Intermittent access to web server on 8080

woodt · 12-15-2009, 08:47 PM

Greetings!

I am experiencing a strangely intermittent access issue to an external web server running on port 8080 through my Untangle 7.01 open source package machine (a couple of different Untangles on different networks actually). It seems that soon after the initial access takes place to this server (an IP camera streaming video) that the image freezes and no further contact to the camera can be made. Until I reboot the Untangle box, I can no longer access the camera from any machine inside my LAN.

I've scoured the Untangle box and can't find any rules that would allow or disallow. The intermittent nature of the access would lead me to think that the Attack Blocker is somehow to blame. However, turning it off doesn't fix the problem. In fact, I can shut every rack down (all except the reports rack) and the issue still persists.

How can I track this issue down? I even reinstalled a fresh Untangle box tonight. Access to the camera worked fine until some point during the installation of the open source package, at which time my access to the camera stopped. This is a fresh install, nothing yet configured with the rack, and yet I no longer can get access to the camera. I've looked at every rule on every rack, and scoured all the iptables settings to no avail. Netstat doesn't reveal anything running on port 8080 that would potentially interfere.

I know the camera is up and running. I can hit it at will through either a Verizon or Sprint wireless card. Anyone got a clue as to what to check next?

Thanks!

sky-knight · 12-15-2009, 08:53 PM

Are you certain it isn't the camera? I have several web cam items and surveillance packages that do this sort of thing if you hit them with IE8.

woodt · 12-15-2009, 09:11 PM

Quote:

Originally Posted by sky-knight

Are you certain it isn't the camera? I have several web cam items and surveillance packages that do this sort of thing if you hit them with IE8.

This is an Axis camera, some of the best IP-based camera gear I've ever worked with. It's not the camera. As I stated above, I can hit the camera all day long except through an Untangle box. I've literally sat on the camera for days at a time with the exact same configuration I have now, except for the Untangle box. And it matter not which browser or operating system I hit it with.

Thanks anyway!

woodt · 12-15-2009, 09:13 PM

I've narrowed the problem down to the Firewall rack. As soon as I turned it on with this fresh install, the camera streaming stopped. Turning the rack back off didn't help. I'm guessing it has something to do with not properly reverting all rules and/or policies when turning it off.

This is a box-stock Firewall rack too. I've changed nothing with it.

Ideas?

sky-knight · 12-15-2009, 09:35 PM

Well the Firewall module doesn't block anything by default... the only thing I can think of is the UVM itself. The Firewall module will reset the UVM when you power cycle it, while resetting there are a few moments when sessions will go through Untangle without actually hitting the filter.

At this point I'd be looking at TCPDumps to see where the error falls, without any rack modules even installed.

Finally, just to eliminate something... go into the AV module and enable HTTP resume. Some streams use that feature.

woodt · 12-15-2009, 09:54 PM

Quote:

Originally Posted by sky-knight

Well the Firewall module doesn't block anything by default... the only thing I can think of is the UVM itself. The Firewall module will reset the UVM when you power cycle it, while resetting there are a few moments when sessions will go through Untangle without actually hitting the filter.

At this point I'd be looking at TCPDumps to see where the error falls, without any rack modules even installed.

Finally, just to eliminate something... go into the AV module and enable HTTP resume. Some streams use that feature.

I just checked the Virus Blocker rack settings and I do have "Disable HTTP Resume" checked. That needs to be unchecked for another reason (DirecTV won't do on-demand with that on), but that seems to have nothing to do with my camera access issue. Only when I turn on the Firewall module does the stream stop. Then I have to reboot the Untangle box to get the streaming from the camera to work again.

I've looked at the tcpdump output, monitoring the external interface for any traffic to the camera. The flow stops when I enable the Firewall rack, requiring an Untangle reboot.

I still think that the firewall rules that are applied at rack start are not being fully backed out when it's turned off. I'll test that tomorrow. It's late here.

Thanks!

12-15-2009, 08:47 PM	#1 (permalink)
woodt Newbie Join Date: Jan 2009 Posts: 7	Intermittent access to web server on 8080 Greetings! I am experiencing a strangely intermittent access issue to an external web server running on port 8080 through my Untangle 7.01 open source package machine (a couple of different Untangles on different networks actually). It seems that soon after the initial access takes place to this server (an IP camera streaming video) that the image freezes and no further contact to the camera can be made. Until I reboot the Untangle box, I can no longer access the camera from any machine inside my LAN. I've scoured the Untangle box and can't find any rules that would allow or disallow. The intermittent nature of the access would lead me to think that the Attack Blocker is somehow to blame. However, turning it off doesn't fix the problem. In fact, I can shut every rack down (all except the reports rack) and the issue still persists. How can I track this issue down? I even reinstalled a fresh Untangle box tonight. Access to the camera worked fine until some point during the installation of the open source package, at which time my access to the camera stopped. This is a fresh install, nothing yet configured with the rack, and yet I no longer can get access to the camera. I've looked at every rule on every rack, and scoured all the iptables settings to no avail. Netstat doesn't reveal anything running on port 8080 that would potentially interfere. I know the camera is up and running. I can hit it at will through either a Verizon or Sprint wireless card. Anyone got a clue as to what to check next? Thanks!

12-15-2009, 08:53 PM	#2 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 7 Posts: 9,951	Are you certain it isn't the camera? I have several web cam items and surveillance packages that do this sort of thing if you hit them with IE8. __________________ Intouch Technology Rob Sandling, BS:SWE, MCP Office: 480-272-9889 rob@intouchtechllc.com

12-15-2009, 09:35 PM	#5 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 7 Posts: 9,951	Well the Firewall module doesn't block anything by default... the only thing I can think of is the UVM itself. The Firewall module will reset the UVM when you power cycle it, while resetting there are a few moments when sessions will go through Untangle without actually hitting the filter. At this point I'd be looking at TCPDumps to see where the error falls, without any rack modules even installed. Finally, just to eliminate something... go into the AV module and enable HTTP resume. Some streams use that feature. __________________ Intouch Technology Rob Sandling, BS:SWE, MCP Office: 480-272-9889 rob@intouchtechllc.com

12-15-2009, 09:13 PM	#4 (permalink)
woodt Newbie Join Date: Jan 2009 Posts: 7	I've narrowed the problem down to the Firewall rack. As soon as I turned it on with this fresh install, the camera streaming stopped. Turning the rack back off didn't help. I'm guessing it has something to do with not properly reverting all rules and/or policies when turning it off. This is a box-stock Firewall rack too. I've changed nothing with it. Ideas?