We have a Firebox 700. It had been working OK till yesterday. I installed 6.2 yesterday and downloaded the database. Logging is working fine. The webblocker utility says it's installed and running. There are no errors in the logs. When I activate webblocker, we can not get to the internet. The browser says "web site found. Waiting for reply...." It stays there until it finally times out. It's as if we are no longer plugged in to our router. If I turn off webblocker, we get to the internet just fine. We do NOT get the "blocked by web blocker" or any other browser alerts. I tried reinstalling 6.1 SP1 and downloaded the database again. Still the same, so I put it back to 6.2. Did something change with the database? Our Firebox 700 is in drop-in mode. Our router does NAT. Nat is turned off on the Firebox. Nothing else has changed. Anyone have any ideas?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Can not access web since 6.2
- Thread starter tmckeown
- Start date
There are a couple posts on WG's site referencing this issue. It seems that in this case they have reloaded WebBlocker and restarted the service to fix it.
I've been holding off on updating for just this reason. Let me know if the above works or if you come across another solution.
I've been holding off on updating for just this reason. Let me know if the above works or if you come across another solution.
- Thread starter
- #4
Sorry for the double posts. I wasn't aware that the two forums are linked in any way. I guess I was hoping for a new set of ears. I'm working on trying to put together some log info. I did try reloading many times. I even went so far as to reset the Firebox and completely reconfigure it. I'll post some log files in a bit.
Thanks,
Tom
Thanks,
Tom
- Thread starter
- #6
Here is the log files for a few minutes. It goes from when I enabled web blocker to when I disabled it.
__________________________________
194298 03/21/03 12:35:26 y firewalld[104] Putting file wg.cfg (from 192.168.1.102)
194308 03/21/03 12:35:28 y firewalld[104] File synchronization completed
194328 03/21/03 12:35:28 y validator[103] Loading PKI Objects
194338 03/21/03 12:35:28 y validator[103] Validator daemon is unable to load PKI objects - Daemon runs in limited mode
194348 03/21/03 12:35:28 y authd[115] restart successful
194358 03/21/03 12:35:28 y dvcpsv[121] WatchGuard dvcpsv v6.2.B1292 (C) 1996-2003 WGTI
194368 03/21/03 12:35:28 y dvcpsv[121] Restart succeeded
194378 03/21/03 12:35:28 y iked[124] WARNING - No remote gateways configured
194388 03/21/03 12:35:28 y iked[124] ACTION - To create a VPN, configure a gateway
194398 03/21/03 12:35:28 y firewalld[104] Restarted by 192.168.1.102
194408 03/21/03 12:35:28 y firewalld[104] Logging for allowed ANY service AnyPPTP enabled
194418 03/21/03 12:35:28 y firewalld[104] Logging for allowed ANY service AnyPPTP enabled
194448 03/21/03 12:35:29 y http-proxy[127] WatchGuard http proxy v6.2.B1292 (C) 1996-2003 WGTI WGTI
194458 03/21/03 12:35:29 y dns-proxy[1434] Restarting /opt/bin/dns-proxy
194468 03/21/03 12:35:29 y dns-proxy[126] DNS proxy exited; restarting...
194478 03/21/03 12:35:29 y dns-proxy[4823] No DNS Proxy services configured
194488 03/21/03 12:35:30 y http-proxy[127] Minimum children exceeds Maximum Children-- resetting to 2
194898 03/21/03 12:36:32 n deny in eth0 60 tcp 20 53 204.0.37.100 192.168.1.101 3399 113 syn (default)
194918 03/21/03 12:36:35 n deny in eth0 60 tcp 20 53 204.0.37.100 192.168.1.101 3399 113 syn (default)
195478 03/21/03 12:38:42 n deny in eth0 78 udp 20 111 200.44.22.140 192.168.1.101 1027 137 (default)
195498 03/21/03 12:38:42 n deny in eth0 78 udp 20 111 200.44.22.140 192.168.1.3 1027 137 (default)
195608 03/21/03 12:39:25 y http-proxy[4826] getredirname: can't find filter rule
195648 03/21/03 12:39:25 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
195678 03/21/03 12:39:32 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
195808 03/21/03 12:39:43 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
195908 03/21/03 12:40:07 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
195948 03/21/03 12:40:16 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196008 03/21/03 12:40:22 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196128 03/21/03 12:40:34 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196268 03/21/03 12:40:55 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
196288 03/21/03 12:40:58 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196348 03/21/03 12:41:15 y http-proxy[4825] getredirname: can't find filter rule
196518 03/21/03 12:41:46 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196558 03/21/03 12:41:59 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
196708 03/21/03 12:42:50 y http-proxy[4826] [192.168.1.62:1072 192.168.1.2:80/aol/discover.xml] Error while sending/receiving: Can't receive data from server (Connection timed out)
196768 03/21/03 12:42:50 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196888 03/21/03 12:43:03 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
196988 03/21/03 12:43:41 y http-proxy[4826] [192.168.1.62:1073 192.168.1.2:80/aol/discover.xml] Error while sending/receiving: Can't receive data from server (Connection timed out)
197158 03/21/03 12:43:54 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
197218 03/21/03 12:44:07 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
197308 03/21/03 12:44:32 y http-proxy[4826] getredirname: can't find filter rule
197448 03/21/03 12:44:58 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
197488 03/21/03 12:45:11 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
197518 03/21/03 12:45:23 y http-proxy[4826] [192.168.1.62:1082 192.168.1.2:80/aol/discover.xml] Error while sending/receiving: Can't receive data from server (Connection timed out)
197638 03/21/03 12:46:02 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
197698 03/21/03 12:46:15 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
197778 03/21/03 12:46:25 y firewalld[104] Putting file wg.cfg (from 192.168.1.102)
197788 03/21/03 12:46:26 y firewalld[104] File synchronization completed
197798 03/21/03 12:46:27 y validator[103] Loading PKI Objects
197808 03/21/03 12:46:27 y validator[103] Validator daemon is unable to load PKI objects - Daemon runs in limited mode
197818 03/21/03 12:46:27 y authd[115] restart successful
_____________________________________
http-proxy[4825] getredirname: can't find filter rule
appears to possibly be the error, but why?
Thanks for any help.
Tom
__________________________________
194298 03/21/03 12:35:26 y firewalld[104] Putting file wg.cfg (from 192.168.1.102)
194308 03/21/03 12:35:28 y firewalld[104] File synchronization completed
194328 03/21/03 12:35:28 y validator[103] Loading PKI Objects
194338 03/21/03 12:35:28 y validator[103] Validator daemon is unable to load PKI objects - Daemon runs in limited mode
194348 03/21/03 12:35:28 y authd[115] restart successful
194358 03/21/03 12:35:28 y dvcpsv[121] WatchGuard dvcpsv v6.2.B1292 (C) 1996-2003 WGTI
194368 03/21/03 12:35:28 y dvcpsv[121] Restart succeeded
194378 03/21/03 12:35:28 y iked[124] WARNING - No remote gateways configured
194388 03/21/03 12:35:28 y iked[124] ACTION - To create a VPN, configure a gateway
194398 03/21/03 12:35:28 y firewalld[104] Restarted by 192.168.1.102
194408 03/21/03 12:35:28 y firewalld[104] Logging for allowed ANY service AnyPPTP enabled
194418 03/21/03 12:35:28 y firewalld[104] Logging for allowed ANY service AnyPPTP enabled
194448 03/21/03 12:35:29 y http-proxy[127] WatchGuard http proxy v6.2.B1292 (C) 1996-2003 WGTI WGTI
194458 03/21/03 12:35:29 y dns-proxy[1434] Restarting /opt/bin/dns-proxy
194468 03/21/03 12:35:29 y dns-proxy[126] DNS proxy exited; restarting...
194478 03/21/03 12:35:29 y dns-proxy[4823] No DNS Proxy services configured
194488 03/21/03 12:35:30 y http-proxy[127] Minimum children exceeds Maximum Children-- resetting to 2
194898 03/21/03 12:36:32 n deny in eth0 60 tcp 20 53 204.0.37.100 192.168.1.101 3399 113 syn (default)
194918 03/21/03 12:36:35 n deny in eth0 60 tcp 20 53 204.0.37.100 192.168.1.101 3399 113 syn (default)
195478 03/21/03 12:38:42 n deny in eth0 78 udp 20 111 200.44.22.140 192.168.1.101 1027 137 (default)
195498 03/21/03 12:38:42 n deny in eth0 78 udp 20 111 200.44.22.140 192.168.1.3 1027 137 (default)
195608 03/21/03 12:39:25 y http-proxy[4826] getredirname: can't find filter rule
195648 03/21/03 12:39:25 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
195678 03/21/03 12:39:32 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
195808 03/21/03 12:39:43 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
195908 03/21/03 12:40:07 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
195948 03/21/03 12:40:16 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196008 03/21/03 12:40:22 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196128 03/21/03 12:40:34 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196268 03/21/03 12:40:55 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
196288 03/21/03 12:40:58 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196348 03/21/03 12:41:15 y http-proxy[4825] getredirname: can't find filter rule
196518 03/21/03 12:41:46 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196558 03/21/03 12:41:59 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
196708 03/21/03 12:42:50 y http-proxy[4826] [192.168.1.62:1072 192.168.1.2:80/aol/discover.xml] Error while sending/receiving: Can't receive data from server (Connection timed out)
196768 03/21/03 12:42:50 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
196888 03/21/03 12:43:03 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
196988 03/21/03 12:43:41 y http-proxy[4826] [192.168.1.62:1073 192.168.1.2:80/aol/discover.xml] Error while sending/receiving: Can't receive data from server (Connection timed out)
197158 03/21/03 12:43:54 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
197218 03/21/03 12:44:07 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
197308 03/21/03 12:44:32 y http-proxy[4826] getredirname: can't find filter rule
197448 03/21/03 12:44:58 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
197488 03/21/03 12:45:11 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
197518 03/21/03 12:45:23 y http-proxy[4826] [192.168.1.62:1082 192.168.1.2:80/aol/discover.xml] Error while sending/receiving: Can't receive data from server (Connection timed out)
197638 03/21/03 12:46:02 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1073 syn ack (blocked site)
197698 03/21/03 12:46:15 n deny in eth0 44 tcp 20 30 192.168.1.2 192.168.1.62 80 1072 syn ack (blocked site)
197778 03/21/03 12:46:25 y firewalld[104] Putting file wg.cfg (from 192.168.1.102)
197788 03/21/03 12:46:26 y firewalld[104] File synchronization completed
197798 03/21/03 12:46:27 y validator[103] Loading PKI Objects
197808 03/21/03 12:46:27 y validator[103] Validator daemon is unable to load PKI objects - Daemon runs in limited mode
197818 03/21/03 12:46:27 y authd[115] restart successful
_____________________________________
http-proxy[4825] getredirname: can't find filter rule
appears to possibly be the error, but why?
Thanks for any help.
Tom
- Thread starter
- #8
- Thread starter
- #10
Someone finally called me from Watchguard and had me do some tests as they were monitoring my logs. It appears that they do have some bug or problem with the latest webblocker update. They are not sure what it is though. They said they would try to give me an update sometime this next week. So, at least it's not just me, and they are aware of it.
- Thread starter
- #12
We installed it on a different server and now it is working again. I have no idea why it just wouldn't work on a particular server. One of the effects was the error: getredirname: can't find filter. Watchguard could not figure it out. They put the case on the back burner due to the fact that I did not have any more time to play with it. I just had to get it up and going.
Make sure logging is working on your server and that you download the latest Web Blocker database. There has been a change in format and the old database will not work with 6.2.
Sorry, i can't be much help.
Tom
Make sure logging is working on your server and that you download the latest Web Blocker database. There has been a change in format and the old database will not work with 6.2.
Sorry, i can't be much help.
Tom
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question