Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Subscribers 2 subscribers
  • Views 15595 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't access random websites. DNS questions.

jadec712

I'm having some strange DNS behavior. My config: I have a HyperV Host  with two NICS running a DNS server and Sophos Firewall. 1 NIC is connected to the modem, and the other is connected to an asus router. I'm using Sophos as the DHCP server, and I have everything on the intranet using the local DNS server. I have DNS Forwarders in Sophos pointing to the OpenDNS IPs. I'm having two problems. 1. when I go to welcome.opendns.com it says I'm not using the OpenDNS IPs. 2. Random websites are failing to load with a ERROR_CONNECTION_REST or ERROR_CONNECTION_ABORTED. I've tried connecting a router to the modem directly and I don't have any issues getting to the same websites that fail when i go through the firewall. So, I don't think it's the modem/ISP. Googling the errors everything tells me that it's DNS related, but I have no idea why. I've made a rule on firewall to open all ports to my laptop, so I don't know what else could be blocking.  Anyone have any ideas why i only have issues reaching some sites when going through the firewall?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Which website fail to load and what does the http.log reflect? Please post the logs here.

    Try the DNS best practice guide by Bob here.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    imgur.com, reddit.com, and marvel.wikia.com are three i've run into. Sometimes the pages will load without any of the graphics/formatting, but a refresh will usually make it fail outright with the connection reset/aborted message. I've modified my settings to meet all the Best Practices except step 3, but I'm still running into the same issue.

     

    I'm not sure where the http.log file is. Can you point me in the right direction to find it? 

     

    Thanks,

    Juan

  • 0 in reply to jadec712

    Fullscreen http.log.txt Download 
    2016:10:03-01:35:18 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:03-01:35:19 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="432" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2016:10:03-01:35:19 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3762" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2016:10:03-01:35:19 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 258"
2016:10:03-01:35:31 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="saviscanner_log" file="saviscanner.c" line="360" message="Reloading SAVI threat data"
2016:10:03-01:35:40 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="saviscanner_log" file="saviscanner.c" line="360" message="Reloading SAVI threat data finished, engine 3.65.2, threat data 5.30 from 9/8/2016 (11789428 detected threats)"
2016:10:03-01:40:24 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="142" message="reloading ATP pattern"
2016:10:03-01:40:24 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="160" message="reloading ATP pattern finished"
2016:10:03-13:21:18 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:03-13:21:18 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="432" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2016:10:03-13:21:18 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3762" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2016:10:03-13:21:19 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 316"
2016:10:03-13:21:25 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:03-13:21:25 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="432" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2016:10:03-13:21:25 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3762" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2016:10:03-13:21:26 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 317"
2016:10:03-13:21:33 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:03-13:21:33 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="432" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2016:10:03-13:21:33 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3762" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2016:10:03-13:21:33 www URID[5266]: T=5266 ------ 1 - [exit] SIGTERM: exiting
2016:10:03-13:21:33 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 318"
2016:10:03-13:21:39 www URID[10050]: T=10050 ------ 1 - [exit] SIGTERM: exiting
2016:10:03-13:21:39 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:03-13:21:39 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="432" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2016:10:03-13:21:39 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3762" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2016:10:03-13:21:48 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="saviscanner.c" line="381" message="Successfully loaded SAVI threat data, engine 3.65.2, threat data 5.30 from 9/8/2016 (11789428 detected threats)"
2016:10:03-13:21:48 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 319"
2016:10:03-13:26:25 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="142" message="reloading ATP pattern"
2016:10:03-13:26:26 www httpproxy[5536]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="160" message="reloading ATP pattern finished"

    I found the log. I don't see anything in the file that references the websites I'm having trouble with though. 

  • 0 in reply to jadec712

    Hi,

    Check #1 in the brilliant guide by Bob here. Do you capture anything now? 

    What is the operation mode of Web Filtering? If it is configured to work in transparent mode then define the website in skip transparent host destination box found in Filter option> Misc.

    Any help with that?

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0 in reply to jadec712

    Hi,

    Check #1 in the brilliant guide by Bob here. Do you capture anything now? 

    What is the operation mode of Web Filtering? If it is configured to work in transparent mode then define the website in skip transparent host destination box found in Filter option> Misc.

    Any help with that?

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data
Unfiltered HTML