Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 2 subscribers
  • Views 2349 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Linux Centos IPtables issue - related rms Agent

Louis C

Dear all,

Even i got "Heartbeat to parent succeeded" in /opt/sophos-av/rms/Router/Logs/Router-*.log
& "ClientMRInit successful" in /opt/sophos-av/rms/ClientMRInit-*.log


I found an error in /opt/sophos-av/rms/Agent/Logs/Agent-*.log as below
===============================
17.11.2016 10:17:13 E700 I Initializing ...
17.11.2016 10:17:13 E700 I Running certificate verification...
17.11.2016 10:17:13 E700 W Failed to obtain public key certificate.
17.11.2016 10:17:13 E700 I Deleting store...
17.11.2016 10:17:13 E700 I Getting new certificate...
17.11.2016 10:17:15 E700 E CORBA::Exception: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/TRANSIENT:1.0'
OMG minor code (2), described as 'No usable profile in IOR.', completed = NO
ClientConnection::Reconnect()
===============================
* I can get IOR by telnet Sophos Server port 8192 *


I found and confirmed these failed related with iptables rules:
-A OUTPUT -j REJECT --reject-with icmp-host-prohibited       ##(confirmed is OUTPUT and cannot remove refer by policy)

and I tried to add rules to accept applications port access and reference port number from below page:
https://community.sophos.com/kb/en-us/38385


when tcpdump i got this message:
serverhostip > clienthostip ICMP host clienthostip  unreachable - admin prohibited, length 56


and i add below to fix this error message in iptables:
-A OUTPUT -d HostIP/Netmask -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -d HostIP/Netmask -p icmp --icmp-type 8 -m state --state ESTABLISHED,RELATED -j ACCEPT

 

Even I did those tasks for troubleshoot but still not working, and the end if i stop iptables service or ignore reject ICMP on the CentOS, it would be work.

Any ideas? I had re-install twice and , i hope to make sure which protocol or how to fix this issue permanent when install new Sophos Client Hosts.

Thanks a lot.

Best Regards, 
Louis

For Reference:
* Related OS: CentOS 5,6
* Status by savconfig get
Email: root@localhost
EmailDemandSummaryIfThreat: true
EmailLanguage: English
EmailNotifier: true
EmailServer: localhost:25
EnableOnStart: true
ExclusionEncodings: UTF-8
EUC-JP
ISO-8859-1
LogMaxSizeMB: 100
NotifyOnUpdate: false
PrimaryUpdateSourcePath: //ServerIP/SophosUpdate/CIDs/S000/savlinux
PrimaryUpdateUsername: virus_def
PrimaryUpdatePassword: ********
UploadSamples: false
SendErrorEmail: true
SendThreatEmail: true
UINotifier: true
UIpopupNotification: true
UIttyNotification: true
LiveProtection: enabled
ScanArchives: mixed



This thread was automatically locked due to age.
Unfiltered HTML