I am new to Astaro and have a problem which is defeating me.
I have the Astaro Security Gateway happily running on my Jetway Intel Atom 230, 2 mb Ram, Compaq NC3131(twin) network card. My installation runs at home with the Wan side being a 50 mb cable modem (Virgin/NTL).
Having grandchildren I made sure that I chose maximum security throughout all the options during the installation wizard. Works a treat and doesn't tax the Intel Atom at all.
Along comes grandaughter number 2 - big complaint as she cannot login into her Club Penguin account!! We can get to the website Club Penguin - Waddle around and meet new friends!, however. when we try to login, the timer screen just sits there and we never get authenticated. Club Penguin (Disney) provide the info that the following ports need to be open for TCP, 3724,6112,6113 & 9875. I have created exceptions, stopped the proxy, created port exceptions, etc etc and still we cannot login.
I have examined all the logs and cannot see anything pertaining to Club Penguin (64.224.215.135)
I understand Club Penguin is a safe chat room for kids. I am sure I would have blocked chat rooms during the installation wizard. Clearly, I still want to block chat rooms but I would like to create an exception for Club Penguin.
I am tempted to rebuild Astaro without specifying any restrictions just to see it work - but then that defeats the whole object of installing the Astaro in the first place!
I have searched the Knowledgebase and the forum, but I cannot seem to work out this problem.
Is there a tried method of creating an exception to allow access to one particular site?
Your help will be gratefully received by me and of course, granddaughter number 2!
With the exception packet filter rules do they come before or after your default stop rule.
The exception rule should be at the top.
With your rules if you want to see successful packets as well as failures you need to tick logging for each rule. The start the display rules log, then try to login.
Ian M
XGS118 - v21.5.0
XG115 converted to software licence v21.5.0
If a post solves your question please use the 'Verify Answer' button.
well, do you use proxy? if yes, which kind of authentication or configuration?
You can try to add an exemption for the site under web security - HTTP/S - exception
Witch is the error message of the browser?
In the packet filter try internal-->any-->any and check log traffic and have a look to the log
I gave up and I have rebuilt the Astaro… I’m on 7.405 i.e. up2date updated. This time during the Wizard process I chose not to enable any of the features. So I guess I have an IP router with Nat enabled. I still could not login in to ClubPenguin. This time, however, I saw in the Packet Filter log the dropped packets. I created a Network Security – Packet filter exception (any) for Club Penguin - Waddle around and meet new friends! (64.224.215.135) …. Still couldn’t log in. So I modified the Packet filter exception to the class c net i.e. 64.224.215.135/24… Bingo!! - I logged in. I enabled the HTTP Proxy (Transparent) and it stopped the login, so I created an entry in the Transparent mode skiplist. I have since added in Content Filter blocks and all seems O.K. I am wondering if this is as secure as enabling all the security features during the Install Wizard? There were options to stop Chat etc etc. which I cannot see where to turn on now. Maybe with my new knowledge of the requirements of Club Penguin I’ll do a another rebuild enabling all the features and creating these exceptions. (By the way I received SPAM from an Astaro member –
________________________________________ This e-mail was blocked because it is likely to be spam, virus infected, or caught by the expression or file extension scanner. ________________________________________
From: j_moussa@optusnet.com.au To: stanch@***************** Subject: Power to express your love Reason: spam Extra: confirmed Size: 4 KB
…the power to express my love, eh!
Virgin Media/NTL fibre cable runs past my house. They put a pair of co-ax cables into the house from their street cabinet. The bundled service provides phone, HD TV, normal TV, plus 50 mbs Internet (unmetered- I wonder for how long!). I used to have SKY satellite TV and tried their ADSL Internet but they would not allow my works Ipsec VPN to function. So I cancelled the lot and went with Virgin Media. I think because the TV service is cheaper than SKY’s it can set off the rather high cost of the 50 mbs. Intenet service, £35 (British pounds sterling) per month. I’m not sure I get 50 mbs. all the time, more like 25-30 mbs, however it’s about 1.2 mbs “up the other way” and occasionally I am very surprised at the speed of a download (2 mbs/sec) however, it’s noticeable a lot of websites cannot provide that sort of speed.
Quote