Hello,
it seems that the upstream-proxy setting is only used for http-connections, not https/ssl/443 connections. [:S]
My config:
DMZ: ACC-Server (VMware)
|
v
ASG: Proxy-Port for ACC-connect to upstream-proxy allowed (port tcp/8081)
|
v
Provider-Proxy: Proxy for http/80, https/443 and ftp/21
|
v
Internet
On ACC 1.401 I configured the Upstream-Proxy under "ACC Management->Settings->Up2Date", IP-adress, port 8081, no username/password.
On ASG I configured an packetfilter rule: Allow ACC via port 8081 to Provider-Proxy.
After hitting the button "Manual prefetch now->Start" I see exactly one connection in the packetfilter-livelog: Accept: ACC:12345 -> Provider-Proxy:8081
Fine, thats what I expected.
Some minutes later the first ASG connected to the ACC, the livelog shows the following:
ACCEPT: Another ASG:12345 -> ACC:8080
It seems the the first ASG trys to get the updates from the ACC, which is configured as Up2Date-Cache on port 8080.
Exactly after this the ACC begins with the following connections:
Default DROP: ACC:12345 -> 213.198.93.249:443
Default DROP: ACC:12345 -> 128.242.114.243:443
etc.
The ACC tries to connect to all Astaro-Update-Servers directly via port ssl/443.
Is ACC broken and the upstream-proxy-setting is only used for http/80-traffic and not https/ssl/443-traffic or am I missing a detail?
What can I do?
Regards,
Manuel
This thread was automatically locked due to age.
