncsa groups
    2011-05-31 16:33:25,004 - restartsquid.py[21979] - DEBUG - read policy rules
    2011-05-31 16:33:25,006 - restartsquid.py[21979] - DEBUG - 0 rules found
    2011-05-31 16:33:25,007 - restartsquid.py[21979] - DEBUG - []
    2011-05-31 16:33:25,008 - restartsquid.py[21979] - DEBUG - {'ORANGE_ENABLED': '', 'NTLM_BDC': '', 'MAX_FILEDESC': '25626', 'HAVP_ENABLED': 'off', 'NOCACHE': '', 'PDC_ADDRESS': '', 'LDAP_PERSON_OBJECT_CLASS': 'person', 'BDC_ADDRESS': '', 'LDAP_SERVER': '', 'NCSA_MIN_PASS_LEN': '6', 'DST_NOCACHE': '', 'FORWARD_IPADDRESS': 'off', 'REMOTEAUTH': '*:password', 'NTLM_PDC': '', 'UPSTREAM_USER': '', 'ZONES': {'orange': {'settings': {'ips_arr': ['192.168.11.0/255.255.255.0'], 'netaddress': '192.168.11.0', 'ips_obj': [192.168.11.0/24], 'dev': 'br1', 'broadcast': '192.168.11.255', 'ips': '192.168.11.1/24', 'netmask': '255.255.255.0', 'address': '192.168.11.1', 'cidr': '24'}}, 'green': {'settings': {'ips_arr': ['192.168.1.0/255.255.255.0'], 'netaddress': '192.168.1.0', 'ips_obj': [192.168.1.0/24], 'dev': 'br0', 'broadcast': '192.168.1.255', 'ips': '192.168.1.254/24', 'netmask': '255.255.255.0', 'address': '192.168.1.254', 'cidr': '24'}}}, 'USERAGENTS': [<__main__.Useragent instance at 0xb6fe8a0c>, <__main__.Useragent instance at 0xb6fe8a4c>, <__main__.Useragent instance at 0xb6fe8aac>, <__main__.Useragent instance at 0xb6fe8acc>, <__main__.Useragent instance at 0xb6fe8b2c>, <__main__.Useragent instance at 0xb6fe8b8c>, <__main__.Useragent instance at 0xb6fe8bec>, <__main__.Useragent instance at 0xb6fe8c2c>, <__main__.Useragent instance at 0xb6fe8cac>, <__main__.Useragent instance at 0xb6fe8ccc>, <__main__.Useragent instance at 0xb6fe8d4c>, <__main__.Useragent instance at 0xb6fe8d8c>, <__main__.Useragent instance at 0xb6fe8dec>, <__main__.Useragent instance at 0xb6fe8e6c>, <__main__.Useragent instance at 0xb6fe8eec>, <__main__.Useragent instance at 0xb6fe8f6c>, <__main__.Useragent instance at 0xb6fe8fac>, <__main__.Useragent instance at 0xb6fe902c>, <__main__.Useragent instance at 0xb6fe904c>, <__main__.Useragent instance at 0xb6fe912c>, <__main__.Useragent instance at 0xb6fe916c>, <__main__.Useragent instance at 0xb6fe91cc>, <__main__.Useragent instance at 0xb6fe91ec>, <__main__.Useragent instance at 0xb6fe924c>, <__main__.Useragent instance at 0xb6fe92ac>, <__main__.Useragent instance at 0xb6fe930c>, <__main__.Useragent instance at 0xb6fe934c>, <__main__.Useragent instance at 0xb6fe93cc>, <__main__.Useragent instance at 0xb6fe93ec>, <__main__.Useragent instance at 0xb6fe946c>, <__main__.Useragent instance at 0xb6fe94ac>, <__main__.Useragent instance at 0xb6fe950c>, <__main__.Useragent instance at 0xb6fe958c>, <__main__.Useragent instance at 0xb6fe960c>, <__main__.Useragent instance at 0xb6fe968c>, <__main__.Useragent instance at 0xb6fe96cc>, <__main__.Useragent instance at 0xb6fe972c>, <__main__.Useragent instance at 0xb6fe974c>], 'USERS': [], 'BLUE_ENABLED': '', 'PROXY_ENABLED': 'on', 'CACHE_MEM': '40', 'PORTS': '80 # http,21 # ftp,70 # gopher,210 # wais,1025-65535,280 # http-mgmt,488 # gss-http,591 # filemaker,777 # multiling http,800 # Squid (for icons)', 'LDAP_BINDDN_PASS': '', 'CACHE_PEER_OPTS': 'default', 'UPSTREAM_ENABLED': 'off', 'LIB_EXEC_DIR': '/usr/lib/squid', 'L1_DIRS': '', 'LDAP_BASEDN': '', 'UPSTREAM_PORT': '8080', 'FORWARD_USERNAME': '', 'UPSTREAM_PASSWORD': '', 'NTLM_ENABLE_ACL': 'off', 'TRANSPARENT_RULES': ['GREEN&VPN:ANY'], 'ADMIN_MAIL_ADDRESS': '', 'NTLM_ENABLE_INT_AUTH': '', 'AUTH_METHOD': 'ncsa', 'LOG_FIREWALL': 'off', 'LOGQUERY': 'off', 'OFFLINE_MODE': 'off', 'LDAP_BINDDN_USER': '', 'AUTH_IPCACHE_TTL': '0', 'GREEN_ENABLED': 'transparent', 'LDAP_TYPE': 'ADS', 'MAX_OUTGOING_SIZE': '0', 'BYPASSRULES': [], 'MAX_SIZE': '1024', 'RADIUS_IDENTIFIER': '', 'DANSGUARDIAN_LOGGING': 'off', 'LOGGING': 'off', 'LDAP_PORT': '389', 'USERDB': '/var/efw/proxy/ncsausers', 'AUTH_CHILDREN': '20', 'SSLPORTS': '443 # https,563 # snews,3001 # ntop', 'DANSGUARDIAN_ENABLED': 'off', 'UPSTREAM_SERVER': '', 'RADIUS_USER_ACL': 'positive', 'NTLM_USER_ACL': 'positive', 'AUTH_CACHE_TTL': '60', 'RADIUS_SECRET': '', 'RADIUS_SERVER': '', 'GROUPS': [], 'CACHE_SIZE': '500', 'DANSGUARDIAN_PROFILES': {'content1': {'HAVP': 'off', 'NAME': '', 'PHRASELIST': 'peer2peer;pornography;warezhacking;', 'ENABLE_DANSGUARDIAN': 'on', 'BLACKLIST': 'porn;warez;', 'NAUGHTYNESSLIMIT': '160', 'IP': '127.0.0.1', 'PICS_ENABLE': 'off', 'PORT': ''}}, 'AUTH_ALLOW_USERS': '', 'VISIBLE_HOSTNAME': 'endian.stc', 'MEM_POLICY': '', 'REPLY_BODY_MAX_SIZE': '0', 'MIN_SIZE': '0', 'CACHE_POLICY': '', 'AUTH_REALM': 'Proxy Server', 'AUTH_DENY_USERS': '', 'MAINSETTINGS': {'MAIN_SMARTHOST': '', 'MAIN_ADMINMAIL': '', 'WINDOWWITHHOSTNAME': '', 'LANGUAGE': 'de', 'DOMAINNAME': 'stc', 'HOSTNAME': 'endian', 'KEYMAP': '/usr/share/kbd/keymaps/i386/qwerty/us.map.gz', 'TIMEZONE': 'Europe/Berlin', 'MAIN_MAILFROM': ''}, 'ERR_LANGUAGE': 'de', 'AUTH_MAX_USERIP': '0', 'BYPASS_DESTINATION': '', 'PROXY_PORT': '800', 'RULES': [], 'RADIUS_ENABLE_ACL': 'off', 'LOGUSERAGENT': '', 'RADIUS_PORT': '1645', 'NTLM_DOMAIN': '', 'BYPASS_SOURCE': '', 'MAX_INCOMING_SIZE': '0', 'LDAP_GROUP_OBJECT_CLASS': 'group'}
    2011-05-31 16:33:25,012 - restartsquid.py[21979] - INFO - Schreibe Squid Konfiguration...
    2011-05-31 16:33:25,013 - restartsquid.py[21979] - DEBUG - write configs
    2011-05-31 16:33:25,014 - restartsquid.py[21979] - DEBUG - write acls
    2011-05-31 16:33:25,016 - restartsquid.py[21979] - DEBUG - {'SSLPORTS': '/etc/squid/acls/sslports.acl', 'ORANGE_SUBNETS': '/etc/squid/acls/orange_subnets.acl', 'PORTS': '/etc/squid/acls/ports.acl', 'DST_NOCACHE': '/etc/squid/acls/dst_nocache.acl', 'GREEN_SUBNETS': '/etc/squid/acls/green_subnets.acl'}
    /usr/lib/python2.4/site-packages/Cheetah/Compiler.py:1578: UserWarning: You supplied an empty string for the source!
    2011-05-31 16:33:25,916 - restartsquid.py[21979] - DEBUG - DANSGUARDIAN_ENABLED: off
    2011-05-31 16:33:25,917 - restartsquid.py[21979] - DEBUG - HAVP_ENABLED: off
    2011-05-31 16:33:25,920 - restartsquid.py[21979] - DEBUG - Reload auth
    2011-05-31 16:33:25,921 - restartsquid.py[21979] - INFO - Lade Authentifizierung neu...
    Traceback (most recent call last):
    File "/usr/local/bin/migration_efw-dnsmasq_2.1_2.2.py", line 45, in ?
    del settings[key]
    File "/usr/lib/python2.4/site-packages/endian/data/container/settings.py", line 350, in __delitem__
    File "/usr/lib/python2.4/site-packages/endian/core/specialdict.py", line 34, in __delitem__
    File "/usr/lib/python2.4/UserDict.py", line 19, in __delitem__
    KeyError: 'DNSMASQ_BLACKHOLE_REVISION_URL'
    dnsmasq (pid 17455) is running...
    2011-05-31 16:33:27,802 - restartsquid.py[21979] - DEBUG - Start proxy
    2011-05-31 16:33:27,828 - restartsquid.py[21979] - DEBUG - start squid
    2011-05-31 16:33:27,830 - restartsquid.py[21979] - INFO - Starte Squid...
    Starting squid: [ OK ]
    PURPLE: tap0
    PURPLE: tap0
    2011-05-31 16:33:29,696 - restartsquid.py[21979] - DEBUG - Restart HAVP
    2011-05-31 16:33:30,111 - restarthavp.py[22078] - INFO - Initializing notification for service 'havp'
    2011-05-31 16:33:30,114 - restarthavp.py[22078] - INFO - Lese HAVP Einstellungen...
    2011-05-31 16:33:30,216 - restarthavp.py[22078] - INFO - Initializing notification for service 'havp'
    clamd (pid 5500) is running...
    2011-05-31 16:33:31,347 - restarthavp.py[22078] - INFO - Schreibe HAVP Konfiguration...
    2011-05-31 16:33:31,420 - restarthavp.py[22078] - INFO - Stoppe HAVP...
    havp is stopped
    2011-05-31 16:33:31,530 - restartsquid.py[21979] - DEBUG - Restart Dansguardian
    2011-05-31 16:33:32,053 - restartdansguardian.py[22135] - INFO - Initializing notification for service 'dansguardian'
    2011-05-31 16:33:32,223 - restartdansguardian.py[22135] - INFO - Schreibe Dansguardian Konfiguration...
    2011-05-31 16:33:32,423 - restartdansguardian.py[22135] - INFO - Stoppe Dansguardian...
    2011-05-31 16:33:32,510 - restartsquid.py[21979] - DEBUG - Restart sarg
    2011-05-31 16:33:32,878 - restartsarg.py[22147] - INFO - Initializing notification for service 'sarg'
    2011-05-31 16:33:32,881 - restartsarg.py[22147] - INFO - Lese SARG Einstellungen...
    2011-05-31 16:33:32,955 - restartsarg.py[22147] - INFO - Schreibe SARG Konfiguration...


    Leider steht hiernach immernoch unser web-proxy dienst als off in der statusanzeige... :(

    • Offizieller Beitrag

    Moin,
    das hatte ich auch schon !
    Habe die Endian dann noch mal neu installiert und den Proxy ausgelassen bevor ich die Wiederherstellung durchgeführt habe !
    Dann ging es, bei einer anderen Maschine waren alle Versuche vergebens !
    Ich habe dann die 2.2 Upgedatet auf 2.4.1 und dann die Sicherung gemacht und auf die neue Maschine gespielt.

    Gruß Sabine

    EFW Version im Einsatz:
    2 x Endian UTM Enterprise Software Appliance 3.0.5
    1 x Endian Community 3.2.4
    2 x 2.5.1
    8 x 2.2 Final