URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 87301
[ Назад ]

Исходное сообщение
"Проблема: Lynx + Gateway"

Отправлено Dashet , 17-Ноя-09 05:15 
Здравствуйте!
В нашей сети шлюзом является WIn2k3 + Kerio Winroute Firewall 6.2.3. Доступ в интернет осуществляется посредством Kerio - прокси, либо NAT. Проблема в том, что при использовании NAT Lynx не открыват веб-страницы. При запуске сначала пишет на фоне красной полосы "Alert! HTTP/1.0 500 WebInterface disabled", потом "Requested page cannot be found. Please contact your firewall administrator.". Firewall administrator говорит, что у него всё настроено. И правда, ftp, например, работает. Fetch - тоже.
Я гуглил - вроде как проблема есть, но решения не нашёл.

Содержание

Сообщения в этом обсуждении
"Проблема: Lynx + Gateway"
Отправлено 123 , 20-Ноя-09 03:22 
up



"Проблема: Lynx + Gateway"
Отправлено anonymous , 21-Ноя-09 14:27 
>Здравствуйте!
>В нашей сети шлюзом является WIn2k3 + Kerio Winroute Firewall 6.2.3. Доступ
>в интернет осуществляется посредством Kerio - прокси, либо NAT. Проблема в
>том, что при использовании NAT Lynx не открыват веб-страницы. При запуске
>сначала пишет на фоне красной полосы "Alert! HTTP/1.0 500 WebInterface disabled",
>потом "Requested page cannot be found. Please contact your firewall administrator.".
>Firewall administrator говорит, что у него всё настроено. И правда, ftp,
>например, работает. Fetch - тоже.

сделайте lynx -trace http://ya.ru и опубликуйте Lynx.trace


"Проблема: Lynx + Gateway"
Отправлено Dashet , 22-Ноя-09 08:32 
>сделайте lynx -trace http://ya.ru и опубликуйте Lynx.trace

Пожалуйста:
===============
===============
===============
Lynx Trace Log (2.8.6rel.5)

lynx_setup_colors
lynx_map_color(0)
......
lynx_map_color(7)
LYNX_SIG_FILE set to '/root/.lynxsig'
HTMLDTD: Copying strict DTD element info of size 6188, 119 * 52
Loading cfg file '/usr/local/etc/lynx.cfg'.
opening config file /usr/local/etc/lynx.cfg
lynx_chg_color(color=6, fg=9, bg=0)
lynx_map_color(6)
opening config file /usr/local/etc/lynx.lss
HStyle_addStyle(normal:         normal:                 lightgray:black)
......
HStyle_addStyle(span.htmlsrc_sgmlspecial:normal:        yellow)
LYFindLocaleCharset(0)
Found name "US-ASCII" -> 1
HTParse: aName:`http://lynx.isc.org/'
   relatedName:`'
   want: punc anchor path host access
HTParse: (ABS)
HTParse:      result:`http://lynx.isc.org/'
parse_arg(arg_name=-trace, mask=4, count=1)
parse_arg lookup(trace)
...skip (mask 4/2)
parse_arg(arg_name=http://77.88.21.8, mask=4, count=2)
parse_arg startfile:http://77.88.21.8
HTMLSetCharacterHandling: LYRawMode changed OFF -> ON
ProcessMailcapFile: Loading file '/usr/local/lib/mosaic/mailcap'.
ProcessMailcapFile: Could not open '/usr/local/lib/mosaic/mailcap'.
HTFormat: Looking up presentation for text/plain to www/present
FindPresentation: found exact match: text/plain
HTFormat: Looking up presentation for text/html to www/present
FindPresentation: found exact match: text/html
HTFilterPresentations (AcceptMedia 0x1)
HTFileInit: Loading default (HTInit) extension maps.
HTLoadExtensionsConfigFile: Loading file '/usr/local/lib/mosaic/mime.types'.
HTLoadExtensionsConfigFile: Could not open '/usr/local/lib/mosaic/mime.types'.
Window size changed from (24,80) to (25,80)
Screen size: initscr()
Screen size is now 25 x 80
opening config file /usr/local/etc/lynx.lss
HStyle_addStyle(normal:         normal:                 lightgray:black)
......
HStyle_addStyle(span.htmlsrc_sgmlspecial:normal:        yellow)
lynx_init_colors (default 15/0)
start_curses: done.
HTParse: aName:`http://77.88.21.8'
   relatedName:`'
   want: punc anchor path host access
HTParse: (ABS)
HTParse:      result:`http://77.88.21.8/'
LYMain: User in REMOTE domain
Entering mainloop, startfile=http://77.88.21.8/
getfile: getting http://77.88.21.8/

HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: host
HTParse:      result:`77.88.21.8'

Entered HTAnchor_findAddress
New anchor 0x81b8180 has hash 225 and address `http://77.88.21.8/'
HTAccess: loading document http://77.88.21.8/
get_physical http://77.88.21.8/
HTParse: aName:`http://77.88.21.8/'
   relatedName:`file:'
   want: access
HTParse:      result:`http'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: host
HTParse:      result:`77.88.21.8'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: access
HTParse:      result:`http'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: host
HTParse:      result:`77.88.21.8'
Looking up 77.88.21.8
Making HTTP connection to 77.88.21.8
TCP: Error 36 in `SOCKET_ERRNO' after call to this socket's first connect() failed.
        Operation now in progress
TCP: Error 36 in `SOCKET_ERRNO' after call to this socket's first select() failed.
        Operation now in progress
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: punc path
HTParse: (ABS)
HTParse:      result:`/'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: host
HTParse:      result:`77.88.21.8'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: punc path
HTParse: (ABS)
HTParse:      result:`/'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: path
HTParse: (ABS)
HTParse:      result:`'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: host
HTParse:      result:`77.88.21.8'
LYCookie: Searching for '77.88.21.8:80', '/'.
Composing Authorization for 77.88.21.8:80/
HTAASetup_lookup: No template matched `' (so probably not protected)
HTTP: Not sending authorization (yet).
Writing:
GET / HTTP/1.0\r
Host: 77.88.21.8\r
Accept: text/html, text/plain, text/css, text/sgml, */*;q=0.01\r
Accept-Encoding: gzip, compress, bzip2\r
Accept-Language: en\r
User-Agent: Lynx/2.8.6rel.5 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e-p1\r
\r
----------------------------------
Sending HTTP request.
HTTP: WRITE delivered OK
HTTP request sent; waiting for response.
HTTP: Trying to read 1535
HTTP: Read 1261
HTTP: Rx: HTTP/1.0 500 WebInterface disabled
HTTP: Scanned 2 fields from line_buffer
--- Talking HTTP1.

Alert!: HTTP/1.0 500 WebInterface disabled

HTFormat: Constructing stream stack for www/mime to www/present ((null))
HTFormat: Looking up presentation for www/mime to www/present
StreamStack: found weak wildcard match: www/present
FindPresentation: found exact match: www/mime
StreamStack: found exact match: www/mime
StreamStack: Returning "MIMEParser"
HTMIME:  Pragma: no-cache
Cache-Control: no-cache
Content-type: text/html;charset=utf-8
Connection: close

<html><body>Requested page cannot be found. Please contact firewall administrator.</body></html>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
HTMIME: Got 'P' at beginning of line, state now P
HTMIME: Was P, found R, state now PR'
HTMIME: Was PR, found A, checking for 'gma'
HTMIME: PICKED UP Pragma: 'no-cache'
HTMIME: Got 'C' at beginning of line, state now C
HTMIME: Was C, found A, checking for 'che-control:'
HTMIME: PICKED UP Cache-Control: 'no-cache'
HTMIME: Got 'C' at beginning of line, state now C
HTMIME: Was C, found O, state now CO'
HTMIME: Was CO, found N, state now CON
HTMIME: Was CON, found T, checking for 'ent-'
HTMIME: in case CONTENT_
HTMIME: Was CONTENT_, found T, state now CONTENT_T
HTMIME: in case CONTENT_T
HTMIME: Was CONTENT_T, found Y, checking for 'pe:'
HTMIME: PICKED UP Content-Type: 'text/html;charset=utf-8'
HTMIME: Got 'C' at beginning of line, state now C
HTMIME: Was C, found O, state now CO'
HTMIME: Was CO, found N, state now CON
HTMIME: Was CON, found N, checking for 'ection:'
HTMIME: PICKED UP Connection: 'close'
HTMIME: Extended MIME Content-Type is text/html;charset=utf-8
HTMIME: MIME Content-Type is 'text/html', converting to 'www/present'
HTFormat: Constructing stream stack for text/html to www/present (text/html;charset=utf-8)
HTFormat: Looking up presentation for text/html to www/present
FindPresentation: found exact match: text/html
StreamStack: found exact match: text/html
HTMLPresent calling CacheThru_new
start HTML_new
UCSetTransParams: from utf-8(43) to iso-8859-1(0)
StreamStack: Returning "SGMLParser"
SGML: Start <HTML>
UCSetTransParams: from iso-8859-1(0) to iso-8859-1(0)
GridText: start HText_new
UCSetTransParams: from iso-8859-1(0) to iso-8859-1(0)
GridText: Change to style Normal
me->tag_charset: 0 -> 43 (me->UCLYhndl: 0, tag_charset: 43)
HTML:begin_element[0]: adding style to stack - Normal (HTML)
SGML: Start <BODY>
HTML:begin_element[1]: adding style to stack - Normal (BODY)
SGML: End </BODY>
SGML: End </HTML>
Data transfer complete
GridText: Entering HText_endAppend
GridText: split_line(0 [now:71]) called
GridText: Entering HText_trimHightext (final)
HTAccess:  status=200
HTAccess: `http://77.88.21.8/' has been accessed.
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: host
HTParse:      result:`77.88.21.8'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: access
HTParse:      result:`http'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: punc host access
HTParse:      result:`http://77.88.21.8'
HTParse: aName:`http://77.88.21.8/'
   relatedName:`'
   want: punc path
HTParse: (ABS)
HTParse:      result:`/'
Starting realm is 'http://77.88.21.8/'

HTAddGotoURL http://77.88.21.8/
HTcan_reparse_document -> 0
GridText: HText_pageDisplay at line 1 started
GridText: HText_pageDisplay finished
GETCH: Got 0x1b.
LYReadCmdKey(0) ->End (0x107)
Info message: You are already at the end of this document.
HTcan_reparse_document -> 0
GETCH: Got 0x79.
LYReadCmdKey(0) ->y (0x79)
Info message: Commands: Use arrow keys to move, '?' for help, 'q' to quit, '<-' to go back.
HTcan_reparse_document -> 0
GETCH: Got 0x1b.
LYReadCmdKey(0) ->End (0x107)
Info message: You are already at the end of this document.
HTcan_reparse_document -> 0
GETCH: Got 0x79.
LYReadCmdKey(0) ->y (0x79)
Info message: Commands: Use arrow keys to move, '?' for help, 'q' to quit, '<-' to go back.
HTcan_reparse_document -> 0
GETCH: Got 0x71.
LYReadCmdKey(0) ->q (0x71)
Confirm: Are you sure you want to quit? (y) GETCH: Got 0x79.
LYReadCmdKey(4) ->y (0x79)
- YES.
stop_curses: done.
===============
===============
===============

Я несколько подсократил его, удалив явно не относящиеся, на мой взгляд, к делу строчки.


"Проблема: Lynx + Gateway"
Отправлено anonymous , 22-Ноя-09 21:13 
>>сделайте lynx -trace http://ya.ru и опубликуйте Lynx.trace
>
>Writing:
>GET / HTTP/1.0\r
>Host: 77.88.21.8\r
>Accept: text/html, text/plain, text/css, text/sgml, */*;q=0.01\r
>Accept-Encoding: gzip, compress, bzip2\r
>Accept-Language: en\r
>User-Agent: Lynx/2.8.6rel.5 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7e-p1\r

подозрительно.  у меня так:

Writing:
GET / HTTP/1.0\r
Host: ya.ru\r
Accept: text/html, text/plain, text/css, text/sgml, */*;q=0.01\r
Accept-Encoding: gzip, compress, bzip2\r
Accept-Language: en\r
Accept-Charset: windows-1251, iso-8859-1;q=0.01, us-ascii;q=0.01\r
User-Agent: Lynx/2.8.6rel.5 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8e\r

похоже, kerio прикидывается transparent proxy...


"Проблема: Lynx + Gateway"
Отправлено Dashet , 23-Ноя-09 06:22 
>похоже, kerio прикидывается transparent proxy...

Нет, не прикидывается. Прокси непрозрачный, с аутентификацией.

1. Предупреждение фоне красной полосы "Alert! HTTP/1.0 500 WebInterface disabled" не выводится при отключении NAT.
2. При включённом NAT в логах Winroute при попытке соединения фиксируется вот что:

В "connections":
[23/Nov/2009 09:08:02] [ID] 7319 [Rule] bsd [Service] HTTP [Connection] TCP 10.0.0.201:59052 -> ya.ru:80 [Duration] 121 sec [Bytes] 0/1481/1481 [Packets] 0/4/4

В "packet_filter":
[23/Nov/2009 09:17:55] PERMIT "bsd" packet from ppls_loc, proto:TCP, len:64, ip/port:10.0.0.201:64841 -> 93.158.134.8:80, flags: SYN , seq:2713392026 ack:0, win:65535, tcplen:0
[23/Nov/2009 09:17:55] PERMIT "bsd" packet to ppls_loc, proto:TCP, len:64, ip/port:93.158.134.8:80 -> 10.0.0.201:64841, flags: SYN ACK , seq:2118632722 ack:2713392027, win:16384, tcplen:0
[23/Nov/2009 09:17:55] PERMIT "bsd" packet from ppls_loc, proto:TCP, len:52, ip/port:10.0.0.201:64841 -> 93.158.134.8:80, flags: ACK , seq:2713392027 ack:2118632723, win:33304, tcplen:0
[23/Nov/2009 09:17:55] PERMIT "bsd" packet from ppls_loc, proto:TCP, len:290, ip/port:10.0.0.201:64841 -> 93.158.134.8:80, flags: ACK PSH , seq:2713392027 ack:2118632723, win:33304, tcplen:238
[23/Nov/2009 09:17:55] PERMIT "bsd" packet to ppls_loc, proto:TCP, len:1313, ip/port:93.158.134.8:80 -> 10.0.0.201:64841, flags: ACK PSH , seq:2118632723 ack:2713392265, win:65297, tcplen:1261
[23/Nov/2009 09:17:55] PERMIT "bsd" packet to ppls_loc, proto:TCP, len:52, ip/port:93.158.134.8:80 -> 10.0.0.201:64841, flags: FIN ACK , seq:2118633984 ack:2713392265, win:65297, tcplen:0
[23/Nov/2009 09:17:55] PERMIT "bsd" packet from ppls_loc, proto:TCP, len:52, ip/port:10.0.0.201:64841 -> 93.158.134.8:80, flags: ACK , seq:2713392265 ack:2118633985, win:32673, tcplen:0
[23/Nov/2009 09:18:01] PERMIT "bsd" packet from ppls_loc, proto:TCP, len:52, ip/port:10.0.0.201:64841 -> 93.158.134.8:80, flags: FIN ACK , seq:2713392265 ack:2118633985, win:33304, tcplen:0
[23/Nov/2009 09:18:01] PERMIT "bsd" packet to ppls_loc, proto:TCP, len:52, ip/port:93.158.134.8:80 -> 10.0.0.201:64841, flags: ACK , seq:2118633985 ack:2713392266, win:65297, tcplen:0


"Проблема: Lynx + Gateway"
Отправлено oslik , 26-Ноя-09 09:25 
>Здравствуйте!
>В нашей сети шлюзом является WIn2k3 + Kerio Winroute Firewall 6.2.3. Доступ
>в интернет осуществляется посредством Kerio - прокси, либо NAT. Проблема в
>том, что при использовании NAT Lynx не открыват веб-страницы. При запуске
>сначала пишет на фоне красной полосы "Alert! HTTP/1.0 500 WebInterface disabled",
>потом "Requested page cannot be found. Please contact your firewall administrator.".
>Firewall administrator говорит, что у него всё настроено. И правда, ftp,
>например, работает. Fetch - тоже.
>Я гуглил - вроде как проблема есть, но решения не нашёл.

?


"Проблема: Lynx + Gateway"
Отправлено oslik , 30-Ноя-09 05:25 
>Здравствуйте!
>В нашей сети шлюзом является WIn2k3 + Kerio Winroute Firewall 6.2.3. Доступ
>в интернет осуществляется посредством Kerio - прокси, либо NAT. Проблема в
>том, что при использовании NAT Lynx не открыват веб-страницы. При запуске
>сначала пишет на фоне красной полосы "Alert! HTTP/1.0 500 WebInterface disabled",
>потом "Requested page cannot be found. Please contact your firewall administrator.".
>Firewall administrator говорит, что у него всё настроено. И правда, ftp,
>например, работает. Fetch - тоже.
>Я гуглил - вроде как проблема есть, но решения не нашёл.

Помогите, пожалуйста.